[ Resubmitting - I think the original post did not go through last
week, but some of the responses did, so probably an accident. ]
---
I think we greatly underappreciate the extent to which JavaScript
allows you to exploit the limits of human perception. On modern
high-performance systems,
VUPEN Security Research - Microsoft Windows Time Behaviour Remote
Use-after-free Vulnerability (MS11-090)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
-
Microsoft Windows is a series of software operating systems
VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer
Overflow Vulnerability (MS11-092)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
-
Microsoft Windows Media Player (WMP) is a media player and
VUPEN Security Research - Adobe Flash Player SAlign Memory Corruption
Vulnerability (CVE-2011-2459)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
-
Adobe Flash Player is a cross-platform browser-based application
VUPEN Security Research - Microsoft Windows datime.dll Remote Code
Execution Vulnerability (MS11-090)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
-
Microsoft Windows is a series of software operating systems and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2363-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
December 16, 2011
Makes sense as a trick to bypass some crappy XSS filters that look
forstrings like javascript:, but I don't think it's a vulnerability
in itself.
On Fri, Dec 16, 2011 at 5:20 PM, Jann Horn jannh...@googlemail.com wrote:
2011/12/15 Bouke van Laethem vanlaet...@gmail.com:
ISSUE:
The base tag
On Fri, Dec 16, 2011 at 9:59 PM, Mario Vilas mvi...@gmail.com wrote:
Makes sense as a trick to bypass some crappy XSS filters that look for
strings like javascript:, but I don't think it's a vulnerability in
itself.
I would consider it a browser bug (although I agree it would mostly be
abused
I see what you mean. But unless it's a vulnerability in itself it's
not a security issue but a violation of standards - which is not such
a bad thing, but just following the principle of being strict in what
you generate and flexible in what you receive, to maximize
compatibility. In fact that
Hey Mario,
Even defending it, I'm still not a 100% sure how (/by whom) this
should be classified/solved, so thanks for your input.
but just following the principle of being strict in what
you generate and flexible in what you receive, to maximize
compatibility.
I agree that is what is
You make good points in the rest of the email. This one, however,
doesn't convince me...
On Sat, Dec 17, 2011 at 1:10 AM, Bouke van Laethem vanlaet...@gmail.com wrote:
Wouldn't you agree that by this definition no XSS is ever a
vulnerability: you are just using the ability to inject HTML in
On Sat, Apr 02, 2011 at 12:31:28AM -0500, security curmudgeon wrote:
CVE-2008-1609 CVE-2006-7128
same issue, 4.0 RC1 and RC2. really guys? at least check VDBs before you
publish.
: Vulnerability ID: HTB22666
: Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Did you
On Mon, Dec 12, 2011 at 01:45:04PM +, a...@irist.ir wrote:
a bug in WordPress flash-album-gallery Plugin that allows to us to occur a
Cross-Site Scripting on a Remote machin.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2364-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
December 18, 2011
Title:
==
Content Papst CMS v2011.2 - Multiple Web Vulnerabilities
Date:
=
2011-12-18
References:
===
http://www.vulnerability-lab.com/get_content.php?id=363
VL-ID:
=
363
Introduction:
=
Contentpapst ist ein leistungsstarkes und sehr flexibles
Title:
==
appRain CMF v0.1.5 - Multiple Web Vulnerabilities
Date:
=
2011-12-17
References:
===
http://www.vulnerability-lab.com/get_content.php?id=362
VL-ID:
=
362
Introduction:
=
appRain is one of the first officially released Opensource Content Management
# Exploit Title: SASHA v0.2.0 Mutiple XSS
# Date: 12/16/11
# Author: G13
# Software Link: http://sourceforge.net/projects/sasha/files/
# Version: 0.2.0
# Category: webapps (php)
#
# Vulnerability #
When adding a new course to the schedule, the application relies on
Client Side
# Exploit Title: PHP Booking Calendar 10e XSS
# Date: 12/16/11
# Author: G13
# Software Link: http://sourceforge.net/projects/bookingcalendar/
# Version: 10e
# Category: webapps (php)
#
# Vulnerability #
The page_info_message varibale in the details_view.php does not
sanitize input.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2365-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
December 18, 2011
** Deadline extended to January 12, 2012 **
(Our apologies if you receive multiple copies of this CFP)
Fifth IFIP International Conference on
New Technologies, Mobility and Security
May 7 - 10, 2012, Istanbul- Turkey
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:190
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:191
http://www.mandriva.com/security/
SEC Consult Vulnerability Lab Security Advisory 20111219-0
===
title: Client-side remote arbitrary file upload
product: SecCommerce SecSigner Java Applet
vulnerable version: 3.5.0 build 2011/11/12
**
Vuln: Path Traversal
Application: Sentinel Log Manager
Vendor: Novell
Version affected: = 1.2.0.1
Website: http://www.novell.com/products/sentinel-log-manager/
Discovered By: Andrea Fabrizi
Email: andrea.fabr...@gmail.com
Web:
Time-Based Blind NoSQL Injection - Detecting server-side JavaScript
injection vulnerabilities
In July 2011, Bryan Sullivan, a senior security researcher at Adobe
Systems, demonstrated server-side JavaScript injection vulnerabilities
in web applications using MongoDB and other NoSQL database
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2366-1 secur...@debian.org
http://www.debian.org/security/Jonathan Wiltshire
December 18, 2011
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Folks,
We have uploaded *part* of the materials of the DEEPSEC 2011 edition of
our training Hacking IPv6 Networks.
The slideware is available at:
http://www.si6networks.com/presentations/deepsec2011/fgont-deepsec2011-hacking-ipv6-networks.pdf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2367-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
December 19, 2011
28 matches
Mail list logo