|
|
Colapse all |
Post message
New Blog Post: Attacking the Windows 7/8 Address Space Randomization 2013-01-24 king cope (isowarez isowarez isowarez googlemail com) SQL Injection Vulnerability in ImageCMS 2013-01-23 advisory htbridge com Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Version(s): 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Referenc [ more ] [ reply ] Cross-Site Scripting (XSS) vulnerability in gpEasy 2013-01-23 advisory htbridge com Advisory ID: HTB23137 Product: gpEasy Vendor: gpeasy Vulnerable Version(s): 3.5.2 and probably prior Tested Version: 3.5.2 Vendor Notification: January 2, 2013 Vendor Patch: January 2, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-20 [ more ] [ reply ] CVE-2013-0805 / CSNC-2013-001 2013-01-23 stephan rickauer csnc ch ############################################################# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # ############################################################# # # CVE ID : CVE-2013-0805 # CSNC ID: CSNC-2013-001 # Product: iTop # Vendor: Combodo # Subject: Cross-site Scripting - XSS [ more ] [ reply ] CVE ID Syntax Change - Call for Public Feedback 2013-01-23 cve-id-change mitre org CVE ID Syntax Change - Call for Public Feedback ----------------------------------------------- January 22, 2013 Due to the increasing volume of public vulnerability reports, the Common Vulnerabilities and Exposures (CVE) project will change the syntax of its standard vulnerability identifiers so t [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers 2013-01-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20130123-wlc Revision 1.0 For Public Release 2013 January 23 16:00 UTC (GMT) - ---------------------------------------------------------------------- Summary ======= [ more ] [ reply ] DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013 2013-01-23 Major Malfunction (majormal pirate-radio org) what it says on the tin! speakers: Chris Sumner (Suggy) - Online Privacy Foundation presenting: "Predicting Dark Triad Personality Traits from Twitter usage and a linguistic analysis of Tweets" This study explores the extent to which it is possible to determine anti-social personalit [ more ] [ reply ] [slackware-security] mysql (SSA:2013-022-01) 2013-01-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mysql (SSA:2013-022-01) New mysql packages are available for 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security and other issues. Here are the details from the Slackware 14.0 ChangeLog: +------------------------ [ more ] [ reply ] [security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code 2013-01-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03645497 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03645497 Version: 1 HPSBMU02841 SS [ more ] [ reply ] Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable 2013-01-22 Security Explorations (contact security-explorations com) > Does anyone know if it has it been definitely determined if JRE6 is vulnerable to this? Issue 51 affects both Java SE 6 and 7. Issue 52 is for Java SE 7 only. Since both issues are required for the attack to succeed, we treat it as Java 7 specific only. Thank you. -- Best Regards, Adam Gowdia [ more ] [ reply ] Wordpress Valums Uploader - File Upload Vulnerability 2013-01-22 Vulnerability Lab (research vulnerability-lab com) Title: ====== Wordpress Valums Uploader - File Upload Vulnerability Date: ===== 2013-01-04 References: =========== http://www.vulnerability-lab.com/get_content.php?id=817 VL-ID: ===== 817 Common Vulnerability Scoring System: ==================================== 7.5 Abstract: ========= The [ more ] [ reply ] CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability 2013-01-22 i amroot com Product: DigiLIBE Management Console Vendor: Digitiliti Version: < 3.4 - ? Tested Version: 3.4 Vendor Notified Date: October 09, 2012 Release Date: January 18, 2013 Risk: High Authentication: None required Remote: Yes Description: Execution After Redirect vulnerabilities exist in DigiLIBE Managemen [ more ] [ reply ] SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability 2013-01-22 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability 2013-01-22 SEC Consult Vulnerability Lab (research sec-consult com) Wordpress Developer Formatter CSRF Vulnerability 2013-01-22 illSecResearchGroup gmail com ======================================================================== ============================================ # Exploit Title: Wordpress Developer Formatter CSRF Vulnerability # Date: 21/01/13 # Author: Junaid Hussain -[ illSecure Research Group ] - # Contact: illSecResearchGroup (at) Gmail (dot) com [email concealed] | [ more ] [ reply ] [SECURITY] [DSA 2611-1] movabletype-opensource security update 2013-01-22 Yves-Alexis Perez (corsac debian org) [HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb 2013-01-22 Hafez Kamal (aphesz hackinthebox org) Happy belated 2013 everyone! This is a gentle reminder that the The Call for Papers for #HITB2013AMS (the fourth annual HITBSecConf in Amsterdam) closes on the 8th of February. We're looking for talks that are highly technical, but most importantly, material which is new and cutting edge. In short, [ more ] [ reply ] Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin 2013-01-21 marcelavbx gmail com ############################# Exploit Title : Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 01/21/13 version: 34.05 software link:http://wordpress.org/extend/plugins/cardoza-wordpress-poll/ ######################## [ more ] [ reply ] Re: EMC Avamar: World writable cache files 2013-01-21 security_alert emc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-003: EMC Avamar Client Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-003 CVE Identifier: CVE-2012-2291 Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Affected Products: EMC Avamar HP-UX Client 4. [ more ] [ reply ] Multiple Vulnerabilities in Linksys WRT54GL 2013-01-18 devnull s3cur1ty de Device Name: Linksys WRT54GL v1.1 Vendor: Linksys/Cisco ============ Vulnerable Firmware Releases: ============ Firmware Version: 4.30.15 build 2, 01/20/2011 ============ Device Description: ============ The Router lets you access the Internet via a wireless connection, broadcast at up to 54 Mbp [ more ] [ reply ] NoSuchCon CFP / 15-17 May 2013 / Paris, France 2013-01-21 Jonathan Brossard (endrazine gmail com) Dear hacking community, We would like to make public the CFP of the NoSuchCon conference. Read more at : http://www.nosuchcon.com/#cfp Thanks and regards, endrazine- ************************************************************************ ******* PARENTAL ADVISORY: 100% technical conte [ more ] [ reply ] (AUSCERT#20131775e) AusCERT 2013 Call For Presentations - closing in 10 days 2013-01-21 auto-bulletins auscert org au -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 The AusCERT2013 Call for Presentations and Tutorials closes in 10 days on 31st January 2013. Please go to EasyChair to submit your paper: https://www.easychair.org/account/signin.cgi?conf=auscert2013 The AusCERT2013 program committee welcomes or [ more ] [ reply ] Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069 2013-01-20 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the Microsoft security bulletins <http://technet.microsoft.com/en-us/security/bulletin/ms06-020> <http://technet.microsoft.com/en-us/security/bulletin/ms06-069> show the following workaround to disable Macromedia Flash Player with software restriction policies a.k.a. SAFER: --- MS06-069.RE [ more ] [ reply ] CA20121220-01: Security Notice for CA IdentityMinder [updated] 2013-01-18 Williams, James K (James Williams ca com) CA20121220-01: Security Notice for CA IdentityMinder Issued: December 20, 2012 Updated: January 18, 2013 CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remot [ more ] [ reply ] ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities 2013-01-18 Security Alert (Security_Alert emc com) [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable 2013-01-18 Security Explorations (contact security-explorations com) Hello All, This post might be interesting for those concerned about the state of Oracle's Java SE security. We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21). MBeanInstantiat [ more ] [ reply ] Recently-revised IETF I-Ds about IPv6 security 2013-01-18 Fernando Gont (fgont si6networks com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, Summary of IETF Internet-Drafts we have recently revised: Title: Security Assessment of Neighbor Discovery (ND) for IPv6 URL: <http://www.ietf.org/internet-drafts/draft-gont-opsec-ipv6-nd-security-0 1.txt> Title: Security Implications [ more ] [ reply ] |
|
Privacy Statement |
Below is a link to my new Blog Post,
http://kingcope.wordpress.com/2013/01/24/attacking-the-windows-78-addres
s-space-randomization/
I hope you enjoy it!
Kingcope
[ more ] [ reply ]