«
Expand/Collapse
56 items tagged "response"
Related tags:
incident response [+],
cisco security [+],
incident [+],
security response [+],
opencart [+],
bugtraq [+],
vulnerabilities [+],
memory corruption [+],
kevin mandia [+],
cisco ios [+],
black hat [+],
zero [+],
usa [+],
upload [+],
toko [+],
splitting [+],
share [+],
server authentication [+],
server [+],
response management system [+],
randomness [+],
ncnipc [+],
manx [+],
management [+],
keyfax [+],
ios software [+],
information disclosure [+],
http headers [+],
file upload [+],
disclosure [+],
cross site scripting [+],
code execution [+],
cisco unified [+],
cisco psirt [+],
china [+],
charset parameter [+],
atutor [+],
xftp [+],
videoconferencing [+],
special purpose tools [+],
series [+],
security incident response [+],
security [+],
script [+],
ryan upton [+],
response headers [+],
remote buffer overflow vulnerability [+],
remote buffer overflow [+],
python script [+],
penetration testers [+],
interaction [+],
incident response team [+],
disaster crisis [+],
disaster [+],
cisco uvc [+],
cisco product [+],
chaos communication congress [+],
bugzilla [+],
buffer overflow vulnerability [+],
android [+],
agent [+],
Software [+],
xmlhttp [+],
wwwthreads [+],
vmware [+],
videoconferencing products [+],
video [+],
urged [+],
turningpoint [+],
travis goodspeed [+],
timeout [+],
state [+],
slides [+],
security 2001 [+],
rf device [+],
response policy [+],
response handling [+],
response card [+],
rachel fee [+],
pwd [+],
proxy [+],
pipeline [+],
paul vixie [+],
oracle enterprise manager [+],
oracle [+],
operating [+],
news [+],
multiple [+],
msxml2 [+],
msxml [+],
microsoft world [+],
microsoft [+],
memory [+],
malaysia [+],
list [+],
keynote [+],
jacob nahin [+],
introductions [+],
incidence [+],
httpd [+],
hacks [+],
hack in the box [+],
greg jacobs [+],
evolution [+],
electrical engineer [+],
effective [+],
dns [+],
denial of service [+],
denial [+],
cyber crime [+],
co ordinate [+],
clicker [+],
classic [+],
casting votes [+],
backdoor [+],
authors [+],
http [+],
vulnerability [+]
-
-
3:10
»
Packet Storm Security Exploits
OpenCart version 1.5.2.1 suffers from arbitrary file upload, HTTP response splitting, local file inclusion, path disclosure, and failed randomness vulnerabilities.
-
3:10
»
Packet Storm Security Recent Files
OpenCart version 1.5.2.1 suffers from arbitrary file upload, HTTP response splitting, local file inclusion, path disclosure, and failed randomness vulnerabilities.
-
3:10
»
Packet Storm Security Misc. Files
OpenCart version 1.5.2.1 suffers from arbitrary file upload, HTTP response splitting, local file inclusion, path disclosure, and failed randomness vulnerabilities.
