Hello guys,
we have released the next generation 3.0 version.
ArpON is a Host-based solution that make the ARP standardized protocol
secure in order to avoid the Man In The Middle (MITM) attack through the
ARP spoofing, ARP cache poisoning or ARP poison routing attack.
For further information pl
Hey folks,
The openssl_seal() [4] is prone to use uninitialized memory that can be
turned into a code execution. This document describes technical details of
our journey to hijack apache2 requests.
What the heck is openssl_seal()?
[...]
int openssl_seal ( string $data , string &$sealed_data , ar
Apple software update is an utility to update apple software on windows
machines. The update proccess uses this kind of architecture.
First the software makes a request to
http://swcatalog.apple.com/content/catalogs/others/index-windows-1.sucatalog
This returns a xml file containing url of ".dist"
The FAQin Association is proud to announce the call for [ papers,
presentations, proposals ] at FAQin congress
-=] About FAQin Congress
FAQin congress is a free invitation-only underground hacking event in
Madrid, Spain at We Rock venue from 5th to 6th of March. No press, no
cops... Just you, you
Hi,
CERT/CC has helped me disclose two vulnerabilities in NETGEAR's
Pro"safe" Network Management System 300 [1]. Two classical bugs: one
remote code execution via arbitrary file upload and an authenticated
arbitrary file download.
The full advisory can be seen in my repo at [2] and it is also pas
Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability
--
http://www.info-sec.ca/advisories/Dell-SecureWorks.html
Overview
"Access your critical Dell SecureWorks security information on the go."
"With the Dell SecureWorks Mobile App you can:
* Quickly respond to security incident
Vulnerabilities
---
CVSS 10 - INSECURE CREDENTIAL STORAGE (Pass the Hash) CVE-2015-7914
CVSS 10 - INSECURE TRANSMISSION OF CREDENTIALS CVE-2015-7915
CVSS 7.4 - CROSS-SITE SCRIPTING CVE-2015-7916
Other risk exposures
---
Undocumented default accounts
Note that d
DLink DVGN5402SP File Path Traversal, Weak Credentials Management, and
Sensitive Info Leakage Vulnerabilities
*Timelines*
Reported to CERT + Vendor: August 2015
Dlink released beta release: Oct 23, 2015
New fix release: MD5 (GRNV6.1U23J-83-DL-R1B114-SG_Normal.EN.img) =
04fd8b901e9f297a4cdbea803a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
# Exploit Title: ASUS RT-N56U Persistent XSS
# Date: 2/2/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://asus.com/
# Version: 3.0.0.4.374_239
1 Description:
It is possible for an authenticated attacker to bypass input sanitation in
the use
Information
Advisory by Netsparker
Name: XSS Vulnerability in MailPoet Newsletters
Affected Software : MailPoet Newsletters
Affected Versions: v2.6.19 and possibly below
Vendor Homepage : http://www.mailpoet.com/
Vulnerability Type : Cross-site Scripting
Severity : Important
CV
GE Industrial Solutions - UPS SNMP Adapter Command Injection and Clear-text
Storage of Sensitive Information Vulnerabilities
*Timelines:*
Reported to ICS-CERT on: July 06, 2015
Fix & Advisory Released by GE: January 25, 2015
Vulnerability ID: GEIS16-01
*GE Advisory: *
http://apps.geindustrial.com
=
MGC ALERT 2016-001
- Original release date: January 26, 2016
- Last revised: February 02, 2016
- Discovered by: Manuel García Cárdenas
- Severity: 7,1/10 (CVSS Base Score)
=
I. VULNERABILITY
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Opendocman 1.3.4
Fixed in:1.3.5
Fixed Version Link: http://www.opendocman.com/free-download/
Vendor Website: http://www.opendocman.com/
Vulnerability Type: HTML Injection
Remote Exploitable: Yes
Rep
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Opendocman 1.3.4
Fixed in:1.3.5
Fixed Version Link: http://www.opendocman.com/free-download/
Vendor Website: http://www.opendocman.com/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to v
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Atutor 2.2
Fixed in:partly in ATutor 2.2.1-RC1, complete in 2.2.1
Fixed Version Link: http://www.atutor.ca/atutor/download.php
Vendor Website: http://www.atutor.ca/
Vulnerability Type: XSS
Remote Exp
Vulnerability Type:
HTML Injection (Possible XSS)
Title:
Equibase.com HTML Injection
Site Description:
Equibase.com is the official source for horse racing results, mobile
racing data, statistics as well as all other horse racing and
thoroughbred racing information.
Details:
The page http://w
Hi@all,
there is an information disclosure in OpenXchange (prior 7.8).
An authenticated user can enumerate all imap user folders. If you browse
the PoC you get an permission denied error, but the folder’s name is
reflected into the page in json format.
About Open Xchange:
Open-Xchange[2] deve
Hi@all,
VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions
with DKIM implementation are vulnerable to longterm Mail Replay attacks.
If the expiration header is not set, the signature never expires. This
means, that the e-mail, perhaps catched while performing a man in the
Symphony CMS 2.6.3 – Multiple SQL Injection Vulnerabilities
Information
Vulnerability Type : Multiple S
# Exploit Title: ManageEngine Eventlog Analyzer Privilege Escalation
# Exploit Author: @GraphX
# Vendor Homepage:http://www.manageengine.com
# Version: 4.0 - 10
1. Description:
The manageengine eventlog analyzer fails to properly verify user
privileges when making changes via the userManageme
Asterisk Project Security Advisory - AST-2016-003
ProductAsterisk
SummaryRemote crash vulnerability when receiving UDPTL FAX
data.
Asterisk Project Security Advisory - AST-2016-002
ProductAsterisk
SummaryFile descriptor exhaustion in chan_sip
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2016-001
ProductAsterisk
SummaryBEAST vulnerability in HTTP server
Nature of Advisory Unauthorized data disclosure due to
Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet
Multichannel VPN Router 300
CVE: CVE-2014-2045
Vendor: Viprinet
Product: Multichannel VPN Router 300
Affected version: 2013070830/2013080900
Fixed version: 2014013131/2014020702
Reported by: Tim Brown
Details:
Th
Document Title:
===
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1464
ID: #14770
Release Date:
=
2016-02-02
Vulnerability Laboratory ID (VL-ID):
===
Document Title:
===
Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1705
Release Date:
=
2016-02-03
Vulnerability Laboratory ID (VL-ID):
=
Document Title:
===
SimpleView CRM - Client Side Open Redirect Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1668
Release Date:
=
2016-02-02
Vulnerability Laboratory ID (VL-ID):
=
Document Title:
===
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1704
Release Date:
=
2016-02-03
Vulnerability Laboratory ID (VL-ID):
=
Document Title:
===
Soso Transfer v1.1 iOS - Denial of Service Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1703
Release Date:
=
2016-02-02
Vulnerability Laboratory ID (VL-ID):
=
Document Title:
===
Soso Transfer v1.1 iOS - Denial of Service Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1703
Release Date:
=
2016-02-02
Vulnerability Laboratory ID (VL-ID):
=
30 matches
Mail list logo