A cross site scripting vulnerability could be potentially exploited by a malicious attacker for conducting scripting attacks in RSA Authentication Agent. The vulnerability could be exploited by getting an authenticated user to click on specially-crafted links that a malicious attacker can embed within an e-mail message, web page, or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user.
60c2408d2fe62788b2cbc510da0866dd0087c1d236f7ee0f72f7e8c309d66045
There was a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but fairly likely to happen unexpectedly if an application used AsyncListeners that threw RuntimeExceptions. The issue was fixed by catching the RuntimeExceptions. Apache Tomcat versions 7.0.0 through 7.0.39 are affected.
cde648eb3c646ccc296e6a2d348bb89e68c2c0471e19b83178341c84734cf58f
The Hacktivity 2013 Call For Papers has been announced. It will be held from October 11th through the 12th, 2013 in Budapest, Hungary.
0dd244dd954136a6ef1cb1f25cf13f79762f808fda091726afe166aa5f9766b3
WordPress Securimage plugin version 3.2.4 suffers from a cross site scripting vulnerability.
78e5ebebeb9ae585297520432443259b68de5fd5982df5f0a234decfca3ca168
Tomcat versions 7.0.0 through 7.0.29 and 6.0.0 through 6.0.36 are affected by a chunked transfer encoding extension size denial of service vulnerability.
7b8a19be00ce9beba765f4af2ea6f609a46b4c63b7dc0253a2f02a2038b02112
Tomcat versions 7.0.0 through 7.0.32 and 6.0.21 through 6.0.36 are affected by a session fixation vulnerability. FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials. This attack has been prevented by changing the session ID prior to displaying the login page as well as after the user has successfully authenticated.
c8f95bbcb876695ebd34e27d13ce0bb5f986515a5720bbeae4dd29d1525ffba1
Lan Messenger version 1.2 suffers from a buffer overflow vulnerability.
5cb457c623df5ba754d6e21eb829eba1a7d60b5a17ed00b9f696fc8e72589070