NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI

High Risk Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a High risk vulnerability in Websense Impact: Authentication bypass Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security Gateway v7.6 Websense Web

[ MDVSA-2011:187 ] php-pear

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:187 http://www.mandriva.com/security/

NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI

Medium Risk Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a Medium risk vulnerability in Websense Impact: Reflected XSS Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security Gateway v7.6 Websense Web

NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM

Critical Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a Critical vulnerability in Websense Impact: Unauthenticated remote command execution as SYSTEM Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security

NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI

High risk Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a High risk vulnerability in Websense Impact: Stored XSS Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security Gateway v7.6 Websense Web Security v7.6

[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass

Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details === Product: Owl

[RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes

Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes The Owl Intranet Engine uses no salting in the password hashing procedure. Furthermore, users in the Administrators group are able to see the MD5 password hashes of every user using the web interface. Details

New IETF I-D on Stable Privacy Addresses

Folks, We've just published a new IETF I-D entitled A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC). The abstract of the I-D is: cut here This document specifies a method for generating IPv6 Interface Identifiers to

New IETF I-Ds on Fragmentation-related security issues

Folks, We have published two new IETF I-Ds about fragmentation related security issues. They mostly focus on the countermeasures/mitigations, but it should be pretty obvious how you can exploit some of these vectors against e.g. otherwise *unfragmented* traffic (i.e., you should at the very least