[Full-disclosure] [ANN] Struts 2.3.14.3 GA (fast-track) release available

The Apache Struts group is pleased to announce that Struts 2.3.14.3 is available as a General Availability release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[Full-disclosure] SEC Consult SA-20130605-0 :: Multiple vulnerabilities in CTERA Portal

SEC Consult Vulnerability Lab Security Advisory 20130605-0 === title: Multiple vulnerabilities in CTERA Portal product: CTERA Portal vulnerable version: 3.1 fixed version: 3.2 impact

[Full-disclosure] Plesk Apache Zeroday Remote Exploit

Please keep headers intact. Engineered by Kingcope Copyright (C)2013 Kingcope pleskwwwzeroday.rar Description: application/rar ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored

[Full-disclosure] XSS in www.paypal.com

Hello, I have found a XSS bug in www.paypal.com domain, it could be used to inject any code in the context of user browser. It can be used to steal cookies of paypal users, fishing attacks, java execution, etc. The parameter on0 is vulnerable to XSS. Here is the POC code:

[Full-disclosure] [Security-news] SA-CONTRIB-2013-051 - Services - Cross site request forgery (CSRF)

View online: https://drupal.org/node/2012982 * Advisory ID: DRUPAL-SA-CONTRIB-2013-051 * Project: Services [1] (third-party module) * Version: 6.x, 7.x * Date: 2013-June-05 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Request

[Full-disclosure] CORE-2013-0517 - Xpient Cash Drawer Operation Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Xpient Cash Drawer Operation Vulnerability 1. *Advisory Information* Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:

Re: [Full-disclosure] Plesk Apache Zeroday Remote Exploit

Sorry for improper reply; was not a member of the list until today so I didn't have the original email to reply to. As best I can tell, this exploit only works on very specific configurations that may or may not actually be related to Plesk; I'm not able to tell because I have not found a version

Re: [Full-disclosure] XSS in www.paypal.com

Which user cookies can you steal? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Microsoft Internet Explorer textNode Use-After-Free

( . ) `) ( . ' . ' `. (, ) (, . `.' ) ('.', ). , ('. ( ) ( (_,) .`), ) _ _, / _/ / _ \ _ \ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ |\\ \__( _ ) Y Y \ /__ /\___|__ / \___

Re: [Full-disclosure] XSS in www.paypal.com

Hi, it seems to be patched now Cheers, Daniel Preussker [ Security Consultant, Network Protocol Security and Cryptography [ LPI Novell Certified Linux Engineer and Researcher [ +49 178 600 96 30 [ dan...@preussker.net [ http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x87E736968E490AA1