Re: [Full-disclosure] XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony

Imma let you finish, but this: http://securityreactions.tumblr.com/post/35703074237/mustlive-has-posted-a-new-xss-technique Nah, I lied. Don't bother finishing. -- chort On Nov 21, 2012, at 10:35 AM, MustLive wrote: > Hello list! > > I will draw your attention to XSS vulnerability _

[Full-disclosure] XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony

Hello list! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in AionWeb, Magento, Liferay Portal, SurgeMail, symfony and that this hole is available in many other web applications. In previous letters I've wrote concernin

[Full-disclosure] [ MDVSA-2012:173 ] firefox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:173 http://www.mandriva.com/security/ _

Re: [Full-disclosure] phpmyadmin compromised?

Not a compromise.Please check the encoding. Refrsh the page again and it should work Regards Aditya Balapure Sent on my BlackBerry® from Vodafone -Original Message- From: Lucio Crusca Sender: full-disclosure-boun...@lists.grok.org.uk Date: Mon, 19 Nov 2012 17:45:56 To: Subject: [Full-

[Full-disclosure] webubs.com and prioritymeter.com; multiple security issues

webubs.com and prioritymeter.com are utility billing service companies. They do not take security seriously. Then have hundreds of thousands of customers. All their customer data is exposed to anyone that logs into the portal via numerous site security flaws such as: Direct Object Reference (see so

[Full-disclosure] NutriSystem.com stores passwords in database using plaintext

#warning ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] phpmyadmin compromised?

This. As I recall this happened after changing the "Secret Key". I've also see this happen after a major upgrade, likely due to the same reason. Best of luck, ~k On Mon, 2012-11-19 at 17:51 +0100, Christian Sciberras wrote: > That is not a compromise. It is related to a change in encoding. > Pl

[Full-disclosure] ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities

Title: == ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Date: = 2012-11-15 References: === http://www.vulnerability-lab.com/get_content.php?id=689 VL-ID: = 689 Common Vulnerability Scoring System: 3.5 Introduction: ===

Re: [Full-disclosure] [SE-2012-01] Security vulnerabilities in Java SE (details released)

Hello All, We have updated our project details page and added selected Proof of Concept codes to it that have been developed as part of our Java SE security research. They are available for download from SE-2012-01 project details page. Those willing to better understand Reflection API based abus

[Full-disclosure] Wordpress Facebook Survey v1.0 - SQL Injection Vulnerability

Title: == Wordpress Facebook Survey v1 - SQL Injection Vulnerability Date: = 2012-11-18 References: === http://www.vulnerability-lab.com/get_content.php?id=766 VL-ID: = 766 Common Vulnerability Scoring System: 8.5 Introduction:

[Full-disclosure] LAN.FS Messenger Software v2.4 - Command Execution Vulnerability

Title: == LAN.FS Messenger v2.4 - Command Execution Vulnerability Date: = 2012-11-14 References: === http://www.vulnerability-lab.com/get_content.php?id=760 VL-ID: = 760 Common Vulnerability Scoring System: 8.2 Introduction: ===

[Full-disclosure] SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities

Title: == SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: = 2012-11-19 References: === http://www.vulnerability-lab.com/get_content.php?id=549 VL-ID: = 549 Common Vulnerability Scoring System: 3.5 Introduction: