[FD] Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation

Hi @ll, the MSDN documents the BRAINDEAD behaviour of the functions CreateProcess() , CreateProcessAsUser() CreateProcessWithLogonW()

[FD] xaviershay-dm-rails v0.10.3.8 mysql credential exposure

Title: xaviershay-dm-rails v0.10.3.8 mysql credential exposure Author: Larry W. Cashdollar, @_larry0 Date: 2015-02-17 Download Site: https://rubygems.org/gems/xaviershay-dm-rails Vendor: Martin Gamsjaeger, Dan Kubb Vendor Notified: 2015-02-17 Vendor Contact: notreal [at] rhnh.net Description: This

[FD] Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone

#Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.1.29 - Release Date: 2015.2.20 > A Type Confusion Vulnerability was discovered in unserialize() with > DateTimeZone object's __wakeup() magic method that c

[FD] Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273]

#Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273] Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.1.29 - Release Date: 2015.2.20 > A use-after-free vulnerability was discovered in unserialize() with > DateTime/DateTimeZone/DateInterval/DatePeriod ob

[FD] Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in phpBugTracker v. 1.6.0

Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Advisory ID: SROEADV-2015-16 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: https://github.com/a-v-k/phpBugTracker Vendor Status: patched CVE-ID: will asked to be assigne

[FD] Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3

Advisory: Stored XSS-Vulnerabilities in MyBB v. 1.8.3 Advisory ID: SROEADV-2015-15 Author: Steffen Rösemann Affected Software: MyBB v. 1.8.3 Vendor URL: http://www.mybb.com Vendor Status: patched CVE-ID: - == Vulnerability Description: == MyBB v. 1.

[FD] iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...

Hi @ll, the just released iTunes 12.1.1 for Windows still comes with outdated and VULNERABLE 3rd party libraries and vulnerable command lines: In AppleMobileDeviceSupport.msi: * libeay32.dll and ssleay32.dll 0.9.8za from 2014-06-05 The current version is 0.9.8ze and has 21 security fixes wh

[FD] Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)

Hi @ll, in order to prevent the start of the defunct USENET news client (alias "Windows Mail") that Microsoft installs with Windows 7 and later versions of Windows as "Microsoft Outlook NewsReader", the installation of all editions of Microsoft Office 2010 which include Microsoft Outlook 2010 as w

[FD] Samsung iPolis XnsSdkDeviceIpInstaller.ocx ActiveX Remote Code Execution Vulnerabilities

CVE-2015-0555 Introduction * There is a Buffer Overflow Vulnerability which leads to Remote Code Execution. Vulnerability is due to input validation to the API ReadConfigValue and WriteConfigValue API's in XnsSdkDeviceIpInstaller.ocx Th

[FD] New version of Hyperion PE runtime encrypter

Hi, We just released version 1.2 of our PE encrypter, hyperion. [ CHANGELOG ] - added support for Windows 8 and 8.1 [ DESCR ] Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".

[FD] Easy Social Icons WordPress plugin v1.2.2 Persistent XSS and CSRF

Product: Easy Social Icons WordPress plugin Vendor: CyberNetikz Tested Version: 1.2.2 Vulnerability Type: XSS [CWE-79] and CSRF [CWE-352] Risk Level: Medium Solution Status: Solved in version 1.2.3 Discovered and Provided: Eric Flokstra - ITsec

[FD] WooCommerce WordPress plugin 2.2.10 Reflected XSS

Product: WooCommerce WordPress plugin Vendor: WooThemes Tested Version: 2.2.10 Vulnerability Type: Cross-Site Scripting [CWE-79] Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solved in version 2.2.11 Dis