Apache Tomcat versions 7.0.0 through 7.0.22, 6.0.0 through 6.0.33 and 5.5.0 through 5.5.34 suffer from a denial of service vulnerability. Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.
91683493631ac17694efb967a6ef7a95ecd52cfe845509e1adf11897be5f34ba
Apache Tomcat versions 7.0.0 through 7.0.21 and 6.0.30 through 6.0.33 suffer from an information disclosure vulnerability. For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request.
695b51d032225ec928c8519f49f22751af65d121b0245e9711e796b1c5d80457
UniOFuzz is a universal fuzzing tool for browsers, web services, files, programs and network services/ports.
380fc307bd2912319ae5d082144514b94ae7530562d2f08c5340c2bf28993e12
The Joomla Discussions component suffers from a remote SQL injection vulnerability.
5db7194b0ccd57a0c041800cf276a1c4933a026f7a31676a9071016e2fb2adfe
Sysax Multi Server version 5.50 create folder buffer overflow exploit with bindshell code for port 4444.
adb60108b3c26535f2e749d1b39e34638903b0dd0688adf1d5ebfc97c819ccc6
Vastal United suffers from a remote SQL injection vulnerability.
53121c63de9090c2c75dd23b5334eeccd5aace79531733c641f58fab563f4e51
Vastal Freelance suffers from a remote SQL injection vulnerability.
538d3e0b6b518b0c64644bf1be380cbfad25f422e07bec695ab0723ed11f2f64
Vastal Games suffers from a remote SQL injection vulnerability.
5e245764721f8fffe5b143771a48786f1e1d56c91052e8ad030444729ae14f42
Vastal EzineShop suffers from a remote SQL injection vulnerability.
9059b6459695ee0ef807a4671f25bad8638815a2a93dc60955fa08471a2fb8f5
6% of pwgen passwords generated can get cracked in 2 minutes with NTLM hashes. For the MD5-based crypt(3), NTLM's 2 minutes would translate to 2 days.
0cce10ca1a5989b09cd638d36869a014336958fad1337b95c08ad71bfe840357
This is a brief whitepaper that discusses an overview of cloud computing and some high level security issues associated with it.
4cf3f445260264a347ab53b1f5a8af4ba29d05bf285c17ec8bb75a8f92481097