-
-
21:44
»
SecDocs
Authors:
Herr Urbach Tags:
security Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Software is becoming more and more important in organizing response to all kinds of crises, whether that means activists responding to an unjust government or aid workers helping with the aftermath of a disaster. Security often isn't the first thing people think about in these situations -- they have work to get done, just like the rest of us, and many of these tools are built in the heat of the moment. In a crisis, a lack of security can make a small disaster into a big one. In this talk, we'll look at real world experiences of the security and privacy problems in the field, and how to fix them, at both large and small levels. People are using technology to try to save the world, whether in the disaster response world, or in activist or revolutionary work. Many of the people involved are not technologists. Many of the people building tools for these situations do not understand security. This is a problem because: Privacy issues for disaster response Creepy uncle Creepy government agency Gaming the aid process with crowdsourced reports Activists and revolutionaries are subject to direct attack, coercion, harrassment, etc. A few problems: People are using generic tools that don't provide the guarantees they need People are writing special-purpose tools without understanding the problem People are writing tools which intentionally subvert their users People don't understand the problems they're causing with how they use tools To fix this: Build specialist tools with a deep understanding of the real problems Get the help you need to make tools secure Ask for help Help disaster/activist ICT projects if you know your security Build security into generic tools, even if you're not planning on revolutionaries using them, because you never know when you're going to need to overthrow a government on twittter. Learn/teach about security and what it takes to use existing tools well Build a security culture in your organization
-
21:44
»
SecDocs
Authors:
Herr Urbach Tags:
security Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Software is becoming more and more important in organizing response to all kinds of crises, whether that means activists responding to an unjust government or aid workers helping with the aftermath of a disaster. Security often isn't the first thing people think about in these situations -- they have work to get done, just like the rest of us, and many of these tools are built in the heat of the moment. In a crisis, a lack of security can make a small disaster into a big one. In this talk, we'll look at real world experiences of the security and privacy problems in the field, and how to fix them, at both large and small levels. People are using technology to try to save the world, whether in the disaster response world, or in activist or revolutionary work. Many of the people involved are not technologists. Many of the people building tools for these situations do not understand security. This is a problem because: Privacy issues for disaster response Creepy uncle Creepy government agency Gaming the aid process with crowdsourced reports Activists and revolutionaries are subject to direct attack, coercion, harrassment, etc. A few problems: People are using generic tools that don't provide the guarantees they need People are writing special-purpose tools without understanding the problem People are writing tools which intentionally subvert their users People don't understand the problems they're causing with how they use tools To fix this: Build specialist tools with a deep understanding of the real problems Get the help you need to make tools secure Ask for help Help disaster/activist ICT projects if you know your security Build security into generic tools, even if you're not planning on revolutionaries using them, because you never know when you're going to need to overthrow a government on twittter. Learn/teach about security and what it takes to use existing tools well Build a security culture in your organization
-
17:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-328 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set. The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.
-
17:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-328 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set. The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.
-
17:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-328 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set. The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.
-
-
23:35
»
Packet Storm Security Exploits
Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
-
23:35
»
Packet Storm Security Recent Files
Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
-
23:35
»
Packet Storm Security Misc. Files
Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
-
-
15:22
»
Packet Storm Security Advisories
Cisco Security Response - Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available.
-
15:22
»
Packet Storm Security Recent Files
Cisco Security Response - Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available.
-
15:22
»
Packet Storm Security Misc. Files
Cisco Security Response - Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available.
-
-
15:46
»
Packet Storm Security Advisories
This is the Cisco Product Security Incident Response Team (PSIRT) response to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. Several of the vulnerabilities also impact Cisco Unified Videoconferencing 5200 and 3500 Series Products.
-
15:46
»
Packet Storm Security Misc. Files
This is the Cisco Product Security Incident Response Team (PSIRT) response to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. Several of the vulnerabilities also impact Cisco Unified Videoconferencing 5200 and 3500 Series Products.
-
-
21:01
»
Packet Storm Security Tools
UA-Tester (User-Agent Tester) is a Python script that enables penetration testers to compare response headers from a remote server based on a list of User-Agent strings. The script allows testers to isolate differences in response depending on the browser used to access a site. This can be important as a growing number of sites are catering for mobile devices by forwarding them to alternative (browser friendly) pages, or redirecting them to alternative servers entirely.
-
21:01
»
Packet Storm Security Recent Files
UA-Tester (User-Agent Tester) is a Python script that enables penetration testers to compare response headers from a remote server based on a list of User-Agent strings. The script allows testers to isolate differences in response depending on the browser used to access a site. This can be important as a growing number of sites are catering for mobile devices by forwarding them to alternative (browser friendly) pages, or redirecting them to alternative servers entirely.
-
-
7:12
»
Hack a Day
We would like to introduce our new writers [Rachel Fee], [Greg Jacobs], and [Jacob Nahin]. They will be focusing on software reviews and tutorials in response to the daily requests for posts that don’t require that you be an electrical engineer to understand. The Hack a Day community is growing very fast and we are [...]
-
-
9:00
»
Hack a Day
[Travis Goodspeed] has pulled apart a TurningPoint response card, which is an RF device for answering quizzes, attendance checks, and casting votes in a classroom setting. After tearing it apart, he set out to reverse engineer it and managed to get quite a lot done. At this point he can spoof cards, so he could [...]
-
-
20:00
»
Packet Storm Security Advisories
A timeout detection flaw in the httpd mod_proxy_http module causes proxied response to be sent as the response to a different request, and potentially served to a different client, from the HTTP proxy pool worker pipeline.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution