- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 20-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Title:
==
Adobe Web-Site Persistence XSS
Status:
Unpatched
Details:
1. Signin to adobe.com
2. Go to My information
3. Change Screen Name to
'scriptalert(xss); or 'scriptalert(xss);
4. Go to My adobe
@Asish (asishagarwa...@gmail.com)
Title
-
DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle
Directory Traversal [CVE-2011-1359]
Severity
High
Date Discovered
---
July 28, 2011
Discovered By
-
Digital Defense, Inc. Vulnerability Research Team
Credit: Javier
Is this stuff for real?
http://www.foofus.net/?p=468
At least it's not XSS.
t.doc
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
The main thing is that the security division at facebook probably runs
the bug hunting page (as with everywhere else, which does make a decent
bit of sense). And, if you spot bugs before they do, then that looks
bad on them (internally at the company and externally to the world).
So, it is
nice speculation, but imo it would make them look more bad, if they turn
down the reports, because it will come back to them (either via the
publication like in this case, or just simply someone exploiting it).
so while I don't have personal experience working with the facebook
security team, but
Is this stuff for real?
http://www.foofus.net/?p=468
Yes indeed.
Face Book is trying to save its face. It's typical.
I got the same answer from SonicWALL one year ago when discovered that simple
internal network scanning (Nessus, Nmap, etc.) brings down entire network. The
firewall internal TCP connections stack was overloaded within a few seconds
(IPS is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:162
http://www.mandriva.com/security/
Yes to a certain degree its all about Saving FACE. .. however FB's
30member integrity team is only bothered about how to manage the vectors
that have been primed to protect.
FB is the largest network protected .. (YES big word Protected !! / they
have over 25B checks per day and reaching upto
On Tue, 01 Nov 2011 14:00:42 BST, Ferenc Kovacs said:
nice speculation, but imo it would make them look more bad, if they turn
down the reports, because it will come back to them (either via the
publication like in this case, or just simply someone exploiting it).
So exactly how big a hit did
Information
Name : XSS and SQL Injection Vulnerabilities on Symphony CMS
Software : Symphony CMS 2.2.3 and possibly below
Vendor Homepage : http://symphony-cms.com
Vulnerability Type : Cross-Site Scripting and SQL Injection
Severity : Critical
Researcher : Mesut Timur
Information
-
Name : XSS Vulnerabilities in eFront
Software : eFront 3.6.10 build 11944 and possibly below.
Vendor Homepage : http://efrontlearning.net/
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Canberk Bolat
Advisory Reference :
Title:
==
Prosieben Community Website - Persistent Script Code Inject
Date:
=
2011-10-31
References:
===
http://www.vulnerability-lab.com/get_content.php?id=306
VL-ID:
=
306
Abstract:
=
The Vulnerability Lab Research Team discovered a persistent script code
Hey great read,
very true, there is way too little money in this area, but thats
what i am hoping to change, albeit pinch per punch and company by
company, slowly if more people turn to some ideals that you must
atleast know how to make the exploit and then how to debug it enough,
then to
I sort of have to agree with this, as I earlier stated, FB somehow
seems to affect even those who dont use it (like me), but all my
family, and theyre friends and theyre friends, as i know, neary
everyone i know uses it but me!
I guess this is why I am abit peeved at theyre offer of 500bux for a
March 8 is the 67th day of the year (68th in leap years) in the
Gregorian calendar. There are 298 days remaining until the end of the
year.
I doubt thats what you mean but eh ;)
On 2 November 2011 02:58, valdis.kletni...@vt.edu wrote:
On Tue, 01 Nov 2011 14:00:42 BST, Ferenc Kovacs said:
Sounds great thx :)
Is maybe abit of this chatter wich aids them to see how important it
is to link to the community who find 99.9% of bugs i am glad to
see *any* expansions within any corporation, it means they are atleast
listening to those who know better maybe than they do... but theyre
On Tue, Nov 1, 2011 at 4:14 PM, Marsh Ray ma...@extendedsubset.com wrote:
...
I want an excuse to buy a smokin new video card as much as the next guy, but
if anyone ever bothered to look at the protocol they'd realize the attacker
doesn't actually need to do any crypto.
i don't want to use 20
On 10/31/2011 05:37 PM, coderman wrote:
what i really want to know!
when does thc-ssl-dos get GPU support?
I want an excuse to buy a smokin new video card as much as the next guy,
but if anyone ever bothered to look at the protocol they'd realize the
attacker doesn't actually need to do any
20 matches
Mail list logo