relevent to your 'buffer overflow' posts that are not real issues:
http://blogs.technet.com/b/markrussinovich/archive/2005/05/17/buffer-overflows.aspx
http://superuser.com/questions/491597/process-monitor-entrys-with-buffer-overflow
___
Sent
Websense Email Security vulnerable to persistent Cross-Site Scripting in
audit log details view
Han Sahin, September 2014
Command injection vulnerability in network diagnostics tool of Websense
Appliance Manager
Han Sahin, September 2014
Cross-Site Scripting vulnerability in Websense Explorer report scheduler
Han Sahin, September 2014
Missing access control on Websense Explorer web folder
Han Sahin, September 2014
Websense Data Security DLP incident Forensics Preview is vulnerable to
Cross-Site Scripting
Han Sahin, September 2014
Hi,
to just let you know: There is a new OpenSSL version upcoming in about
two days with some fixed security issues with the severity high:
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.
These releases will be
Hello,
I have recently found an exploitable heap overflow in a core OS X driver.
Particularly, the injectString function is vulnerable to an heap overflow and
can be triggered without privileges of any kind.
The vulnerable function can be seen atÂ
Hello,
I have recently found an exploitable heap overflow in a core OS X driver.
Particularly, the injectString function is vulnerable to an heap overflow and
can be triggered without privileges of any kind.
The vulnerable function can be seen at
I. Overview
Chamilo LMS 1.9.10 or prior versions are prone to a multiple Cross-Site
Scripting (Stored + Reflected) CSRF vulnerabilities. These vulnerabilities
allows an attacker to gain control over valid user accounts in LMS, perform
Version 1.2.5 of the ECommerce-WD plugin for Joomla! has multiple
unauthenticated SQL injections available via the advanced search
functionality.
http://extensions.joomla.org/extension/ecommerce-wd
The vulnerable parameters are search_category_id, sort_order, and
filter_manufacturer_ids within
Hi XZ,
I managed to get a number of CVEs last year, but towards the end of the
year they simply stopped replying, so I've given up. Whether they stopped
replying due to work load, or whether my submissions were not up to their
requirements I'm not sure.
If you find out any more, I'd be
Multiple Cross-Site Scripting vulnerabilities in Websense Reporting
Han Sahin, September 2014
1. Advisory Information
Title: Fortinet Single Sign On Stack Overflow
Advisory ID: CORE-2015-0006
Advisory URL:
http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow
Date published: 2015-03-18
Date of last update: 2015-03-18
Vendors contacted: Fortinet
Release mode:
EMC MR (Watch4net) data storage collector credentials are not properly
protected
Han Sahin, November 2014
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Web Portal
Report Favorites
Han Sahin, November 2014
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Centralized
Management Console
Han Sahin, November 2014
Cross-Site Scripting vulnerability in EMC MR (Watch4net) Alerting
Frontend
Han Sahin, November 2014
Path traversal vulnerability in EMC MR (Watch4net) MIB Browser
Han Sahin, November 2014
Path traversal vulnerability in EMC MR (Watch4net) Device Discovery
Han Sahin, November 2014
EMC Secure Remote Services Virtual Edition Provisioning component is
affected by SQL injection
Han Sahin, November 2014
21 matches
Mail list logo