Re: [FD] Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64

2015-03-18 Thread jericho
relevent to your 'buffer overflow' posts that are not real issues: http://blogs.technet.com/b/markrussinovich/archive/2005/05/17/buffer-overflows.aspx http://superuser.com/questions/491597/process-monitor-entrys-with-buffer-overflow ___ Sent

[FD] Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view

2015-03-18 Thread Securify B.V.
Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view Han Sahin, September 2014

[FD] Command injection vulnerability in network diagnostics tool of Websense Appliance Manager

2015-03-18 Thread Securify B.V.
Command injection vulnerability in network diagnostics tool of Websense Appliance Manager Han Sahin, September 2014

[FD] Cross-Site Scripting vulnerability in Websense Explorer report scheduler

2015-03-18 Thread Securify B.V.
Cross-Site Scripting vulnerability in Websense Explorer report scheduler Han Sahin, September 2014

[FD] Missing access control on Websense Explorer web folder

2015-03-18 Thread Securify B.V.
Missing access control on Websense Explorer web folder Han Sahin, September 2014

[FD] Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting

2015-03-18 Thread Securify B.V.
Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting Han Sahin, September 2014

[FD] Upcoming new OpenSSL version with high severity security issues

2015-03-18 Thread Patrik Kernstock
Hi, to just let you know: There is a new OpenSSL version upcoming in about two days with some fixed security issues with the severity high: The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases will be

[FD] Mac OS X 10.10.2 kernel extension heap overflow resulting in LPE

2015-03-18 Thread Luca Todesco
Hello, I have recently found an exploitable heap overflow in a core OS X driver. Particularly, the injectString function is vulnerable to an heap overflow and can be triggered without privileges of any kind. The vulnerable function can be seen at 

[FD] Mac OS X 10.10.2 IOHIDFamily.kext IOHIDSecurePromptClient Heap Overflow

2015-03-18 Thread info
Hello, I have recently found an exploitable heap overflow in a core OS X driver. Particularly, the injectString function is vulnerable to an heap overflow and can be triggered without privileges of any kind. The vulnerable function can be seen at

[FD] Chamilo LMS 1.9.10 Multiple XSS CSRF Vulnerabilities

2015-03-18 Thread Rehan Ahmed
I. Overview Chamilo LMS 1.9.10 or prior versions are prone to a multiple Cross-Site Scripting (Stored + Reflected) CSRF vulnerabilities. These vulnerabilities allows an attacker to gain control over valid user accounts in LMS, perform

[FD] Web-Dorado ECommerce-WD for Joomla plugin multiple unauthenticated SQL injections

2015-03-18 Thread Brandon Perry
Version 1.2.5 of the ECommerce-WD plugin for Joomla! has multiple unauthenticated SQL injections available via the advanced search functionality. http://extensions.joomla.org/extension/ecommerce-wd The vulnerable parameters are search_category_id, sort_order, and filter_manufacturer_ids within

Re: [FD] Regarding how can I request a CVE number?

2015-03-18 Thread James Hooker
Hi XZ, I managed to get a number of CVEs last year, but towards the end of the year they simply stopped replying, so I've given up. Whether they stopped replying due to work load, or whether my submissions were not up to their requirements I'm not sure. If you find out any more, I'd be

[FD] Multiple Cross-Site Scripting vulnerabilities in Websense Reporting

2015-03-18 Thread Securify B.V.
Multiple Cross-Site Scripting vulnerabilities in Websense Reporting Han Sahin, September 2014

[FD] [CORE-2015-0006] - Fortinet Single Sign On Stack Overflow

2015-03-18 Thread CORE Advisories Team
1. Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors contacted: Fortinet Release mode:

[FD] EMC MR (Watch4net) data storage collector credentials are not properly protected

2015-03-18 Thread Securify B.V.
EMC MR (Watch4net) data storage collector credentials are not properly protected Han Sahin, November 2014

[FD] Cross-Site Scripting vulnerability in EMC MR (Watch4net) Web Portal Report Favorites

2015-03-18 Thread Securify B.V.
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Web Portal Report Favorites Han Sahin, November 2014

[FD] Cross-Site Scripting vulnerability in EMC MR (Watch4net) Centralized Management Console

2015-03-18 Thread Securify B.V.
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Centralized Management Console Han Sahin, November 2014

[FD] Cross-Site Scripting vulnerability in EMC MR (Watch4net) Alerting Frontend

2015-03-18 Thread Securify B.V.
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Alerting Frontend Han Sahin, November 2014

[FD] Path traversal vulnerability in EMC MR (Watch4net) MIB Browser

2015-03-18 Thread Securify B.V.
Path traversal vulnerability in EMC MR (Watch4net) MIB Browser Han Sahin, November 2014

[FD] Path traversal vulnerability in EMC MR (Watch4net) Device Discovery

2015-03-18 Thread Securify B.V.
Path traversal vulnerability in EMC MR (Watch4net) Device Discovery Han Sahin, November 2014

[FD] EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection

2015-03-18 Thread Securify B.V.
EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection Han Sahin, November 2014