I am truly shocked that seemingly, stuff like this needs to be said in
the year of 2013.
Completely right!
I'd have supposed that things like these should be known by *anyone*
doing anything even remotely similar to software development *at least*
since the end of the 8.3 filename era 15
HI all!
I'm part of realpentesting members and although these vulnerability was
published some moths ago, now we can publicity with these CVEs identifiers.
Also you can get more information about the vulnerablities which we
discovered in http://realpentesting.blogspot.com.es/p/advisories.html
Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
References: CVE-2013-5117
Discovered by: Sajjad Pourali
Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/
Vendor advisory:
http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx
(Ticket
Title: DotNetNuke (DNN) Cross-Site Scripting Vulnerability
References: CVE-2013-4649
Discovered by: Sajjad Pourali , Nasser Salim Al-Hadhrami
Vendor http://dnnsoftware.com/
Vendor advisory: http://www.dnnsoftware.com/Platform/Manage/Security-Bulletins
(2013-07)
Vendor contact: 2013-06-23
Vendor
With all due respect, good sir... where's the root cause analysis?
Proof-of-concept files? Anything? Windbg dump doesn't really count as a
proof, you know, since anyone can fake it.
2013/9/2 Pedro Guillen pgn.pedroguil...@gmail.com
HI all!
I'm part of realpentesting members and although
Hello lists,
here you find the analysis of a vulnerability I recently discovered.
Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption
http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/
Additionally it includes a way to drop
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2749-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
September 02, 2013
It's possible to do a permanent XSS injection on the campus-party.eu
website.
For this when you register in the website through
https://www.campus-party.eu/webapp/participante/personalData?to= you
need to put your code in the name field taking into account that it will
be converted into caps when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:224
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:225
http://www.mandriva.com/en/support/security/
TITLE:Remote Command Injection in fog-dragonfly-0.8.2 Ruby GemCredit: Larry W. Cashdollar, @_larry0Date: 8/16/2013CVE: 2013-5671Download: https://rubygems.org/gems/fog-dragonflyDescription:"Dragonfly is an on-the-fly Rack-based image handling framework. It is suitable for use with Rails, Sinatra
11 matches
Mail list logo