jetlib.sec

Feeds

167731 items (5160 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db) (710 unread)
• OSVDB Vulnerabilities
• Exploit-DB (373 unread)
• SecurityFocus Vulnerabilities (1656 unread)
• Bugtraq (540 unread)
• Full Disclosure (890 unread)
• XSSed (3 unread)
• Packet Storm Security Headlines (527 unread)
• Packet Storm Security Advisories (323 unread)
• Packet Storm Security Exploits (115 unread)
• Packet Storm Security Recent Files (2 unread)
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing (11 unread)
• SecuriTeam (10 unread)
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Unread items (250)

• December 25, 2013
• 0:00

  Vuln: Symantec Encryption Desktop CVE-2012-4352 Local Buffer Overflow Privilege Escalation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Symantec Encryption Desktop CVE-2012-4352 Local Buffer Overflow Privilege Escalation Vulnerability

  Tags:   

• June 05, 2013
• 0:00

  Vuln: Craiglist Gold 'catid' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Craiglist Gold 'catid' Parameter SQL Injection Vulnerability

  Tags:   

• May 23, 2013
• 0:00

  Vuln: Adobe Acrobat and Reader CVE-2013-2730 Remote Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Adobe Acrobat and Reader CVE-2013-2730 Remote Buffer Overflow Vulnerability

  Tags:   

• 0:00

  Vuln: Oracle Java SE CVE-2013-2383 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2013-2383 Remote Code Execution Vulnerability

  Tags:   

• 0:00

  Vuln: Oracle Java SE CVE-2013-2384 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2013-2384 Remote Code Execution Vulnerability

  Tags:   

• 0:00

  Vuln: Apple QuickTime CVE-2013-1015 Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Apple QuickTime CVE-2013-1015 Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: RETIRED: Apple QuickTime Prior To 7.7.4 Multiple Arbitrary Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Apple QuickTime Prior To 7.7.4 Multiple Arbitrary Code Execution Vulnerabilities

  Tags:   

• May 22, 2013
• 21:25

  Congressional Report: U.S. Companies Should Hack China Back

   » ‎ Packet Storm Security Headlines
  Congressional Report: U.S. Companies Should Hack China Back

  Tags:   

• 21:00

  Bugtraq: VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own)

   » ‎ SecurityFocus Vulnerabilities
  VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own)

  Tags:   

• 20:40

  40 Years Of Ethernet

   » ‎ Packet Storm Security Headlines
  40 Years Of Ethernet

  Tags:   

• 20:00

  Bugtraq: [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin

   » ‎ SecurityFocus Vulnerabilities
  [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin

  Tags:   

• 13:52

  [local exploits] - Ophcrack v3.5.0 - Local Code Execution BOF

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Ophcrack v3.5.0 - Local Code Execution BOF

  Tags:   

• 13:51

  [remote exploits] - MS Internet Explorer & MSN Explorer Arbitrary File Overwrite

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - MS Internet Explorer & MSN Explorer Arbitrary File Overwrite

  Tags:   

• 13:00

  Bugtraq: [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin

   » ‎ SecurityFocus Vulnerabilities
  [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin

  Tags:   

• 12:54

  [SECURITY] [DSA 2672-1] kfreebsd-9 security update

   » ‎ Full Disclosure

  Posted by Florian Weimer on May 22

  -------------------------------------------------------------------------
  Debian Security Advisory DSA-2672-1 security () debian org
  http://www.debian.org/security/ Florian Weimer
  May 22, 2013 http://www.debian.org/security/faq
  -------------------------------------------------------------------------
  
  Package : kfreebsd-9
  Vulnerability : interpretation conflict
  Problem...
  

  Tags:   

• 12:52

  [SECURITY] [DSA 2671-1] request-tracker4 security update

   » ‎ Full Disclosure

  Posted by Salvatore Bonaccorso on May 22

  -------------------------------------------------------------------------
  Debian Security Advisory DSA-2671-1 security () debian org
  http://www.debian.org/security/ Salvatore Bonaccorso
  May 22, 2013 http://www.debian.org/security/faq
  -------------------------------------------------------------------------
  
  Package : request-tracker4
  Vulnerability : several
  Problem type :...
  

  Tags:   

• 12:17

  [SECURITY] [DSA 2670-1] request-tracker3.8 security update

   » ‎ Full Disclosure

  Posted by Salvatore Bonaccorso on May 22

  -------------------------------------------------------------------------
  Debian Security Advisory DSA-2670-1 security () debian org
  http://www.debian.org/security/ Salvatore Bonaccorso
  May 22, 2013 http://www.debian.org/security/faq
  -------------------------------------------------------------------------
  
  Package : request-tracker3.8
  Vulnerability : several
  Problem type...
  

  Tags:   

• 8:04

  [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin

   » ‎ Bugtraq

  Posted by come2waraxe on May 22

  [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin
  ===================================================================================
  
  Author: Janek Vind "waraxe"
  Date: 22. May 2013
  Location: Estonia, Tartu
  Web: http://www.waraxe.us/advisory-105.html
  
  Description of vulnerable software:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  Spider Catalog is the best WordPress...
  

  Tags:   

• 8:00

  Bugtraq: Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities

  Tags:   

• 7:50

  [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin

   » ‎ Bugtraq

  Posted by come2waraxe on May 22

  [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin
  ===================================================================================
  
  Author: Janek Vind "waraxe"
  Date: 22. May 2013
  Location: Estonia, Tartu
  Web: http://www.waraxe.us/advisory-104.html
  
  Description of vulnerable software:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  Spider Event Calendar is a...
  

  Tags:   

• 7:30

  Re: Sony PS3 Firmware v4.31 - Code Execution Vulnerability

   » ‎ Full Disclosure

  Posted by Milan Berger on May 22

  Hi,
  
  didn't test the POC yet, but I guess the fun is here:
  
  Injecting system commands..
  

  Tags:   

• 7:29

  Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities

   » ‎ Bugtraq

  Posted by Vulnerability Lab on May 22

  Title:
  ======
  Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities
  
  Date:
  =====
  2013-05-21
  
  References:
  ===========
  http://www.vulnerability-lab.com/get_content.php?id=894
  
  Article: http://www.vulnerability-lab.com/dev/?p=580
  
  Trend Micro (Reference): http://esupport.trendmicro.com/solution/en-US/1096805.aspx
  Trend Micro Solution ID: 1096805
  
  Video: http://www.vulnerability-lab.com/get_content.php?id=951
  
  VL-ID:
  =====
  894
  
  Common...
  

  Tags:   

• 7:17

  VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own)

   » ‎ Bugtraq

  Posted by VUPEN Security Research on May 22

  VUPEN Security Research - Microsoft Internet Explorer 10-9 Object
  Confusion Sandbox Bypass (MS13-037 / Pwn2Own)
  
  Website : http://www.vupen.com
  
  Twitter : http://twitter.com/vupen
  
  I. BACKGROUND
  ---------------------
  
  "Microsoft Internet Explorer is a web browser developed by Microsoft and
  included as part of the Microsoft Windows line of operating systems with
  more than 60% of the worldwide usage share of web browsers." (Wikipedia)...
  

  Tags:   

• 7:02

  VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own)

   » ‎ Bugtraq

  Posted by VUPEN Security Research on May 22

  VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML
  Remote Integer Overflow (MS13-037 / Pwn2Own)
  
  Website : http://www.vupen.com
  
  Twitter : http://twitter.com/vupen
  
  I. BACKGROUND
  ---------------------
  
  "Microsoft Internet Explorer is a web browser developed by Microsoft and
  included as part of the Microsoft Windows line of operating systems with
  more than 60% of the worldwide usage share of web browsers." (Wikipedia)...
  

