[FD] Buffer Overflow at password field in Advanced Encryption Package Software

Dear List, Greetings from vishnu (@dH4wk) 1. Vulnerable Product - Advanced Encryption Package - Company http://www.aeppro.com/ 2. Vulnerability Information (A) Buffer OverFlow Impact: Attacker gains administrative access Remotely Exploitable: No Locally Exploitable: Yes

[FD] CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak)

Hello, Please find a text-only version below sent to security mailing-lists. The html version on analysing the vulnerabilities in Ganeti is posted here: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html === text-version of the advisory === -BEGIN PGP SIGNED

[FD] Confluence Vulnerabilities

[Systems Affected] Product : Confluence Company : Atlassian Versions (1) : 5.2 / 5.8.14 / 5.8.15 CVSS Score (1) : 6.1 / Medium (classified by vendor) Versions (2) : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score (2) : 7.7 / High (classified by vendor) [Product Description] Confluence is team collaboration

[FD] Buffer Overflow in Advanced Encryption Package Software

Dear List, Greetings from vishnu (@dH4wk) 1. Vulnerable Product - Advanced Encryption Package - Company http://www.aeppro.com/ 2. Vulnerability Information (A) Buffer OverFlow Impact: Attacker gains administrative access Remotely Exploitable: No Locally Exploitable: Yes

[FD] Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through

Initial note: The vendor has graded this issue as a vulnerability graded as "High" in my email exchange with it, but eventually posted the issue as a "Know Issue", so some of this issue's characteristic that follows can be treated as initial ones, as I ask the IS community to look into this

[FD] CALL FOR PAPERS - NUIT DU HACK - 02/03 july 2016

CALL FOR PAPERS - NUIT DU HACK - 02/03 JULY 2016 If you’re reading this, you know what NDH and a CFP stands for, so I won’t bother you that long. Conference format: 45min, including 5 to 10min of Q Submission: submit.hackerzvoice.net Deadline: April 10th Announcement: April 25th Beer, kudos,

[FD] Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities

Hi @ll, quite some utilities offered for free by Kaspersky Lab load and execute rogue/bogus DLLs (UXTheme.dll, HNetCfg.dll, RichEd20.dll, RASAdHlp.dll, SetupAPI.dll, ClbCatQ.dll, XPSP2Res.dll, CryptNet.dll, OLEAcc.dll etc.) eventually found in the directory they are started from (the "application

[FD] Alcatel Lucent Home Device Manager - Management Console Multiple XSS

Document Title: === Alcatel Lucent Home Device Manager - Management Console Multiple XSS CVE-Number: === CVE-2015-8687 Release Date: = 03 Jan 2016 Abstract Advisory Information: = Ugur Cihan Koc discovered ten Reflected XSS

[FD] Vulnerabilities in Office Document Reader for iOS

Hello list! Happy New Year! There are multiple vulnerabilities in Office Document Reader for iOS. There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities. Earlier I've informed developer of Office Document Reader about this and other his software.