-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2571-1 secur...@debian.org
http://www.debian.org/security/ Raphael Geissert
November 04, 2012
[waraxe-2012-SA#096] - Multiple Vulnerabilities in Zenphoto 1.4.3.3
===
Author: Janek Vind waraxe
Date: 03. November 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-96.html
Description of vulnerable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2572-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
November 4, 2012
Title:
==
AWAuctionScript CMS v1.x - Multiple Web Vulnerabilities
Date:
=
2012-11-04
References:
===
http://www.vulnerability-lab.com/get_content.php?id=741
VL-ID:
=
741
Common Vulnerability Scoring System:
8.5
Introduction:
http://pastebin.com/raw.php?i=jhLt7s83
http://htp4.hack-the-planet.tv/htp4/HTP-4.txt
http://doxbinumfxfyytnh.onion/HTP4.7z
http://uplink.sh/htp4/
http://dikline.org/
http://empathy.hardchats.org/htp4/HTP-4.txt
Enjoy ;) -HTP
___
Full-Disclosure - We
The Call for Papers for the fourth annual HITBSecConf in Europe is now
open! Taking place on the 8th till 11th of April at the Okura Hotel, Amsterdam,
#HITB2013AMS will be a triple track conference (with HITB Labs) and features
keynotes by Eddie Schwartz, Chief Information Security Officer at
List, I've completed the second paper in my series analyzing Sophos
Antivirus internals, titled Practical Attacks against Sophos
Antivirus. As the name suggests, this paper describes realistic
attacks against networks using Sophos products.
The paper includes a working pre-authentication remote
Reading the paper now.
The previous one about internals was awesome.
enumerating badness keyword :D ROFL
Cheers
antisnatchor
On Mon, Nov 5, 2012 at 3:14 PM, Tavis Ormandy tav...@cmpxchg8b.com wrote:
List, I've completed the second paper in my series analyzing Sophos
Antivirus internals,
Also, They told me they will work on this, and
will improve their internal security practices.
is just ridiculous.
I have the same feeling you had while reaching out with them,
when the results from some of my product pentests cannot be disclosed
even after patching.
I wish we could always go
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-2733 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.27
- - Tomcat 6.0.0 to 6.0.35
Description:
The checks that limited the permitted size of request
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.35
- - Tomcat 5.5.0 to 5.5.35
- - Earlier, unsupported
11 matches
Mail list logo