if your industry lacks meaningful measurements,
is devoid of independent, accurate, assessments,
your industry has no good signals.
---
"No college,huh?"
"How many PhD's do you have?"
- someone selling security using credentials rather than capabilities
as a signal.
---
https://www.schneie
Confirmed working, however it can only overwrite environment variables
whose name is all capital, you can't overwrite Path.
So, you can overwrite CONTENT_LENGTH, which may trigger buffer overflow in
some applications that depends on this variable to allocate buffer, or have
the application allocat
Hello list!
In 2011 and beginning of 2012 I wrote about multiple vulnerabilities
(http://securityvulns.ru/docs27440.html,
http://securityvulns.ru/docs27677.html,
http://securityvulns.ru/docs27676.html) in D-Link DAP 1150 (several dozens).
That time I wrote about vulnerabilities in admin panel
On Wed, 2014-04-16 at 12:25 +0200, Reindl Harald wrote:
> Am 16.04.2014 08:39, schrieb Davide Davini:
> > YiFei Yang wrote:
> >> It is a bug affecting IIS4/5 using CGI on Windows NT/2000. Microsoft is
> >> aware of it and won't fix it.
> >
> > Is there any workaround this bug? I might be slow but
Hello list!
These are Content Spoofing and Cross-Site Scripting vulnerabilities in
CU3ER. Which I found in October 2013 at one web site. This is popular flash
file and in Google's index there are up to million web sites with it (near
106 sites in October, now near 717000 sites).
In last year
Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14
Date: 4/15/2014
Author: Larry W. Cashdollar, @_larry0
CVE: 2014-2888
Download: http://rubygems.org/gems/sfpagent
Vulnerability
The list variable generated from the user supplied JSON[body] input is passed
directly to the system() she
