129 matches found
apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the 1 AlgorithmSuite, 2 SignedParts, 3 SignedElements, 4...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
Apache CXF Failed Element Verification(CVE-2012-2379)
No description provided by source. CVE-2012-2379: Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token. Severity: Important Vendor: The Apache Software Foundation Versions Affected: This vulnerability affects all released versions of Apache CXF...
Call for Paper - DEF CON Rajasthan March 2012 Meet
Call for Paper - DEF CON Rajasthan March 2012 Meet DEF CON Rajasthan - March 2012 Jaipur Meet, Call For Papers is now officially Open and will close on March 10, 2012. DEF CON Rajasthan DC91141 is a DEF CON Registered group of people interested in exploring technology and it implications in...
Jouve Group hacked by Inj3ct0r Team Against The Nato
Jouve Group hacked by Inj3ct0r Team Against The Nato Inj3ct0r Hackers Hacked the Jouve group websites and Upload there data at Sendspace Link . Message By hackers "For the Pride of Green LibyaAnd Supporting the Libyan Nation Against The Nato GangsWe are against terrorism and violence in Libya! Na...
Free phone Calls To Land-line And Cellphones Anywhere In the World
There have been many services offering free international VOIP calls and most of them rely upon ad-supported funding to get things going, most of such services have closed there doors but there are still a few left. One such service Evaphone allows users to enjoy free international PC-To-Phone...
Webspell 4.x Local File Inclusion
muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting 00 $Discovered by muH $Usage: http://server.com/index.php?site=c:windowsrepairsam00...
SOL7009 - Statement on ACL bypass using trailing NULL byte - MNIN/NNL Advisory
A January 2007 security advisory describes several security issues present in some versions of FirePass software. One section in the document, titled ACL Filter bypass with URL de-normalization, states that Portal Access ACL filters can be bypassed if a user appends a trailing NULL byte after the...