The Apache Struts group is pleased to announce that Struts 2.3.14.3 is
available as a General Availability release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
SEC Consult Vulnerability Lab Security Advisory 20130605-0
===
title: Multiple vulnerabilities in CTERA Portal
product: CTERA Portal
vulnerable version: 3.1
fixed version: 3.2
impact
Please keep headers intact.
Engineered by Kingcope
Copyright (C)2013 Kingcope
pleskwwwzeroday.rar
Description: application/rar
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
Hello,
I have found a XSS bug in www.paypal.com domain,
it could be used to inject any code in the context of user browser.
It can be used to steal cookies of paypal users, fishing attacks, java
execution, etc.
The parameter on0 is vulnerable to XSS.
Here is the POC code:
View online: https://drupal.org/node/2012982
* Advisory ID: DRUPAL-SA-CONTRIB-2013-051
* Project: Services [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2013-June-05
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Request
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Xpient Cash Drawer Operation Vulnerability
1. *Advisory Information*
Title: Xpient Cash Drawer Operation Vulnerability
Advisory ID: CORE-2013-0517
Advisory URL:
Sorry for improper reply; was not a member of the list until today so I
didn't have the original email to reply to.
As best I can tell, this exploit only works on very specific configurations
that may or may not actually be related to Plesk; I'm not able to tell
because I have not found a version
Which user cookies can you steal?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
( . )
`) (
. ' . ' `.
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( _ ) Y Y \
/__ /\___|__ / \___
Hi,
it seems to be patched now
Cheers,
Daniel Preussker
[ Security Consultant, Network Protocol Security and Cryptography
[ LPI Novell Certified Linux Engineer and Researcher
[ +49 178 600 96 30
[ dan...@preussker.net
[ http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x87E736968E490AA1
10 matches
Mail list logo