[FD] Tap 'n' Sniff

2017-01-19 Thread Curesec Research Team (CRT)
Content Table 1. Introduction 2. Failsafe mode 3. Installing Openwrt 4. Configuring Openwrt 5. Testing 1. Introduction The goal of this guide is to provide a reliable and fast way for creating a lan tap for red team assessments of networks. While this was our main target this tap is also quite h

[FD] [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection

2017-01-19 Thread Julien Ahrens
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION === Product:Mattermost Vendor URL: www.mattermost.org Type: Cross-Site Scripting [CWE-79] Date found: 02/12/2016 Date published: 16/01/2017 CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC

[FD] Persistent XSS in Ghost 0.11.3

2017-01-19 Thread Patrick
=[ Tempest Security Intelligence - ADV-9/2017 ] Persistent Cross-Site Scripting (XSS) in Ghost --- Author: - Patrick Costa < patrickrbcosta () gmail.com > Tempest Security Intelligence - Recife, Pernamb

[FD] CALL FOR PAPERS - br3aking c0de

2017-01-19 Thread Estación Informática
{About br3aking c0de} Congress of security alternative and different. Speak freely without censorship. Assistance only for guests or through acceptance of call for paper CFP. {Submit} br3akingc0de[a

[FD] [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE

2017-01-19 Thread ERPScan inc
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.11-7.4 Vendor URL: http://SAP.com Bugs: Information disclosure Sent: 10.03.2016 Reported: 11.03.2016 Vendor response: 11.03.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2331908 Author:

[FD] [ERPSCAN-16-036] SAP ASE ODATA SERVER - DENIAL OF SERVICE

2017-01-19 Thread ERPScan inc
Application: SAP ASE Versions Affected: SAP ASE ODATA Server v16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2330422 Author: Vahagn @vah_13 Vardanyan (E

[FD] APPLE-SA-2017-01-18-2 Logic Pro X 10.3

2017-01-19 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2017-01-18-2 Logic Pro X 10.3 Logic Pro X 10.3 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 and later (64 bit) Impact: Opening a maliciously crafted GarageBand project file may lead to arbitrar

[FD] APPLE-SA-2017-01-18-1 GarageBand 10.1.5

2017-01-19 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2017-01-18-1 GarageBand 10.1.5 GarageBand 10.1.5 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 and later Impact: Opening a maliciously crafted GarageBand project file may lead to arbitrary code