  Tags:   

• 7:00

  Bugtraq: CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)

   » ‎ SecurityFocus Vulnerabilities
  CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)

  Tags:   

• 6:47

  [ MDVSA-2013:166 ] krb5

   » ‎ Bugtraq

  Posted by security on May 22

  _______________________________________________________________________
  
  Mandriva Linux Security Advisory MDVSA-2013:166
  http://www.mandriva.com/en/support/security/
  _______________________________________________________________________
  
  Package : krb5
  Date : May 21, 2013
  Affected: Business Server 1.0, Enterprise Server 5.0
  _______________________________________________________________________
  
  Problem...
  

  Tags:   

• 6:00

  Bugtraq: [slackware-security] kernel (SSA:2013-140-01)

   » ‎ SecurityFocus Vulnerabilities
  [slackware-security] kernel (SSA:2013-140-01)

  Tags:   

• 4:54

  Pentesting Distributions or Projects for Raspberry Pi

   » ‎ Full Disclosure

  Posted by Jay Turla on May 22

  Hey there guys,
  
  Do you know other projects, distributions, and installer kits for Raspberry
  PI aside from the distributions and kits mentioned in this article:
  http://resources.infosecinstitute.com/pentesting-distributions-and-installer-kits-for-your-raspberry-pi/
  ?
  
  I am very much interested in trying out new projects :)
  
  Also lately I have been addicted to RetroPie (
  https://github.com/petrockblog/RetroPie-Setup) ahahhaha although it is not...
  

  Tags:   

• 4:52

  Re: Sony PS3 Firmware v4.31 - Code Execution Vulnerability

   » ‎ Full Disclosure

  Posted by Julius Kivimäki on May 22

  So, wanna tell me what exactly is critical about you being able to inject
  marquee tags into your savefile names?
  
  2013/5/21 Vulnerability Lab <research () vulnerability-lab com>
  

  Tags:   

• 4:50

  Re: exploitation ideas under memory pressure

   » ‎ Full Disclosure

  Posted by You Got Pwned on May 22

  Hey Tavis,
  
  very interesting work! You're right: the list ist getting worse every year.
  So keep going!!!
  
  2013/5/20 Tavis Ormandy <taviso () cmpxchg8b com>
  

  Tags:   

• 4:49

  Re: exploitation ideas under memory pressure

   » ‎ Full Disclosure

  Posted by Brian Blankenship on May 22

  In the good spirit of full disclosure, we would appreciate some exploit code.
  

  Tags:   

• 4:00

  Bugtraq: Sony PS3 Firmware v4.31 - Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Sony PS3 Firmware v4.31 - Code Execution Vulnerability

  Tags:   

• 0:00

  Vuln: Xen AMD IOMMU CVE-2013-0153 Local Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Xen AMD IOMMU CVE-2013-0153 Local Denial of Service Vulnerability

  Tags:   

• 0:00

  Vuln: Debian openssh-server Forced Command Handling Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Debian openssh-server Forced Command Handling Information Disclosure Vulnerability

  Tags:   

• 0:00

  Vuln: Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability

  Tags:   

• 0:00

  Vuln: Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability

  Tags:   

• 0:00

  Vuln: Moodle CVE-2013-1833 HTML Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Moodle CVE-2013-1833 HTML Injection Vulnerability

  Tags:   

• 0:00

  Vuln: RETIRED: Google Chrome Prior to 27.0.1453.93 Multiple Security Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Google Chrome Prior to 27.0.1453.93 Multiple Security Vulnerabilities

  Tags:   

• 0:00

  Vuln: Microsoft Internet Explorer CVE-2013-2551 Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer CVE-2013-2551 Use-After-Free Remote Code Execution Vulnerability

  Tags:   

• 0:00

  Vuln: RETIRED: Acme thttpd HTTP Server Directory Traversal Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Acme thttpd HTTP Server Directory Traversal Vulnerability

  Tags:   

• 0:00

  Vuln: RETIRED: IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: IBM HTTP Server Multiple Modules Cross Site Scripting Vulnerabilities

  Tags:   

• 0:00

  Vuln: RETIRED: QEMU Guest Agent CVE-2013-2007 Insecure File Permissions Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: QEMU Guest Agent CVE-2013-2007 Insecure File Permissions Vulnerability

  Tags:   

• 0:00

  Vuln: WordPress Spider Video Player Plugin 'theme' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Spider Video Player Plugin 'theme' Parameter SQL Injection Vulnerability

  Tags:   

• 0:00

  Vuln: FreeBSD NFS Server CVE-2013-3266 Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  FreeBSD NFS Server CVE-2013-3266 Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: RadioCMS 'playlist_id' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  RadioCMS 'playlist_id' Parameter SQL Injection Vulnerability

  Tags:   

• 0:00

  Vuln: WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection Vulnerability

  Tags:   

• May 21, 2013
• 12:06

  [dos / poc] - win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase

  Tags:   

• 12:05

  [local exploits] - Ophcrack 3.5.0 - Local Code Execution BOF

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Ophcrack 3.5.0 - Local Code Execution BOF

  Tags:   

• 12:03

  [remote exploits] - Linksys WRT160nv2 apply.cgi Remote Command Injection

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - Linksys WRT160nv2 apply.cgi Remote Command Injection

  Tags:   

• 9:40

  [ MDVSA-2013:166 ] krb5

   » ‎ Full Disclosure

  Posted by security on May 21

  _______________________________________________________________________
  
  Mandriva Linux Security Advisory MDVSA-2013:166
  http://www.mandriva.com/en/support/security/
  _______________________________________________________________________
  
  Package : krb5
  Date : May 21, 2013
  Affected: Business Server 1.0, Enterprise Server 5.0
  _______________________________________________________________________
  
  Problem...
  

  Tags:   

• 9:05

  [slackware-security] kernel (SSA:2013-140-01)

   » ‎ Bugtraq

  Posted by Slackware Security Team on May 21

  [slackware-security] kernel (SSA:2013-140-01)
  
  New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix
  a security issue.
  
  Here are the details from the Slackware 14.0 ChangeLog:
  +--------------------------+
  patches/packages/linux-3.2.45/*: Upgraded.
  Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local
  users to gain a root shell. Be sure to upgrade your initrd and reinstall
  LILO after upgrading...
  

  Tags:   

• 8:52

  Sony PS3 Firmware v4.31 - Code Execution Vulnerability

   » ‎ Bugtraq

  Posted by Vulnerability Lab on May 21

  Title:
  ======
  Sony PS3 Firmware v4.31 - Code Execution Vulnerability
  
  Date:
  =====
  2013-05-12
  
  References:
  ===========
  http://www.vulnerability-lab.com/get_content.php?id=767
  
  VL-ID:
  =====
  767
  
  Common Vulnerability Scoring System:
  ====================================
  6.5
  
  Introduction:
  =============
  The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
  PlayStation 2 as part of the...
  

  Tags:   

• 8:37

  CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)

   » ‎ Bugtraq

  Posted by chudakovma on May 21

  CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk,
  Personal Firewall)
  
  CVE reference:
  CVE-2013-3496
  
  Credit:
  Maksim Chudakov (@MChudakov)
  Andrey Kurtasanov(andreykurtasanov () gmail com)
  
  Severity:
  Medium
  
  Local\Remote:
  Local
  
  Vulnerability Class:
  Privilege Escalation
  
  Vendor URL:
  http://www.infotecs.biz/
  
  Affected OS:
  Windows
  
  Vulnerable systems:
  ViPNet Client 3.2.10 (15632) and...
  

  Tags:   

• 8:19

  Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt)

   » ‎ Bugtraq

  Posted by Fernando Gont on May 21

  Folks,
  
  We have published a revision of our IETF I-D "A method for Generating
  Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
  Autoconfiguration (SLAAC)".
  
  This revision is available at:
  <http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.
  
