Dear List,
Greetings from vishnu (@dH4wk)
1. Vulnerable Product
- Advanced Encryption Package
- Company http://www.aeppro.com/
2. Vulnerability Information
(A) Buffer OverFlow
Impact: Attacker gains administrative access
Remotely Exploitable: No
Locally Exploitable: Yes
Hello,
Please find a text-only version below sent to security mailing-lists.
The html version on analysing the vulnerabilities in Ganeti is posted here:
https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html
=== text-version of the advisory ===
-BEGIN PGP SIGNED
[Systems Affected]
Product : Confluence
Company : Atlassian
Versions (1) : 5.2 / 5.8.14 / 5.8.15
CVSS Score (1) : 6.1 / Medium (classified by vendor)
Versions (2) : 5.9.1 / 5.8.14 / 5.8.15
CVSS Score (2) : 7.7 / High (classified by vendor)
[Product Description]
Confluence is team collaboration
Dear List,
Greetings from vishnu (@dH4wk)
1. Vulnerable Product
- Advanced Encryption Package
- Company http://www.aeppro.com/
2. Vulnerability Information
(A) Buffer OverFlow
Impact: Attacker gains administrative access
Remotely Exploitable: No
Locally Exploitable: Yes
Initial note: The vendor has graded this issue as a vulnerability graded as
"High" in my email exchange with it, but eventually posted the issue as a "Know
Issue", so some of this issue's characteristic that follows can be treated as
initial ones, as I ask the IS community to look into this
CALL FOR PAPERS - NUIT DU HACK - 02/03 JULY 2016
If you’re reading this, you know what NDH and a CFP stands for, so I
won’t bother you that long.
Conference format: 45min, including 5 to 10min of Q
Submission: submit.hackerzvoice.net
Deadline: April 10th
Announcement: April 25th
Beer, kudos,
Hi @ll,
quite some utilities offered for free by Kaspersky Lab load and execute
rogue/bogus DLLs (UXTheme.dll, HNetCfg.dll, RichEd20.dll, RASAdHlp.dll,
SetupAPI.dll, ClbCatQ.dll, XPSP2Res.dll, CryptNet.dll, OLEAcc.dll etc.)
eventually found in the directory they are started from (the "application
Document Title:
===
Alcatel Lucent Home Device Manager - Management Console Multiple XSS
CVE-Number:
===
CVE-2015-8687
Release Date:
=
03 Jan 2016
Abstract Advisory Information:
=
Ugur Cihan Koc discovered ten Reflected XSS
Hello list!
Happy New Year!
There are multiple vulnerabilities in Office Document Reader for iOS. There
are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities.
Earlier I've informed developer of Office Document Reader about this and
other his software.