[FD] CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS)

2014-12-15 Thread Seth Art
--- Vendor: --- Arris Interactive, LLC (http://www.arrisi.com/) ISP: Comcast Xfinity - Affected Products/Versions: - HW: Arris Touchstone TG862G/CT (Xfinity branded) SW: Version 7.6.59S.CT (Tested) ---

[FD] CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF)

2014-12-15 Thread Seth Art
--- Vendor: --- Arris Interactive, LLC (http://www.arrisi.com/) ISP: Comcast Xfinity - Affected Products/Versions: - HW: Arris Touchstone TG862G/CT (Xfinity branded) SW: Version 7.6.59S.CT (Tested) ---

[FD] CA20141215-01: Security Notice for CA LISA Release Automation

2014-12-15 Thread Williams, Ken
-BEGIN PGP SIGNED MESSAGE- CA20141215-01: Security Notice for CA LISA Release Automation Issued: December 15, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities in CA Release Automation (formerly CA LISA Release Automation, change effective 2014-09-19). The

[FD] Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...

2014-12-15 Thread Stefan Kanthak
Hi @ll, some Windows commands/programs fail when (one of) their command line argument(s) is/are enclosed in quotes; for example: %SystemRoot%\System32\FontView.Exe ".TTF" %SystemRoot%\System32\FONTVIEW.Exe /P ".TTF" %SystemRoot%\System32\RunDLL32.Exe %SystemRoot%\System32\SetupAPI.Dll,InstallHin

[FD] Rooted CON 2014 talks (dubbed into english) are now online

2014-12-15 Thread omarbv
Hello, Maybe you are interested in take a look to the talks given in the last RootedCON edition, now are avalaible in Youtube :) https://www.youtube.com/playlist?list=PLUOjNfYgonUvwqY2EOzeJlHgZEsQc_Hvh Br, --- RootedCON - www.rootedcon.es @omarbv

[FD] Docker 1.3.3 - Security Advisory [11 Dec 2014]

2014-12-15 Thread Eric Windisch
Docker 1.3.3 has been released to address several vulnerabilities and is immediately available for all supported platforms: https://docs.docker.com/installation/ This release addresses vulnerabilities which could be exploited by a malicious Dockerfile, im

[FD] Humhub insecure password validation and reset design

2014-12-15 Thread A. W.
[+] Humhub insecure password validation and reset design [+] Discovered by: Jos Wetzels [+] Affects: Humhub <= 0.10.0-rc.1 Humhub [1] versions 0.10.0-rc.1 and prior suffer from several design flaws, which have now been resolved in cooperation with the vendor [2], in the implementation of its passw