  This proposal is key for the mitigation of address-scanning attacks,
  while at the same time preventing host-tracking.
  
  Stay tuned for more IPv6 security news...
  

  Tags:   

• 8:07

  Defense in depth -- the Microsoft way

   » ‎ Bugtraq

  Posted by Stefan Kanthak on May 21

  Hi @ll,
  
  the "Microsoft Installer" creates for applications installed via an
  .MSI the following uninstall information in the Windows registry
  (see <http://msdn.microsoft.com/library/aa372105.aspx>):
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
  "UninstallString"="MsiExec.Exe /X{<GUID>}"
  "ModifyPath"="MsiExec.Exe /I{<GUID>}"
  
  Note the unqualified path...
  

  Tags:   

• 7:25

  Static analysis tool exposition (SATE) V Call for participation

   » ‎ Bugtraq

  Posted by aure on May 21

  NIST is preparing the fifth Static Analysis Tool Exposition (SATE V). Briefly, participating tool makers run their
  static analyzer on a set of programs. Researchers led by NIST analyze the tool reports and present the results and
  experiences at a workshop. A detailed plan is available at:
  
  http://samate.nist.gov/SATE.html
  
  We plan to provide test cases by June 3rd. Tool makers will have until August 1st (if at all possible; September 1st at...
  

  Tags:   

• 5:11

  Re: exploitation ideas under memory pressure

   » ‎ Full Disclosure

  Posted by sd on May 21

  Interesting idea to create a thread and patch the list. Upon reading your first post, I immediately thought this wasn't
  going to be exploitable, you've proven me wrong. Any chance for a copy of the exploit code? I might port it to
  Metasploit.
  
  sd
  

  Tags:   

• 4:18

  CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)

   » ‎ Full Disclosure

  Posted by Максим Чудаков on May 21

  CVE-2013-3496. Local privilege escalation vulnerability in Infotecs
  products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)
  
  CVE reference:
  CVE-2013-3496
  
  Credit:
  Maksim Chudakov (@MChudakov)
  Andrey Kurtasanov(andreykurtasanov () gmail com)
  
  Severity:
  Medium
  
  Local\Remote:
  Local
  
  Vulnerability Class:
  Privilege Escalation
  
  Vendor URL:
  http://www.infotecs.biz/
  
  Affected OS:
  Windows
  
  Vulnerable systems:
  ViPNet Client 3.2.10 (15632) and...
  

  Tags:   

• 0:00

  Vuln: RETIRED: Moodle Multiple Remote Security Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Moodle Multiple Remote Security Vulnerabilities

  Tags:   

• May 20, 2013
• 17:00

  [dos] - win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase

   » ‎ Exploit-DB
  win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase

  Tags:   

• 17:00

  [papers] - GAME ENGINES: A 0-DAY’S TALE

   » ‎ Exploit-DB
  GAME ENGINES: A 0-DAY’S TALE

  Tags:   

• 17:00

  [remote] - D-Link DIR615h OS Command Injection

   » ‎ Exploit-DB
  D-Link DIR615h OS Command Injection

  Tags:   

• 17:00

  [remote] - Linksys WRT160nv2 apply.cgi Remote Command Injection

   » ‎ Exploit-DB
  Linksys WRT160nv2 apply.cgi Remote Command Injection

  Tags:   

• 17:00

  [local] - Ophcrack 3.5.0 - Local Code Execution BOF

   » ‎ Exploit-DB
  Ophcrack 3.5.0 - Local Code Execution BOF

  Tags:   

• 17:00

  [webapps] - Kimai 0.9.2.1306-3 - SQL Injection Vulnerability

   » ‎ Exploit-DB
  Kimai 0.9.2.1306-3 - SQL Injection Vulnerability

  Tags:   

• 16:38

  Sony PS3 Firmware v4.31 - Code Execution Vulnerability

   » ‎ Full Disclosure

  Posted by Vulnerability Lab on May 20

  Title:
  ======
  Sony PS3 Firmware v4.31 - Code Execution Vulnerability
  
  Date:
  =====
  2013-05-12
  
  References:
  ===========
  http://www.vulnerability-lab.com/get_content.php?id=767
  
  VL-ID:
  =====
  767
  
  Common Vulnerability Scoring System:
  ====================================
  6.5
  
  Introduction:
  =============
  The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
  PlayStation 2 as part of the...
  

  Tags:   

• 16:35

  Trend Micro DirectPass 1.5.0.1060 (Cloud) Software - Multiple Software Vulnerabilities

   » ‎ Full Disclosure

  Posted by Vulnerability Lab on May 20

  Title:
  ======
  Trend Micro DirectPass 1.5.0.1060 (Cloud) Software - Multiple Software Vulnerabilities
  
  Date:
  =====
  2013-05-21
  
  References:
  ===========
  http://www.vulnerability-lab.com/get_content.php?id=894
  
  Article: http://www.vulnerability-lab.com/dev/?p=580
  
  Trend Micro (Reference): http://esupport.trendmicro.com/solution/en-US/1096805.aspx
  Trend Micro Solution ID: 1096805
  
  Video: http://www.vulnerability-lab.com/get_content.php?id=951
  
  VL-ID:...
  

  Tags:   

• 14:41

  Re: exploitation ideas under memory pressure

   » ‎ Full Disclosure

  Posted by Tavis Ormandy on May 20

  I guess I'm talking to myself, maybe this list is all about XSS now ;)
  
  I'm quite proud of this list cycle trick, here's how to turn it into an
  arbitrary write.
  
  First, we create a watchdog thread that will patch the list atomically
  when we're ready. This is needed because we can't exploit the bug while
  HeavyAllocPool is failing, because of the early exit in pprFlattenRec:
  
  .text:BFA122B8 call newpathrec...
  

  Tags:   

• 9:25

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Patrick Webster on May 20

  Maybe when we cut over to IPv6 the ISPs will revert to the golden age of
  putting all their gear on publicly addressable space :)
  
  Conversely, an enjoyable network design is where you route public IPs from
  a private network to a private network, and the public IP has different
  services on the internet to the internally routed version, but clients need
  access to both.
  
  NATing heaven.
  

  Tags:   

• 7:52

  [remote exploits] - D-Link DIR615h OS Command Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - D-Link DIR615h OS Command Injection Vulnerability

  Tags:   

• May 19, 2013
• 1:07

  [web applications] - iOS < 5.0 Free Apps/Music Bug

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - iOS < 5.0 Free Apps/Music Bug

  Tags:   

• 1:05

  [web applications] - Haraj Script Stored XSS and File Upload Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Haraj Script Stored XSS and File Upload Vulnerability

  Tags:   

• 1:05

  [web applications] - Dsl Router D-link BZ_1.06 Multiple Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Dsl Router D-link BZ_1.06 Multiple Vulnerabilities

  Tags:   

• 1:03

  [local exploits] - Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root Exploit

  Tags:   

• May 18, 2013
• 23:21

  Large Attacks Hide More Subtle Threats In DDoS Data

   » ‎ Packet Storm Security Headlines
  Large Attacks Hide More Subtle Threats In DDoS Data

  Tags:   

• 13:52

  AFU vulnerabilities in MCFileManager for TinyMCE

   » ‎ Full Disclosure

  Posted by MustLive on May 18

  Hello list!
  
  I want to warn you about vulnerabilities in Moxiecode File Manager
  (MCFileManager). This is commercial plugin for TinyMCE. It concerns as
  MCFileManager, as all web applications which have MCFileManager in their
  bundle.
  
  These are Arbitrary File Uploading vulnerabilities, which lead to Code
  Execution on IIS and Apache web servers.
  
  -------------------------
  Affected products:
  -------------------------
  
  Vulnerable are Moxiecode...
  

  Tags:   

• 6:01

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Justin Elze on May 18

  The idea behind private IP space is it doesn't leave the ISPs AS via BGP to
  the rest of the internet.
  

