ipTIME n104r3 vulnerable to CSRF and XSS attacks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ## Advisory Information Title: iptime n104r3 vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt Blog URL:

CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0

# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: Xpert.Line # Vendor: Soreco AG [1] # CVE ID: CVE-2015-3442 #

ToorCon 17 Call For Papers!

TOORCON 17 CALL FOR PAPERS It's that time of year again! ToorCon 17 is coming so get your code finished and submit a talk this time around. We're letting you decide if you want to be a part of our 50-minute talks on Saturday, 20-minute talks on Sunday, and 75-minute talks for our Deep Knowledge

[SECURITY] [DSA 3299-1] stunnel4 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3299-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2015

SQL Injection in easy2map wordpress plugin v1.24

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/

WK UDID v1.0.1 iOS - Command Inject Vulnerability

Document Title: === WK UDID v1.0.1 iOS - Command Inject Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1539 Release Date: = 2015-07-01 Vulnerability Laboratory ID (VL-ID):

Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability

Document Title: === Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1541 Release Date: = 2015-07-02 Vulnerability Laboratory ID (VL-ID):

Ruxcon 2015 Final Call For Presentations

Ruxcon 2015 Final Call For Presentations Melbourne, Australia, October 24-25 CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015. This year the conference will take place over the weekend of the 24th and

[SECURITY] [DSA 3300-1] iceweasel security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3300-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2015

Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled

SCOPE Every version of Microsoft Office on every Windows OS includes a feature called OLE Packager, allowing content to be embedded in documents. This includes executable content (.exe, .js, .vbe etc) - there is no restriction of embeddable content. There is no way to disable or restrict this

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Vendor -- https://www.snorby.org/ Version --- 2.6.2 Description --- During my research and testing of

Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability

Document Title: === Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1472 Ebay Inc Security ID: EIBBP-31808 Release Date: = 2015-07-02 Vulnerability Laboratory ID

127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ## Advisory Information Title: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt Blog URL:

[SECURITY] [DSA 3301-1] haproxy security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3301-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2015

Google Chrome Address Spoofing - Google's Opinion

It's public now: https://code.google.com/p/chromium/issues/detail?id=497588 Interesting Points: They did reproduce I can reproduce this locally They say it's DoS seems like any renderer denial-of-service (The browser does not crash!) They say it's not security issue remove security flags from

phpLiteAdmin v1.1 CSRF XSS Vulnerabilities

[+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt Vendor: bitbucket.org/phpliteadmin Product: phpLiteAdmin v1.1

[CORE-2015-0012] - AirLive Multiple Products OS Command Injection

1. Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last update: 2015-07-06 Vendors contacted: AirLive

Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability

this is *not* Google HTTP Live Headers and that was already told yesterday - angeboten von https://www.esolutions.se; != Google as well as a random Firefox plugin from the addon page is not Mozilla pluginname Am 04.07.2015 um 14:33 schrieb Vulnerability Lab: Document Title: ===