Fedora 21 : owasp-esapi-java-2.1.0-1.fc21 (2015-0322)

Release 2.1.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...

Fedora Update for owasp-esapi-java FEDORA-2015-0322

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : owasp-esapi-java-2.1.0-2.fc20 (2015-0259)

Release 2.1.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...

Fedora Update for owasp-esapi-java FEDORA-2015-0259

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: owasp-esapi-java-2.1.0-2.fc20

OWASP ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library that makes it easier for programme rs to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing...

[SECURITY] Fedora 21 Update: owasp-esapi-java-2.1.0-1.fc21

OWASP ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library that makes it easier for programme rs to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing...

OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption

OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...

Default configuration

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

Default configuration

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

CVE-2013-5679

CVE-2013-5679 affects OWASP ESAPI for Java 2.x prior to 2.1.0, where the authenticated-encryption path in the symmetric‑encryption implementation fails to properly resist tampering of serialized ciphertext, enabling bypass of cryptographic protection via a default-configuration authenticity flaw ...

CVE-2013-5960

CVE-2013-5960 affects OWASP ESAPI for Java (authenticated-encryption in the symmetric-encryption implementation) and could allow remote bypass of cryptographic protections through tampering of serialized ciphertext in non-default cipher-mode configurations. IBM Sterling B2B Integrator bulletin co...

OpenCMS 7.5.3 Cross Site Scripting

OpenCMS alert666 HTTP/1.1 Host: localhost:8080 ... The URI /opencms/opencms/system/workplace/views/explorer/contextmenu.jsp is vulnerable too, but we should know a valid resource name to exploit...

Month of PHP Security - Summary - 1st May - 10th May

Hi everyone, 10 days ago the Month of PHP Security 2010 has started at http://www.php-security.org/ and meanwhile 20 vulnerabilities were posted and also 4 user submitted articles were published. Here is a short summary of what was released so far. You can follow the Month of PHP Security on...

CVE-2009-4505 OpenCMS OAMP Comments Module XSS

COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2009-4505 Product: OpenCMS OAMP Comments Module Vendor: Open Source, Alkacon GmbH Cologne, Germany Subject: Cross-site scripting XSS Risk: High Effect: Anonymously exploitable Author: Cyrill Brunschwiler [email protected] Date:...

OWASP ESAPI XSS Bypass

Bypassing OWASP ESAPI XSS Protection inside Javascript ------------------------------------------------------ By Inferno inferno at securethoughts dot com Everyone knows the invaluable XSS cheat sheet maintained by "RSnake". It is all about breaking things and features all the scenarios that can...