High Risk Vulnerability in Websense Triton
15 December 2011
Ben Williams of NGS Secure has discovered a High risk vulnerability in Websense
Impact: Authentication bypass
Versions affected include:
Websense Web Security Gateway Anywhere v7.6
Websense Web Security Gateway v7.6
Websense Web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:187
http://www.mandriva.com/security/
Medium Risk Vulnerability in Websense Triton
15 December 2011
Ben Williams of NGS Secure has discovered a Medium risk vulnerability in
Websense
Impact: Reflected XSS
Versions affected include:
Websense Web Security Gateway Anywhere v7.6
Websense Web Security Gateway v7.6
Websense Web
Critical Vulnerability in Websense Triton
15 December 2011
Ben Williams of NGS Secure has discovered a Critical vulnerability in Websense
Impact: Unauthenticated remote command execution as SYSTEM
Versions affected include:
Websense Web Security Gateway Anywhere v7.6
Websense Web Security
High risk Vulnerability in Websense Triton
15 December 2011
Ben Williams of NGS Secure has discovered a High risk vulnerability in Websense
Impact: Stored XSS
Versions affected include:
Websense Web Security Gateway Anywhere v7.6
Websense Web Security Gateway v7.6
Websense Web Security v7.6
Advisory: Owl Intranet Engine: Authentication Bypass
During a penetration test, RedTeam Pentesting discovered an
Authentication Bypass vulnerability in the Owl Intranet Engine, which
allows unauthenticated users administrative access to the affected
systems.
Details
===
Product: Owl
Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password
Hashes
The Owl Intranet Engine uses no salting in the password hashing
procedure. Furthermore, users in the Administrators group are able to
see the MD5 password hashes of every user using the web interface.
Details
Folks,
We've just published a new IETF I-D entitled A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC).
The abstract of the I-D is:
cut here
This document specifies a method for generating IPv6 Interface
Identifiers to
Folks,
We have published two new IETF I-Ds about fragmentation related security
issues. They mostly focus on the countermeasures/mitigations, but it
should be pretty obvious how you can exploit some of these vectors
against e.g. otherwise *unfragmented* traffic (i.e., you should at the
very least