1. Advisory Information
Title: AirLive Multiple Products OS Command Injection
Advisory ID: CORE-2015-0012
Advisory URL:
http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection
Date published: 2015-07-06
Date of last update: 2015-07-06
Vendors contacted: AirLive
Relea
this is *not* Google HTTP Live Headers and that was already told
yesterday - "angeboten von https://www.esolutions.se"; != Google as well
as a random Firefox plugin from the addon page is not "Mozilla pluginname"
Am 04.07.2015 um 14:33 schrieb Vulnerability Lab:
Document Title:
===
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt
Vendor:
bitbucket.org/phpliteadmin
Product:
phpLiteAdmin v1.1
Advis
It's public now:
https://code.google.com/p/chromium/issues/detail?id=497588
Interesting Points:
They did reproduce
"I can reproduce this locally"
They say it's DoS
"seems like any renderer denial-of-service"
(The browser does not crash!)
They say it's not security issue
"remove security flags
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3301-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 05, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
## Advisory Information
Title: 127 ipTIME router models vulnerable to an unauthenticated RCE
by sending a crafted DHCP request
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt
Blog URL:
https://pierrekim.github.io/blog/201
Document Title:
===
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1472
Ebay Inc Security ID: EIBBP-31808
Release Date:
=
2015-07-02
Vulnerability Laboratory ID (VL
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
Vendor
--
https://www.snorby.org/
Version
---
2.6.2
Description
---
During my research and testing of ne
SCOPE
Every version of Microsoft Office on every Windows OS includes a
feature called OLE Packager, allowing content to be embedded in
documents. This includes executable content (.exe, .js, .vbe etc) -
there is no restriction of embeddable content. There is no way to
disable or restrict this fu
Document Title:
===
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web
Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1541
Release Date:
=
2015-07-02
Vulnerability Laboratory ID (VL-ID):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3300-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 04, 2015
Document Title:
===
WK UDID v1.0.1 iOS - Command Inject Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1539
Release Date:
=
2015-07-01
Vulnerability Laboratory ID (VL-ID):
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For
Presentations for Ruxcon 2015.
This year the conference will take place over the weekend of the 24th and 25
#
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#
#
# Product: Xpert.Line
# Vendor: Soreco AG [1]
# CVE ID: CVE-2015-3442
# Su
Title: SQL Injection in easy2map wordpress plugin v1.24
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.25
Vendor Contact: https://profiles.wordpress.org/stevenellis/
Advisory:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
## Advisory Information
Title: iptime n104r3 vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt
Blog URL:
https://pierrekim.github.io/blog/2015-07-03-iptime-n104r3-vulnerable-to-CSRF-and-X
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3299-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2015
TOORCON 17 CALL FOR PAPERS
It's that time of year again! ToorCon 17 is coming so get your code
finished and submit a talk this time around. We're letting you decide
if you want to be a part of our 50-minute talks on Saturday, 20-minute
talks on Sunday, and 75-minute talks for our Deep Knowledge Se
18 matches
Mail list logo