[MajorSecurity Advisory #59]PHP =5.3 - mysqli_real_escape_string() full path disclosure

[MajorSecurity Advisory #59]PHP =5.3 - mysqli_real_escape_string() full path disclosure Details === Product: PHP =5.3 Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David

(edited) [DSECRG-09-044] SAP GUI 7.1 Insecure Methods

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-044 Application:EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: http://SAP.com Bugs:

[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1897-1secur...@debian.org http://www.debian.org/security/ Nico Golde September 28th, 2009

Re: Regular Expression Denial of Service

Alex, it isn't a new technique in web-application security. If you queried Google, or did some research on recent (2007) Blackhat talks, you'll probably noticed that this is very well known and understood technique. Even Charles Miller talked about it (on the OSX Safari exploits). So the claim

Re: iphone email client does not validate ssl certificates

Hi! iPod/iPhone standard e-mail application does not validate SSL certificates and is vulnerable to a MITM (man in the middle attack). Vulnerable: All versions. Well... mujmail.org email client also does not validate ssl cerificates -- optionaly. Reasoning is that SSL with unverified

[MajorSecurity Advisory #57]PHP =5.3 - preg_match() full path disclosure

[MajorSecurity Advisory #57]PHP =5.3 - preg_match() full path disclosure Details === Product: PHP =5.3 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz

[DSECRG-09-043] SAP GUI 7.1 Insecure Method

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-043 Application:EAI WebViewer2D (EnjoySAP, SAP GUI for Windows 6.4 and 7.1) Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: http://SAP.com Bugs:

Local privilege escalation vulnerability in Trustport security software

ShineShadow Security Report 28092009-10 TITLE Local privilege escalation vulnerability in Trustport security software BACKGROUND TrustPort is a major producer of software solutions for secure communication and reliable data protection. TrustPort products are characterized by a

Vulnerabilities in E107

Hello Bugtraq! I want to warn you about Insufficient Anti-automation and Cross-Site Scripting vulnerabilities in E107. I found XSS holes in October 2006 and Insufficient Anti-automation in November 2007, and disclosed them at 30.01.2009. Insufficient Anti-Automation: Vulnerability is in

[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1896-1 secur...@debian.org http://www.debian.org/security/ Florian Weimer September 28, 2009

Multiple Vulnerabilities

Author: Francis Provencher (Protek Research Lab's) # Application: Adobe ShockWave Player (11.5.1.601) Platforms:Windows XP Professional French SP2 and SP3 crash:IE 6.0.2900.2180

[security bulletin] HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01859457 Version: 1 HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon