[MajorSecurity Advisory #59]PHP =5.3 - mysqli_real_escape_string() full
path disclosure
Details
===
Product: PHP =5.3
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.php.net/
Vendor-Status: informed
Advisory-Status: published
Credits
Discovered by: David
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-044
Application:EnjoySAP, SAP GUI for Windows 6.4 and 7.1
Versions Affected: Tested on 7100.2.7.1038 PL 7
Vendor URL: http://SAP.com
Bugs:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA-1897-1secur...@debian.org
http://www.debian.org/security/ Nico Golde
September 28th, 2009
Alex, it isn't a new technique in web-application security. If you queried
Google, or did some research on recent (2007) Blackhat talks, you'll probably
noticed that this is very well known and understood technique. Even Charles
Miller talked about it (on the OSX Safari exploits). So the claim
Hi!
iPod/iPhone standard e-mail application does not validate SSL certificates
and is vulnerable to a MITM (man in the middle attack).
Vulnerable: All versions.
Well... mujmail.org email client also does not validate ssl
cerificates -- optionaly. Reasoning is that SSL with unverified
[MajorSecurity Advisory #57]PHP =5.3 - preg_match() full path disclosure
Details
===
Product: PHP =5.3
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.php.net/
Vendor-Status: informed
Advisory-Status: published
Credits
Discovered by: David Vieira-Kurz
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-043
Application:EAI WebViewer2D (EnjoySAP, SAP GUI for Windows
6.4 and 7.1)
Versions Affected: Tested on 7100.2.7.1038 PL 7
Vendor URL: http://SAP.com
Bugs:
ShineShadow Security Report 28092009-10
TITLE
Local privilege escalation vulnerability in Trustport security software
BACKGROUND
TrustPort is a major producer of software solutions for secure communication
and reliable data protection. TrustPort products are characterized by a
Hello Bugtraq!
I want to warn you about Insufficient Anti-automation and Cross-Site
Scripting vulnerabilities in E107. I found XSS holes in October 2006 and
Insufficient Anti-automation in November 2007, and disclosed them at
30.01.2009.
Insufficient Anti-Automation:
Vulnerability is in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1896-1 secur...@debian.org
http://www.debian.org/security/ Florian Weimer
September 28, 2009
Author: Francis Provencher (Protek Research Lab's)
#
Application: Adobe ShockWave Player (11.5.1.601)
Platforms:Windows XP Professional French SP2 and SP3
crash:IE 6.0.2900.2180
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01859457
Version: 1
HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Remote
Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon
12 matches
Mail list logo