-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2017-027
Product: Microsoft Windows Hello Face Authentication
Manufacturer: Microsoft
Affected Version(s): Windows 10 Pro (Version 1709, OS Build 16299.19)
Windows 10 Pro (Version 1703, OS Build 15063.726)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ESA-2017-157: EMC Data Domain DD OS Memory Overflow Vulnerability
EMC Identifier: ESA-2017-157
CVE Identifier: CVE-2017-14385
Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected products:
The following EMC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ESA-2017-161: EMC Isilon OneFS NFS Export Security Setting Fallback
Vulnerability
EMC Identifier: ESA-2017-161
CVE Identifier: CVE-2017-14387
Severity Rating: CVSS v3 Base Score: 4.8 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected products:
Product: Custom Map WordPress Plugin - https://wordpress.org/plugins/custom-map/
Vendor: webdesi9
Tested version: 1.1
CVE ID: CVE-2017-17744
** CVE description **
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1
for WordPress allows remote attackers to inject
Product: WordPress Concours Plugin - https://wordpress.org/plugins/wp-concours/
Vendor: Olyos
Tested version: 1.1
CVE ID: CVE-2017-17719
** CVE description **
A cross-site scripting (XSS) vulnerability in the wp-concours plugin through
1.1 for WordPress allows remote attackers to inject
Some more details:
1) The google article seems to link the problematic kit only in non-english
local (check the french version or spanish one)
2) In order for predicta to work, you should host your javascript on a
specific path: /mrm-ad/commons.js
2017-12-19 15:24 GMT+01:00 Zmx
We've developed a script that verify the first bug of CVE-2017-x to
verify if the device is vulnerable or not. The script creates the fake
custom cookie and then verify it. If the cookie exists the device is
vulnerable.
We've extracted more than 6000 Palo Alto Networks Firewall devices from
DefenseCode ThunderScan SAST Advisory: WordPress Clean Up Optimizer
Plugin Security Vulnerability
Advisory ID: DC-2017-12-004
Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software:
DefenseCode ThunderScan SAST Advisory: WordPress Top-10 Plugin
SQL Injection Security Vulnerability
Advisory ID: DC-2017-12-003
Advisory Title: WordPress Top-10 Plugin SQL Injection Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software:
Introduction
Vulnerabilities were identified in the iStar Ultra & IP-ACM boards offered
by Software House. This system is used to control physical access to
resources based on RFID-based badge readers. Badge readers interface with
the IP-ACM board, which uses TCP/IP to communicate
# #
# CVE-2017-6094 - Genexis GAPS Access Control Vulnerability#
#
-=[ BSidesLjubljana Event info ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-
BSidesLjubljana - https://bsidesljubljana.si
Date: March 10th, 2018
Venue: Poligon creative centre, Ljubljana, Slovenia, Europe
CFP URL: https://bsidesljubljana.si/cfp/
CFP Submit form: https://goo.gl/forms/JO4XCnMPGv6AAD2w2
Email:
12 matches
Mail list logo