-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0033 Session fixation still possible with disableURLRewriting
enabled
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 6.0.33 to 6.0.37
Description:
Previous fixes to path parameter handling [1]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5
- - Apache Tomcat 7.0.0 to 7.0.47
- - Apache Tomcat 6.0.0 to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1
- - Apache Tomcat 7.0.0 to 7.0.42
- - Apache Tomcat 6.0.0 to 6.0.37
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-4590 Information disclosure via XXE when running untrusted web
applications
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5
- - Apache Tomcat 7.0.0 to 7.0.47
- - Apache
Document Title:
===
Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass Persistent Web
Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1069
Barracuda Networks Security ID (BNSEC): BNSEC-2069
Release Date:
Document Title:
===
Private Camera Pro v5.0 iOS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1216
Release Date:
=
2014-02-24
Vulnerability Laboratory ID (VL-ID):
Advisory: McAfee ePolicy Orchestrator XML External Entity Expansion in
Dashboard
RedTeam Pentesting identified an XML external entity expansion
vulnerability in McAfee ePolicy Orchestrator's (ePO) dashboard feature.
Users with the ability to create new dashboards in the ePO web
Microsoft has responded to my report to sec...@microsoft.com and I can now
disclose what I found.
There is a minor bug on the MS Server 2008 DNS service that responds
with the list of all root servers when queried for non-authoritative
domains, EVEN when recursion is set to OFF. This allows
On Mon, Feb 24, 2014 at 09:39:37PM -0400, Pedro Luis Karrasquillo wrote:
Microsoft has responded to my report to sec...@microsoft.com and I can now
disclose what I found.
If they didn't respond you can't disclose it?
This appears quite profitable for them.
--
f.ck ..em
How to teach hacking in school and open up education:
https://opensource.com/education/14/2/teach-hacking-schools-open-education
Sincerely,
-pete.
--
Pete Herzog - Managing Director - p...@isecom.org
ISECOM - Institute for Security and Open Methodologies
Need impartial, expert advice? Request
Hello list!
These are Denial of Service, XML Injection, Cross-Site Scripting, Full path
disclosure and Insufficient Anti-automation vulnerabilities in Joomla-Base.
This is package of Joomla with different plugins (with their
vulnerabilities).
These vulnerabilities are in Google Maps plugin
I, for one, believe lumberjack skills are a must have for anyone entering the
workforce today. The ability to hack trees down swiftly and efficiently is
something i am not willing to train my employees to do. I fully expect our
school systems to cover this in enough detail that, as an employer,
Wut? This isn't about golf?
On 2/25/2014 1:39 PM, Brandon Perry wrote:
I, for one, believe lumberjack skills are a must have for anyone entering the
workforce today. The ability to hack trees down swiftly and efficiently is
something i am not willing to train my employees to do. I fully
Horse riding around schools won't be allowed, if they wouldn't let me bring
a paintball gun in, they won't allow this.
On 25 Feb 2014 18:19, Pete Herzog li...@isecom.org wrote:
How to teach hacking in school and open up education:
14 matches
Mail list logo