  Tags:   

• 5:45

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Dan Dart on May 18

  Virgin at least use the 172.16.x.x internally to their infrastructure
  - and they suggest you use 192.168.x.x for your personal use.
  Traceroutes to any "external" address outside of their network go
  through a 172.16.x.x
  

  Tags:   

• 4:46

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Kirils Solovjovs on May 18

  It should. Private address ranges are not marked "magic cows" inside a
  classical router's firmware.
  
  Still the problem OP is experiencing is strange, since if there is a
  local subnet, it should have a priority local route. Why isn't it there?
  
  Btw, I'd be cautious to state that ISP filter incoming packets with
  dst=private. The limitation here would be that private ranges will
  usually be router upstream, so you...
  

  Tags:   

• 0:40

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Alexander Georgiev on May 18

  It is sad, that many people don't understand network basics. BTW, your
  internet router should not forward rfc1918 addresses to the outside,
  shouldn't he?
  
  Am 18. Mai 2013 04:09:48 schrieb Gary Baribault <gary () baribault net>:
  

  Tags:   

• 0:11

  Skype Backdoor Confirmed

   » ‎ Packet Storm Security Headlines
  Skype Backdoor Confirmed

  Tags:   

• May 17, 2013
• 20:13

  [web applications] - Moa Gallery 1.2.6 Multiple Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Moa Gallery 1.2.6 Multiple Vulnerabilities

  Tags:   

• 19:15

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Gary Baribault on May 18

  There is no reason for that, you can use the same address inside as
  outside so long as you don't try and reach a 10.0.0.0/8 in their
  network, and that should never happen. I have seen some networks where
  the inside address range is 192.168.0.0/16 or /8 and the outside is as
  well, so long as your trying to reach public ranges beyond the next
  outside network it works just fine.
  
  Gary Baribault
  Courriel: gary () baribault net
  GPG Key:...
  

  Tags:   

• 19:13

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Gary Baribault on May 18

  If they use the 10.0.0.0/8 there's no harm, if they use a DOD range or
  another 'public' routable range, there is definitely a risk.
  
  Gary B
  
  Gary Baribault
  Courriel: gary () baribault net
  GPG Key: 0x685430d1
  Fingerprint: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1
  

  Tags:   

• 17:50

  Re: exploitation ideas under memory pressure

   » ‎ Full Disclosure

  Posted by Tavis Ormandy on May 18

  Ahh, I just realised a really cute trick, we can make PATHREC->next
  point to the same userspace PATHREC, and EPATHOBJ::bFlatten will spin
  forever traversing an infinite linked list.
  
  i.e.
  
  PathRecord->next = PathRecord;
  
  While it's spinning, another thread can clean up the pool, then patch
  the listnode (because it's in userspace), to break into pprFlattenRec!
  Turning this into a clean write-what-where should be trivial.
  
  Anyone...
  

  Tags:   

• 17:17

  [web applications] - ZPanel Crafted Template Remote Command Execution Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - ZPanel Crafted Template Remote Command Execution Vulnerability

  Tags:   

• 17:17

  [dos / poc] - nginx 1.3.9-1.4.0 DoS PoC

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - nginx 1.3.9-1.4.0 DoS PoC

  Tags:   

• 17:17

  [web applications] - CKEditor < 4.1 Drupal 6.x & 7.x - Persistent XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - CKEditor < 4.1 Drupal 6.x & 7.x - Persistent XSS Vulnerability

  Tags:   

• 16:50

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Carl \"Thomas\" Guething on May 17

  AT&T won't let you use 10.0.0.0/8 inside your home network on their devices
  for the same reason. You will get an error if you try to configure their
  device with it.
  

  Tags:   

• 16:49

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Julius Kivimäki on May 17

  Many ISPs do this, usually they hijack DoD ranges. It shouldn't cause any
  issues.
  
  2013/5/17 kyle kemmerer <krkemmerer () gmail com>
  

  Tags:   

• 16:47

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by mezgani ali on May 17

  There are many ISP that route IP traffic through networks with private
  addresses, my ISP to do the same thing and has 10.0.0.0 class A addresses
  routable.
  May be it is a miss of IP addresses or may be a NAT that was published due
  to some network need.
  
  regards,
  

  Tags:   

• 14:32

  exploitation ideas under memory pressure

   » ‎ Full Disclosure

  Posted by Tavis Ormandy on May 17

  List, there's a pretty obvious bug in win32k!EPATHOBJ::pprFlattenRec where the
  PATHREC object returned by win32k!EPATHOBJ::newpathrec doesn't initialise the
  next list pointer. The bug is really nice, but exploitation when
  allocations start failing is tricky.
  
  As vuln-dev is dead, I thought I'd post here, I don't have much free
  time to work on silly Microsoft code, so I'm looking for ideas on how to
  fix the final obstacle...
  

  Tags:   

• 14:00

  Bugtraq: APPLE-SA-2013-05-16-1 iTunes 11.0.3

   » ‎ SecurityFocus Vulnerabilities
  APPLE-SA-2013-05-16-1 iTunes 11.0.3

  Tags:   

• 13:56

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Gary Baribault on May 17

  public or private IPs the problem is the same, but this was a routing
  question .. and I see no problem with their using 'private' IPs on their
  'inside' routing gear so long as they give me a routable public IP on my
  gateway device.
  
  Gary Baribault
  Courriel: gary () baribault net
  GPG Key: 0x685430d1
  Fingerprint: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1
  

  Tags:   

• 13:43

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by sec on May 17

  The only problem is that anyone on a cable modem could access their
  10.x.x.x/8 address space and frankly who cares.
  
  Me, if they're still not signing (much less encrypting) packets on the
  local loop, and continuing to wish real hard that no one builds serial
  or other debug ports—or board headers for same—into "certified" cable
  modems.
  
  I have a Verizon Wireless femtocell with what looks like an HDMI port
  on the bottom, but...
  

  Tags:   

• 13:23

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Gary Baribault on May 17

  I'm having a little trouble understanding the problem here .. my ISP
  uses public addresses for our cable modems. I host an SSH server at
  home, and given my nightly logs, I can guarantee that it's accessible
  from the wide wed ;-), if the intermediate routers in the ISP's network
  use 10.x.x.x/8 space, who cares? No one but their techs need to access
  them, I assume they filter 'private' addresses at their edge so that...
  

  Tags:   

• 13:22

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Justin Elze on May 17

  This is pretty common practice for ISPs to use private RFC IP space and
  route it via iBGP/OSPF/ISIS on their network.
  
  However they don't export this space to the rest of the internet
  

  Tags:   

• 13:10

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by sec on May 17

  [At least] TWC has a vast mishmash of vendors and models and device
  types, depending on what they were bidding for and when, and how much
  outdated CPE they've been able to or even attempted to reclaim /
  replace. I would hesitate to endorse a blanket statement that they
  don't do this any more.
  
  This is extremely common practice (malpractice?): add Cox to the list
  of current RFC1918 leakers.
  
  Time Warner Cable (roadrunner) used to have...
  

  Tags:   

• 13:00

  Bugtraq: [slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)

   » ‎ SecurityFocus Vulnerabilities
  [slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)

  Tags:   

• 12:26

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Joshua Zukerman on May 17

  Time Warner Cable (roadrunner) used to have this problem. They used the
  10.x.x.x in various subnet masks for backend management IP addresses on all
  of their customer cable modems, plus whatever other network equipment they
  had. 2600 mag had an article a few years ago discussing this very issue. I
  assume RCN is also a cable internet provider, so my guess is your issue is
  one in the same. I can safely report that TWC is now filtering out those
  from...
  

  Tags:   

• 12:25

  Re: My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by Gary Baribault on May 17

  I'm with a largish cable provider in Quebec, and they use the 10.x.x.x
  network throughout theirs, but if you're trying to access a 172.30
  device inside your private home or work network why is that traffic
  escaping to your ISP? If you're trying to access 172.30.x.x devices over
  the Internet, it's not supposed to work.
  
  $ traceroute -n www.videotron.com
  traceroute to www.videotron.com (24.201.243.21), 30 hops max, 60 byte...
  

  Tags:   

• 12:14

  My ISP is routing traffic to private addresses...

   » ‎ Full Disclosure

  Posted by kyle kemmerer on May 17

  So today when trying to access a device on my network (172.30.x.x range) I
  was taken to the web interface of a completely different device. This
  baffled me at first, but after a bit of poking around, I determined that my
  ISP was actually routing traffic to these addresses. See the trace below
  
  Tracing route to 172.30.4.18 over a maximum of 30 hops
  
  1 11 ms 18 ms 19 ms XXXXXXXXX
  2 30 ms 178 ms 212 ms...
  

  Tags:   

• 12:00

  Bugtraq: [slackware-security] ruby (SSA:2013-136-02)

   » ‎ SecurityFocus Vulnerabilities
  [slackware-security] ruby (SSA:2013-136-02)

  Tags:   

• 10:00

  Bugtraq: CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!

   » ‎ SecurityFocus Vulnerabilities
  CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!

  Tags:   

• 8:44

  CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!

   » ‎ Bugtraq

  Posted by Sławomir Jabs on May 17

  Everything has a story, everything evolves, adapts to changing circumstances
  but does your IT Sec strategy evolve with the development of the digital
  world?
  
  Are you wiling to gamble on the security of you systems?
  
  Join the upcoming CONFidence conference and meet both renown speakers and
  specialists who deal with the IT security on a daily basis. People like,
  you, who never stop asking questions and play with risks all the time...
  
  We will...
  

  Tags:   

• 8:30

  [slackware-security] ruby (SSA:2013-136-02)

   » ‎ Bugtraq

  Posted by Slackware Security Team on May 17

  [slackware-security] ruby (SSA:2013-136-02)
  
  New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
  to fix a security issue.
  
  Here are the details from the Slackware 14.0 ChangeLog:
  +--------------------------+
  patches/packages/ruby-1.9.3_p429-i486-1_slack14.0.txz: Upgraded.
  This update fixes a security issue in DL and Fiddle included in Ruby where
  tainted strings can be used by system calls regardless of the $SAFE...
  

  Tags:   

• 8:14

  [slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)

   » ‎ Bugtraq

  Posted by Slackware Security Team on May 17

  [slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)
  
  New mozilla-thunderbird packages are available for Slackware64 13.37 and
  14.0. These were accidentally omitted from the last upload.
  
  Here are the details from the Slackware64 14.0 ChangeLog:
  +--------------------------+
  patches/packages/mozilla-thunderbird-17.0.6-x86_64-1_slack14.0.txz: Upgraded.
  Here's the package that was missing from the last batch. The...
  

  Tags:   

• 8:05

  Four Men Arrested In Italy For Anonymous Attacks On The Vatican

   » ‎ Packet Storm Security Headlines
  Four Men Arrested In Italy For Anonymous Attacks On The Vatican

  Tags:   

• 8:05

  Who Is The Mystery Sixth Member Of LulzSec?

   » ‎ Packet Storm Security Headlines
  Who Is The Mystery Sixth Member Of LulzSec?

  Tags:   

• 8:05

  Syrian Electronic Army Goes After The Financial Times

   » ‎ Packet Storm Security Headlines
  Syrian Electronic Army Goes After The Financial Times

  Tags:   

• 7:58

  APPLE-SA-2013-05-16-1 iTunes 11.0.3

   » ‎ Bugtraq

  Posted by Apple Product Security on May 17

  APPLE-SA-2013-05-16-1 iTunes 11.0.3
  
  iTunes 11.0.3 is now available and addresses the following:
  
  iTunes
  Available for: Mac OS X v10.6.8 or later, Windows 7, Vista,
  XP SP2 or later
  Impact: An attacker in a privileged network position may manipulate
  HTTPS server certificates, leading to the disclosure of sensitive
  information
  Description: A certificate validation issue existed in iTunes. In
  certain contexts, an active network attacker could...
  

  Tags:   

• 7:01

  CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!

   » ‎ Full Disclosure

  Posted by Sławomir Jabs on May 17

  Everything has a story, everything evolves, adapts to changing circumstances
  but does your IT Sec strategy evolve with the development of the digital
  world?
  
  Are you wiling to gamble on the security of you systems?
  
  Join the upcoming CONFidence conference and meet both renown speakers and
  specialists who deal with the IT security on a daily basis. People like,
  you, who never stop asking questions and play with risks all the time...
  
  We will...
  

  Tags:   

• 5:12

  Red Hat Security Advisory 2013-0832-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2013-0832-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

  Tags:   

• 2:59

  Re: On Skype URL eavesdropping

   » ‎ Full Disclosure

  Posted by Alex on May 17

  Its funny to see Microsoft using SSH ;)
  
  22/tcp open ssh VanDyke VShell sshd 3.8.6.476 (protocol 2.0)
  
  Btw, nmap thinks it is Vista
  
  Device type: general purpose
  Running: Microsoft Windows Vista
  OS details: Microsoft Windows Vista
  
  Have 2 log entries:
  [29/Apr/2013:15:09:36 +0200]
  [18/Apr/2013:14:46:29 +0200]
  
  HEAD, no user agent and so on. Don't use Skype.
  
  Am 2013-05-17 03:53, schrieb Bruce Ediger:
  
  Links:
  ------
  [1]...
  

  Tags:   

• 0:00

  Vuln: RETIRED: Adobe Reader and Acrobat APSB13-15 Prenotification Multiple Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Adobe Reader and Acrobat APSB13-15 Prenotification Multiple Vulnerabilities

  Tags:   

• 0:00

  Vuln: Mozilla Firefox and Thunderbird CVE-2013-1678 Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox and Thunderbird CVE-2013-1678 Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox and Thunderbird CVE-2013-1681 Use After Free Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox and Thunderbird CVE-2013-1681 Use After Free Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: Adobe Flash Player and AIR CVE-2013-3331 Remote Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Adobe Flash Player and AIR CVE-2013-3331 Remote Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: Adobe Flash Player and AIR CVE-2013-3328 Remote Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Adobe Flash Player and AIR CVE-2013-3328 Remote Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: Adobe Flash Player and AIR CVE-2013-3334 Remote Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Adobe Flash Player and AIR CVE-2013-3334 Remote Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: Adobe Flash Player and AIR CVE-2013-3335 Remote Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Adobe Flash Player and AIR CVE-2013-3335 Remote Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: RETIRED: WebKit Multiple Unspecified Memory Corruption Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: WebKit Multiple Unspecified Memory Corruption Vulnerabilities

  Tags:   

• 0:00

  Vuln: OpenStack Keystone Tokens Validation Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenStack Keystone Tokens Validation Security Bypass Vulnerability

  Tags:   

• 0:00

  Vuln: RETIRED: ownCloud Multiple Security Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: ownCloud Multiple Security Vulnerabilities

  Tags:   

• 0:00

  Vuln: OpenStack Compute (Nova) CVE-2013-2096 Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenStack Compute (Nova) CVE-2013-2096 Denial of Service Vulnerability

  Tags:   

• 0:00

  Vuln: Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability

  Tags:   

• May 16, 2013
• 19:44

  Terrorist Entered Witness Protection, Then Fled The United States

   » ‎ Packet Storm Security Headlines
  Terrorist Entered Witness Protection, Then Fled The United States

  Tags:   

• 19:44

  Mac Malware Found With Valid Developer ID At Freedom Conference

   » ‎ Packet Storm Security Headlines
  Mac Malware Found With Valid Developer ID At Freedom Conference

  Tags:   

• 19:44

  US Congress Writes To Google Over Glass Privacy Concerns

   » ‎ Packet Storm Security Headlines
  US Congress Writes To Google Over Glass Privacy Concerns

  Tags:   

• 19:02

  Re: On Skype URL eavesdropping

   » ‎ Full Disclosure

  Posted by Bruce Ediger on May 17

  Oddly, I have an HTTP request from 65.52.100.214 in my apache log files.
  It asked for http://stratigery.com/scripting.ftp.html by far the most
  popular page on my web site. It used a HEAD. Referer and user agent
  both '-'
  
  That much is the same as everyone else. I have a little more to add.
  I have p0f version 2 running at the same time. I can match up the
  65.52.100.214 with this from p0f:
  
  UNKNOWN [8192:56:1:48:M1460,N,N,S:.:?:?]
  
  p0f...
  

  Tags:   

• 19:00

  Bugtraq: [slackware-security] mozilla-firefox (SSA:2013-135-01)

   » ‎ SecurityFocus Vulnerabilities
  [slackware-security] mozilla-firefox (SSA:2013-135-01)

  Tags:   

• 17:00

  [webapps] - CKEditor < 4.1 Drupal 6.x & 7.x - Persistent XSS Vulnerability

   » ‎ Exploit-DB
  CKEditor

  Tags:   

• 17:00

  [dos] - nginx 1.3.9-1.4.0 DoS PoC

   » ‎ Exploit-DB
  nginx 1.3.9-1.4.0 DoS PoC

  Tags:   

• 17:00

  [webapps] - Exponent CMS 2.2.0 beta 3 - Multiple Vulnerabilities

   » ‎ Exploit-DB
  Exponent CMS 2.2.0 beta 3 - Multiple Vulnerabilities

  Tags:   

• 17:00

  [remote] - Mutiny 5 Arbitrary File Upload

   » ‎ Exploit-DB
  Mutiny 5 Arbitrary File Upload

  Tags:   

• 17:00

  [webapps] - ZPanel templateparser.class.php Crafted Template Remote Command Execution

   » ‎ Exploit-DB
  ZPanel templateparser.class.php Crafted Template Remote Command Execution

  Tags:   

• 16:58

  RSA SecurID Sensitive Information Disclosure

   » ‎ Packet Storm Security Advisories
  The node secret in various RSA products was stored using an encryption key and encryption algorithm that is no longer considered effective by RSA standards. An attacker could potentially exploit this to eavesdrop on or modify network communications.

  Tags:   

• 16:55

  EMC VNX / Celerra Control Station Privilege Escalation

   » ‎ Packet Storm Security Advisories
  A vulnerability exists in EMC VNX and EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system.

  Tags:   

• 16:44

  Ubuntu Security Notice USN-1831-1

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 1831-1 - Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk.

  Tags:   

• 16:33

  Red Hat Security Advisory 2013-0831-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2013-0831-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services until libvirtd is restarted.

  Tags:   

• 16:23

  Re: On Skype URL eavesdropping

   » ‎ Full Disclosure

  Posted by Jeffrey Walton on May 16

  ...
  
  There could be legal concerns here too (if a prosecutor takes interest
  if folks besides the Swartz's of the world).
  
  I can't wait to see the first CFAA violation brought against
  interception services like these. Consider: the owner of the remote
  server surely did not authorize the interception service to access the
  site with a user's username and password. That's a clear violation of
  exceeding one's authority under...
  

  Tags:   

• 16:00

  Ubuntu Security Notice USN-1830-1

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 1830-1 - Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired.

  Tags:   

• 15:28

  Red Hat Security Advisory 2013-0830-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2013-0830-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

  Tags:   

• 14:46

  On Skype URL eavesdropping

   » ‎ Full Disclosure

  Posted by Kirils Solovjovs on May 16

  You may have read about this in another list.
  http://lists.randombit.net/pipermail/cryptography/2013-May/004224.html
  http://financialcryptography.com/mt/archives/001430.html
  
  I'd like to give out some observations and point out some not so obvious
  risks (as if Microsoft Skypying™ on your conversations is not enough).
  
  Requests always come from the same IP 65.52.100.214.
  They have referrer and user agent set to a dash "-".
  They...
  

  Tags:   

• 13:56

  [web applications] - Wordpress hd-player 0day Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Wordpress hd-player 0day Exploit

  Tags:   

• 13:56

  [web applications] - Exponent CMS 2.2.0 Beta 3 LFI / SQL Injection Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Exponent CMS 2.2.0 Beta 3 LFI / SQL Injection Vulnerabilities

  Tags:   

• 13:56

  [remote exploits] - SSH User Code Execution Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - SSH User Code Execution Vulnerability

  Tags:   

• 13:55

  [remote exploits] - Mutiny 5 Arbitrary File Upload Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - Mutiny 5 Arbitrary File Upload Vulnerability

  Tags:   

• 12:00

  Bugtraq: [slackware-security] mozilla-thunderbird (SSA:2013-135-02)

   » ‎ SecurityFocus Vulnerabilities
  [slackware-security] mozilla-thunderbird (SSA:2013-135-02)

  Tags:   

• 11:28

  Ubuntu Security Notice USN-1829-1

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 1829-1 - Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

  Tags:   

• 10:25

  Slackware Security Advisory - mozilla-thunderbird Updates

   » ‎ Packet Storm Security Advisories
  Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

  Tags:   

• 10:23

  Slackware Security Advisory - mozilla-firefox Updates

   » ‎ Packet Storm Security Advisories
  Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

  Tags:   

• 10:22

  Debian Security Advisory 2669-1

   » ‎ Packet Storm Security Advisories
  Debian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

  Tags:   

• 10:00

  Bugtraq: ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability

  Tags:   

• 9:00

  Bugtraq: ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

  Tags:   

• 8:58

  Multiple vulnerabilities in multiple themes for WordPress with VideoJS

   » ‎ Full Disclosure

  Posted by MustLive on May 16

  Hello list!
  
  These are Cross-Site Scripting and Full path disclosure vulnerabilities in
  multiple themes for WordPress with VideoJS. Earlier I've wrote about
  vulnerabilities in VideoJS (http://seclists.org/fulldisclosure/2013/May/21).
  This is popular video and audio player, which is used at hundreds thousands
  of web sites and in multiple web applications. Google dork for VideoJS shows
  446000 results and for WP themes with it shows 171000...
  

  Tags:   

• 8:43

  ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

   » ‎ Bugtraq

  Posted by Security Alert on May 16

  ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
  
  EMC Identifier: ESA-2013-029
  
  CVE Identifier: CVE-2013-0941
  
  Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
  
  Affected Products:
  
  RSA Authentication API versions prior to 8.1 SP1
  
  RSA Web Agent for Apache Web Server versions prior to 5.3.5
  
  RSA Web Agent for IIS versions prior to 5.3.5
  
  RSA PAM Agent versions prior to 7.0
  
  RSA Agent for Microsoft...
  

  Tags:   

• 8:31

  ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability

   » ‎ Bugtraq

  Posted by Security Alert on May 16

  ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability
  
  EMC Identifier: ESA-2013-041
  
  CVE Identifier: CVE-2013-3270
  
  Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
  
  Affected products:
  
  • EMC VNX Control Station versions prior 7.1.70.2
  • EMC Celerra Control Station versions prior 6.0.70.1
  
  Summary:
  
  A vulnerability exists in EMC VNX and EMC Celerra Control Station that...
  

  Tags:   

• 8:11

  Cops Should Get Warrants To Read Your E-Mail, Attorney General Says

   » ‎ Packet Storm Security Headlines
  Cops Should Get Warrants To Read Your E-Mail, Attorney General Says

  Tags:   

• 8:07

  [slackware-security] mozilla-thunderbird (SSA:2013-135-02)

   » ‎ Bugtraq

  Posted by Slackware Security Team on May 16

  [slackware-security] mozilla-thunderbird (SSA:2013-135-02)
  
  New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
  and -current to fix security issues.
  
  Here are the details from the Slackware 14.0 ChangeLog:
  +--------------------------+
  patches/packages/mozilla-thunderbird-17.0.6-i486-1_slack14.0.txz: Upgraded.
  This release contains security fixes and improvements.
  For more information, see:...
  

  Tags:   

• 7:58

  [slackware-security] mozilla-firefox (SSA:2013-135-01)

   » ‎ Bugtraq

  Posted by Slackware Security Team on May 16

  [slackware-security] mozilla-firefox (SSA:2013-135-01)
  
  New mozilla-firefox packages are available for Slackware 13.37, 14.0,
  and -current to fix security issues.
  
  Here are the details from the Slackware 14.0 ChangeLog:
  +--------------------------+
  patches/packages/mozilla-firefox-21.0-i486-1_slack14.0.txz: Upgraded.
  This release contains security fixes and improvements.
  For more information, see:...
  

  Tags:   

• 7:54

  British LulzSec Hackers Hear Jail Doors Slam Shut For Years

   » ‎ Packet Storm Security Headlines
  British LulzSec Hackers Hear Jail Doors Slam Shut For Years

  Tags:   

• 7:40

  [SECURITY] [DSA 2669-1] linux security update

   » ‎ Bugtraq

  Posted by dann frazier on May 16

  ----------------------------------------------------------------------
  Debian Security Advisory DSA-2669-1 security () debian org
  http://www.debian.org/security/ Dann Frazier
  May 15, 2013 http://www.debian.org/security/faq
  ----------------------------------------------------------------------
  
  Package : linux
  Vulnerability : privilege escalation/denial of service/information...
  

  Tags:   

• 6:28

  Take Part in Positive Hack Days in Any Part of the World

   » ‎ Full Disclosure

  Posted by PHD on May 16

  As part of PHDays Everywhere, any visitor of hackspaces in different parts of the planet will be able to partake in the
  international forum Positive Hack Days.
  
  15 hackspaces in 7 countries will throw their doors open on May 23 and 24. Abu Dhabi (United Arab Emirates), Cairo
  (Egypt), Birzeit (Palestine), Kollam (India), Tunis (Tunisia), as well as Kiev, Lviv, Vladivostok, St. Petersburg,
  Novosibirsk, Kaliningrad, Omsk, Voronezh, Saratov, and...
  

  Tags:   

• 6:10

  [SECURITY] [DSA 2669-1] linux security update

   » ‎ Full Disclosure

  Posted by dann frazier on May 16

  ----------------------------------------------------------------------
  Debian Security Advisory DSA-2669-1 security () debian org
  http://www.debian.org/security/ Dann Frazier
  May 15, 2013 http://www.debian.org/security/faq
  ----------------------------------------------------------------------
  
  Package : linux
  Vulnerability : privilege escalation/denial of service/information...
  

  Tags:   

• 0:00

  Vuln: EMC AlphaStor CVE-2013-0930 Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  EMC AlphaStor CVE-2013-0930 Buffer Overflow Vulnerability

  Tags:   

• 0:00

  Vuln: Python 'ssl.match_hostname()' Function Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Python 'ssl.match_hostname()' Function Denial of Service Vulnerability

  Tags:   

• 0:00

  Vuln: Oracle Sun Products Suite CVE-2013-1498 Local Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Sun Products Suite CVE-2013-1498 Local Security Vulnerability

  Tags:   

• 0:00

  Vuln: Linux Kernel CVE-2013-3228 Local Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel CVE-2013-3228 Local Information Disclosure Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox and Thunderbird CVE-2013-1678 Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox and Thunderbird CVE-2013-1678 Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox/Thunderbird CVE-2013-1672 Local Privilege Escalation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox/Thunderbird CVE-2013-1672 Local Privilege Escalation Vulnerability

  Tags:   

• 0:00

  Vuln: RETIRED: Adobe Flash Player and AIR APSB13-14 Multiple Memory Corruption Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Adobe Flash Player and AIR APSB13-14 Multiple Memory Corruption Vulnerabilities

  Tags:   

• 0:00

  Vuln: Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability

  Tags:   

• 0:00

  Vuln: RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities

  Tags:   

• 0:00

  Vuln: Adobe Reader And Acrobat CVE-2013-2549 Integer Underflow Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Adobe Reader And Acrobat CVE-2013-2549 Integer Underflow Remote Code Execution Vulnerability

  Tags:   

• 0:00

  Vuln: Adobe Flash Player and AIR CVE-2012-5259 Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Adobe Flash Player and AIR CVE-2012-5259 Buffer Overflow Vulnerability

  Tags:   

• 0:00

  Vuln: WebKit CVE-2012-3748 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WebKit CVE-2012-3748 Remote Code Execution Vulnerability

  Tags:   

• 0:00

  Vuln: ZPanel 'templateparser.class.php' PHP Code Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZPanel 'templateparser.class.php' PHP Code Injection Vulnerability

  Tags:   

• 0:00

  Vuln: Oracle Java SE CVE-2013-2424 Remote Java Runtime Environment Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2013-2424 Remote Java Runtime Environment Vulnerability

  Tags:   

• 0:00

  Vuln: Linux Kernel 'fs/compat_ioctl.c' Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel 'fs/compat_ioctl.c' Information Disclosure Vulnerability

  Tags:   

• 0:00

  Vuln: Linux Kernel 'cdc-wdm' USB Device Driver Heap Based Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel 'cdc-wdm' USB Device Driver Heap Based Buffer Overflow Vulnerability

  Tags:   

• May 15, 2013
• 22:00

  Bugtraq: [security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code

  Tags:   

• 21:40

  Oracle Updates Java Versioning To Allow More Security Fixes

   » ‎ Packet Storm Security Headlines
  Oracle Updates Java Versioning To Allow More Security Fixes

  Tags:   

• 21:31

  UK-Based Lulzsec Hackers Await Sentencing Post Guilty Pleas

   » ‎ Packet Storm Security Headlines
  UK-Based Lulzsec Hackers Await Sentencing Post Guilty Pleas

  Tags:   

• 21:30

  Syria Falls Off The Internet Again

   » ‎ Packet Storm Security Headlines
  Syria Falls Off The Internet Again

  Tags:   

• 21:08

  Mutiny 5 Arbitrary File Upload

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.

  Tags:   

• 21:00

  Bugtraq: [ MDVSA-2013:165 ] firefox

   » ‎ SecurityFocus Vulnerabilities
  [ MDVSA-2013:165 ] firefox

  Tags:   

• 20:00

  Bugtraq: Multiple Vulnerabilities in Exponent CMS

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vulnerabilities in Exponent CMS

  Tags:   

• 19:00

  Bugtraq: Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

  Tags:   

• 16:56

  Cisco Security Advisory 20130515-mse

   » ‎ Packet Storm Security Advisories
  Cisco Security Advisory - Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

  Tags:   

• 16:50

  Red Hat Security Advisory 2013-0827-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2013-0827-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. When using Opportunistic Encryption, Openswan's pluto IKE daemon requests DNS TXT records to obtain public RSA keys of itself and its peers. A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker-controlled domain containing malicious records could cause Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary code with root privileges. With "oe=yes" but no RSA key configured, the issue can only be triggered by attackers on the local network who can control the reverse DNS entry of the target system. Opportunistic Encryption is disabled by default.

  Tags:   

• 12:15

  Re: Q: CVE Database with Programming Language and Failure Classification?

   » ‎ Full Disclosure

  Posted by Florian Weimer on May 15

  * Jeffrey Walton:
  
  Red Hat's Bugzilla has CWE tagging for many CVEs, in the "Whiteboard"
  field. Mapping the affected packages to programming languages is some
  work, though. You could map the CVEs to Debian packages through the
  Debian Security Tracker, and use the implemented-in tags provided by
  Debian.
  

  Tags:   

• 12:07

  Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

   » ‎ Bugtraq

  Posted by Cisco Systems Product Security Incident Response Team on May 15

  Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability
  
  Advisory ID: cisco-sa-20130515-mse
  
  Revision 1.0
  
  For Public Release 2013 May 15 16:00 UTC (GMT)
  
  +---------------------------------------------------------------------
  
  Summary
  =======
  
  Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to
  cause high CPU utilization and a reload of the...
  

  Tags:   

• 12:04

  [Security-news] SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass

   » ‎ Full Disclosure

  Posted by security-news on May 15

  View online: http://drupal.org/node/1995706
  
  * Advisory ID: DRUPAL-SA-CONTRIB-2013-047
  * Project: Google Authenticator login [1] (third-party module)
  * Version: 6.x, 7.x
  * Date: 2013-May-15
  * Security risk: Moderately critical [2]
  * Exploitable from: Remote
  * Vulnerability: Access bypass
  
  -------- DESCRIPTION
  ---------------------------------------------------------
  
  This module will allow you to add Time-based One-time Password...
  

  Tags:   

• 11:52

  Multiple Vulnerabilities in Exponent CMS

   » ‎ Bugtraq

  Posted by advisory on May 15

  Advisory ID: HTB23154
  Product: Exponent CMS
  Vendor: Online Innovative Creations
  Vulnerable Version(s): 2.2.0 beta 3 and probably prior
  Tested Version: 2.2.0 beta 3
  Vendor Notification: April 24, 2013
  Vendor Patch: May 3, 2013
  Public Disclosure: May 15, 2013
  Vulnerability Type: SQL Injection [CWE-89], PHP File Inclusion [CWE-98]
  CVE References: CVE-2013-3294, CVE-2013-3295
  Risk Level: High
  CVSSv2 Base Scores: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P),...
  

  Tags:   

• 11:22

  SSH User Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module utilizes a stager to upload a base64 encoded binary which is then decoded, chmod'ed and executed from the command shell.

  Tags:   

• 11:09

  [web applications] - Wordpress Newsletter 3.2.6 Cross Site Scripting Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Wordpress Newsletter 3.2.6 Cross Site Scripting Vulnerability

  Tags:   

• 11:09

  [local exploits] - Kloxo 6.1.12 Privilege Escalation Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Kloxo 6.1.12 Privilege Escalation Vulnerability

  Tags:   

• 10:59

  [web applications] - Forumfree, Forumcommunity and Blogfree Filter Bypass

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Forumfree, Forumcommunity and Blogfree Filter Bypass

  Tags:   

• 10:59

  [dos / poc] - Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of service

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of service

  Tags:   

• 10:58

  [dos / poc] - Quick Search Version 1.1.0.189 Buffer Overflow Vulnerability (SEH)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - Quick Search Version 1.1.0.189 Buffer Overflow Vulnerability (SEH)

  Tags:   

• 10:51

  [web applications] - Wordpress wp-FileManager Arbitrary File Download Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Wordpress wp-FileManager Arbitrary File Download Vulnerability

  Tags:   

• 9:07

  [ MDVSA-2013:165 ] firefox

   » ‎ Bugtraq

  Posted by security on May 15

  _______________________________________________________________________
  
  Mandriva Linux Security Advisory MDVSA-2013:165
  http://www.mandriva.com/en/support/security/
  _______________________________________________________________________
  
  Package : firefox
  Date : May 15, 2013
  Affected: Enterprise Server 5.0
  _______________________________________________________________________
  
  Problem Description:
  
  Multiple...
  

  Tags:   

• 9:06

  Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

   » ‎ Full Disclosure

  Posted by Cisco Systems Product Security Incident Response Team on May 15

  Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability
  
  Advisory ID: cisco-sa-20130515-mse
  
  Revision 1.0
  
  For Public Release 2013 May 15 16:00 UTC (GMT)
  
  +---------------------------------------------------------------------
  
  Summary
  =======
  
  Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to
  cause high CPU utilization and a reload of the...
  

  Tags:   

• 8:49

  [security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code

   » ‎ Bugtraq

  Posted by security-alert on May 15

  Note: the current version of the following document is available here:
  https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
  docDisplay?docId=emr_na-c03714526
  
  SUPPORT COMMUNICATION - SECURITY BULLETIN
  
  Document ID: c03714526
  Version: 3
  
  HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service
  (DoS) and Execution of Arbitrary Code
  
  NOTICE: The information in this Security Bulletin should be acted upon as
  soon as possible....
  

  Tags:   

• 8:32

  [SECURITY] [DSA 2668-1] linux-2.6 security update

   » ‎ Bugtraq

  Posted by dann frazier on May 15

  ----------------------------------------------------------------------
  Debian Security Advisory DSA-2668-1 security () debian org
  http://www.debian.org/security/ Dann Frazier
  May 14, 2013 http://www.debian.org/security/faq
  ----------------------------------------------------------------------
  
  Package : linux-2.6
  Vulnerability : privilege escalation/denial of...
  

  Tags:   

• 4:48

  Indusface Website Hacked and Infected?

   » ‎ Full Disclosure

  Posted by Rahul T on May 15

  Dear All,
  
  I was searching for some information on the internet and it seems that the
  Indusface website was infected with Russian Spam and Malware. There seems
  to be spam and malicious code in the homepage along with many more spam
  pages added into the webroot. Below are some screenshots of the same:
  
  *Indusface Homepage Infected with Russian Spam*
  *
  *
  *[image: Inline image 2]
  *
  *
  *
  *Google Search Results Showing Indusface Pages with Russian Spam...
  

  Tags:   

• 3:24

  [ MDVSA-2013:165 ] firefox

   » ‎ Full Disclosure

  Posted by security on May 15

  _______________________________________________________________________
  
  Mandriva Linux Security Advisory MDVSA-2013:165
  http://www.mandriva.com/en/support/security/
  _______________________________________________________________________
  
  Package : firefox
  Date : May 15, 2013
  Affected: Enterprise Server 5.0
  _______________________________________________________________________
  
  Problem Description:
  
  Multiple...
  

  Tags:   

• 2:10

  [SECURITY] [DSA 2668-1] linux-2.6 security update

   » ‎ Full Disclosure

  Posted by dann frazier on May 15

  ----------------------------------------------------------------------
  Debian Security Advisory DSA-2668-1 security () debian org
  http://www.debian.org/security/ Dann Frazier
  May 14, 2013 http://www.debian.org/security/faq
  ----------------------------------------------------------------------
  
  Package : linux-2.6
  Vulnerability : privilege escalation/denial of...
  

  Tags:   

• 0:00

  Vuln: Microsoft .NET Framework CVE-2013-1337 Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework CVE-2013-1337 Authentication Bypass Vulnerability

  Tags:   

• 0:00

  Vuln: Linux Kernel CVE-2012-6542 Local Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel CVE-2012-6542 Local Information Disclosure Vulnerability

  Tags:   

• 0:00

  Vuln: Oracle Java SE CVE-2013-2422 Remote Java Runtime Environment Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2013-2422 Remote Java Runtime Environment Vulnerability

  Tags:   

• 0:00

  Vuln: Adobe Acrobat and Reader APSB13-15 Multiple Security Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Adobe Acrobat and Reader APSB13-15 Multiple Security Vulnerabilities

  Tags:   

• 0:00

  Vuln: Linux Kernel VFAT Filesystem Local Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Linux Kernel VFAT Filesystem Local Buffer Overflow Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox and