[FD] Zenario v7.6 CMS - SQL Injection Web Vulnerability

Document Title: === Zenario v7.6 CMS - SQL Injection Web Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2043 Release Date: = 2018-01-16 Vulnerability Laboratory ID (VL-ID):

[FD] MagicSpam 2.0.13 - Insecure File Permission Vulnerability

Document Title: === MagicSpam 2.0.13 - Insecure File Permission Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2113 Release Date: = 2018-01-12 Vulnerability Laboratory ID (VL-ID):

[FD] [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2

Advisory: Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the