[FD] NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability

2014-12-09 Thread VMware Security Response Center
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2014-0013 Synopsis:VMware vCloud Automation Center product updates address a critical remote privilege escalation

[FD] CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2014-12-09 Thread Jing Wang
*CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: WebPress Vendor: goYWP Vulnerable Versions: 13.00.06 Tested Version: 13.00.06 Advisory

[FD] CVE-2014-8489 Ping Identity Corporation PingFederate 6.10.1 SP Endpoints Dest Redirect Privilege Escalation Security Vulnerability

2014-12-09 Thread Jing Wang
*CVE-2014-8489 Ping Identity Corporation PingFederate 6.10.1 SP Endpoints Dest Redirect Privilege Escalation Security Vulnerability* Exploit Title: Ping Identity Corporation PingFederate 6.10.1 SP Endpoints Dest Redirect Privilege Escalation Security Vulnerability Product: PingFederate 6.10.1

[FD] ESPN espn.go.com Login Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities

2014-12-09 Thread Jing Wang
*ESPN espn.go.com http://espn.go.com/ Login Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities* *Domain:* http://espn.go.com/ **As of August 2013, ESPN is available to approximately 97,736,000 pay television households (85.58% of households with at least one

[FD] Keurig 2.0 Genuine K-Cup Spoofing Vulnerability

2014-12-09 Thread Kenneth Buckler
*Overview* Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup. *Impact* CVSS Base Score: 4.9 Impact Subscore: 6.9

[FD] Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities

2014-12-09 Thread Simo Ben youssef
Title: Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Author: Simo Ben youssef Contact: Simo_at_Morxploit_com Discovered: 02 November 2014 Updated: 9 December 2014 Published: 9 December 2014 MorXploit Research http://www.MorXploit.com Vendor: Concrete5 Vendor url: www.concrete5.org

[FD] Call for Presenters - B-Sides Vancouver 2015 - March 16-17, 2015 in Vancouver, Canada

2014-12-09 Thread Colin Keigher
The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th in Vancouver, British Columbia, Canada. We love to see brand new speakers, seasoned speakers, and everyone in between! Topics of interest include (but are in no way limited to)

Re: [FD] Interesting Backdoor

2014-12-09 Thread Brandon Vincent
On Mon, Dec 8, 2014 at 4:52 PM, Alfred Baroti marianalf...@gmail.com wrote: Anyone have any idea with what i am dealing with ? This looks like a Jynx derived rootkit which relies on LD_PRELOAD [1]. [1] http://volatility-labs.blogspot.com/2012/09/movp-24-analyzing-jynx-rootkit-and.html Brandon

Re: [FD] Interesting Backdoor

2014-12-09 Thread Ed Tredgett
Check the following link out it may provide you with a greater insight as is looks like that rootkit from the information you've provided, which I've found floating around recently https://gitorious.org/dongforce/main/source/e08f161206e31cc12f1a874d8add153764564065:__UMBREON__ Ed On 9 Dec

[FD] Releasing PuttyRider - for penetration testers

2014-12-09 Thread Adrian Furtuna
Dear List, I am pleased to announce the release of a new tool that I have recently developed - called PuttyRider. In a few words, PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an

[FD] Multiple vulnerabilities in InfiniteWP Admin Panel

2014-12-09 Thread Walter Hop
Multiple vulnerabilities in InfiniteWP Admin Panel https://lifeforms.nl/20141210/infinitewp-vulnerabilities/ - InfiniteWP (http://www.infinitewp.com/) allows an administrator to manage multiple Wordpress sites from one control panel. According to the InfiniteWP homepage, it is used on over