-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
VMware Security Advisory
Advisory ID: VMSA-2013-0010
Synopsis:VMware Workstation host privilege escalation vulnerability
Issue date: 2013-08-22
Updated o
On 2013-08-22, at 12:02, Ryan Dewhurst wrote:
> I presume you could use CSRF and then XMLHttpRequest to set the
> X-Forwarded-For and
> User-Agent header.
XMLHttpRequest cannot set those headers for a cross-origin request. So you
could only attack your own site that way.
I presume you could use CSRF and then XMLHttpRequest to set the
X-Forwarded-For and
User-Agent header.
The user would not need to modify anything, just visit a page that you
control/ed.
On Thu, Aug 22, 2013 at 8:43 PM, wrote:
> **
>
> That's a nice trick and all, but I don't see how it's valua
That's a nice trick and all, but I don't see how it's valuable. In order to
trigger the XSS you
need to modify your browser headers, therefore any victim who you are trying to
get to a
page to execute your XSS would need to also modify THEIR browser headers. I
don't see
how this is any thing
Severity: Important
Vendor: Spring by Pivotal
Versions Affected:
- 3.0.0 to 3.2.3 (Spring OXM & Spring MVC)
- 4.0.0.M1 (Spring OXM)
- 4.0.0.M1-4.0.0.M2 (Spring MVC)
- Earlier unsupported versions may also be affected
Description:
The Spring OXM wrapper did not expose any property for disabling e
Details below of an XSS vulnerability I discovered in Cloudflare (markdown
format)
- Glenn | /dev/alias
* http://blog.devalias.net
* http://devalias.net
-
**Reference Number:** DAHAX-2013-001 (/dev/alias/hacks 2013-001)
**Notification Timeline:**
* 10/07/2013, Request# 38713 (
https://supp
0. Introduction
Vendor description:
The JOAL Project hosts a reference implementation of the Java
bindings for OpenAL API,
and is designed to provide hardware-supported 3D specialized audio
for games written in Java.
1. Affected software
JOAL 2.0-rc11
2. Vulnerability
FuzzMy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:215
http://www.mandriva.com/en/support/security/
__
waz up!
It's my LKM stuff in 2004 with on efnet
I designed the LKM for a linux kernel protection
It's just an project release unnecessary!
see the manual firstly, Interesting!
x90c
syswatch_0.0.2.tgz
Description: GNU Zip compressed data
___
Full-Discl