... or more accurately, asleep at the wheel!
___
_/ STORY TIME (feel free to skip this if you don't care) \__
|
Hello participants of Mailing List.
After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I've made next update of the software. At 23rd of October DAVOSET v.1.2.1
was released - DDoS attacks via other sites execution
The ASUS RT- series of wireless routers rely on an easily manipulated
process to determine if a firmware update is available, and to retrieve the
necessary update binary. In short, the router downloads via clear-text a
file from http://dlcdnet.asus.com, parses it to determine the latest
firmware ve
Vulnerability title: Tuleap <= 7.4.99.5 Remote Command Execution in Enalean
Tuleap
CVE: CVE-2014-7178
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz
Details:
Tuleap does not validate the syntax of the requests submitted to SVN
Vulnerability title: Tuleap <= 7.2 External XML Entity Injection in Enalean
Tuleap
CVE: CVE-2014-7177
Vendor: Enalean
Product: Tuleap
Affected version: 7.2 and earlier
Fixed version: 7.4.99.5
Reported by: Jerzy Kramarz
Details:
A multiple XML External Entity Injection has been found and confirme
Vulnerability title: Tuleap <= 7.4.99.5 Authenticated Blind SQL Injection in
Enalean Tuleap
CVE: CVE-2014-7176
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the softw
Vulnerability title: Kernel Memory Leak in ESET Multiple Windows Products
CVE: CVE-2014-4974
Vendor: ESET
Product: Multiple Windows Products
Affected version: 5.0 - 7.0
Fixed version: Build 1212
Reported by: Kyriakos Economou
Details:
The latest, and earlier versions, of ESET Smart Security and E
