Re: [Full-disclosure] XSS, LFI and SQL Injection Vulnerabilities in Achievo

2012-11-02 Thread Henri Salo
On Thu, Nov 01, 2012 at 02:12:10PM +0200, Netsparker Advisories wrote: Information Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site

Re: [Full-disclosure] Security risks of doing business with China?

2012-11-02 Thread Seth Arnold
On Thu, Nov 01, 2012 at 08:43:10AM +, Dan Ballance wrote: I greatly respect the collective knowledge about security matters on this list. What do you make of this BBC report? Here in the UK we are seeming happy to do business with China, but other countries are blocking over alleged

[Full-disclosure] PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls

2012-11-02 Thread research
ProCheckUp Research http://procheckup.com/procheckup-labs/pr11-07.aspx PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls Vulnerability found: 3rd May 2011 Vendor informed: 20th July 2011 Vulnerability fixed:

[Full-disclosure] Checkpoint/SofaWare Firewall Vulnerability Research

2012-11-02 Thread research
ProCheckUp Research This is one of a series of papers investigating selected security related hardware, particularly hardware which is commonly found within DMZ’s (DeMilitarised Zones) or protecting the periphery of the DMZ such as firewalls.

[Full-disclosure] n.runs-SA-2012.003 - SPLUNK DoS HashDOS

2012-11-02 Thread security
n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2012.003 02-Nov-2012 Vendors:Splunk Inc., http://www.splunk.com Product:

[Full-disclosure] Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client

2012-11-02 Thread Stefan Kanthak
Hi @ll, http://www.emclient.com/dist/latest/setup.msi, an e-mail client for Windows, distributed with SoftMaker Office 2010 Professional for example, contains and installs the following deprecated and VULNERABLE Microsoft Visual C++ 2008 Runtime DLLs: - msvcm9032File - MSVCM90.DLL version

[Full-disclosure] n.runs-SA-2012.003 - SPLUNK DoS HashDOS

2012-11-02 Thread security
n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2012.003 02-Nov-2012 Vendors:Splunk Inc., http://www.splunk.com Product:

[Full-disclosure] [ MDVSA-2012:170 ] firefox

2012-11-02 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:170 http://www.mandriva.com/security/

[Full-disclosure] Open Letter to the International Information Security Community - Help Brazilian Security Researchers

2012-11-02 Thread Pablo Ximenes
http://ximen.es/?p=733 Open Letter to the International Information Security Community Help Brazilian Security Researchers November 2nd, 2012 - Fortaleza, Brazil Dear Information Security Professional, Student, Evangelist, Researcher, Aficionado, Business Person, or mere Sympathizer, Brazil