[FD] CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages

Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use

[FD] What do you think of Trollc?

>From https://www.startjoin.com/trollc *Right now if you're a software exploit developer and you want to monetize your craft to pay your rent, there's only one consistent way to do so: sell your software exploits. The major customer for these are oppressive governments, chiefly that of the United

[FD] sb0x-project 2.0.1rc3 Release Announcement

Hi all! I am happy to announce sb0x-project 2.0.1rc3 (https://github.com/levi0x0/sb0x-project) sb0x-project free and open source (GPL License), sb0x is A simple and Lightweight framework for Penetration testing SS: https://raw.githubusercontent.com/wiki/levi0x0/sb0x-project/sb0x_shell.png Modu

[FD] [SECURITY] CVE-2014-0075 Apache Tomcat denial of service

CVE-2014-0075 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: It was possible to craft a malformed chunk size as part of a chucked requ

[FD] [SECURITY] CVE-2014-0095 Apache Tomcat denial of service

CVE-2014-0095 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC2 to 8.0.3 Description: A regression was introduced in revision 1519838 that caused AJP requests to hang if an explicit content length of zero was set on the re

[FD] [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define (at multiple l

[FD] [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure

CVE-2014-0097 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The code used to parse the request content length header did not che

Re: [FD] [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure

CORRECTION: This is CVE-2014-0099 *NOT* -0097 Apologies for the typo On 27/05/2014 13:46, Mark Thomas wrote: > CVE-2014-0099 Information Disclosure > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > - Apache Tomcat 8.0.0-RC1 to 8.0.3 > - Apac

[FD] [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure

CVE-2014-0119 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.5 - Apache Tomcat 7.0.0 to 7.0.53 - Apache Tomcat 6.0.0 to 6.0.39 Description: In limited circumstances it was possible for a malicious web applica

[FD] CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks

Castor Library Default Configuration could lead to XML External Entity (XXE) Attack Vulnerability Type: Local or Remote File Disclosure Reporter: Ron Gutierrez (rgutier...@gdssecurity.com) and Adam Bixby ( abi...@gdssecurity.com) Company: Gotham Digital Science (gdsl...@gdssecurity.com) Affected So

[FD] XSS on Vmware Site

Advisory: info.vmware.com – Cross-Site Script Vulnerability (XSS) Advisory ID: VMware Support Request 14479234605 Author: Roberto Garcia Affected Software: Successfully tested on info.vmware.com Vendor URL: htt://info.vmware.com Vendor Status: informed == Vulnerability De

Re: [FD] What do you think of Trollc?

If you actually know weev then you know that he isn't capable of running a business. 2014-05-27 21:49 GMT+03:00 Philip Cheong : > From https://www.startjoin.com/trollc > > *Right now if you're a software exploit developer and you want to monetize > your craft to pay your rent, there's only one c

Re: [FD] What do you think of Trollc?

Brilliant but never going to work; it will undoubtedly gain a lot of opposition that will probably prevent it from getting off the ground. Usually through weev getting V&hammered again :( On Tue, May 27, 2014 at 2:49 PM, Philip Cheong wrote: > From https://www.startjoin.com/trollc > > *Right no

Re: [FD] What do you think of Trollc?

Not even sure when the last vulnerability that caused any fluctuation in the stock markets was. On Tue, May 27, 2014 at 1:49 PM, Philip Cheong wrote: > From https://www.startjoin.com/trollc > > *Right now if you're a software exploit developer and you want to monetize > your craft to pay your r

Re: [FD] What do you think of Trollc?

> vulnerabilities to the public. For this I need help getting the filing fees > necessary to incorporate a hedge fund. I want to continue bringing issues > in companies that put you at risk to light, and short the stocks of those > companies when I do so. It's practically unheard of to see stocks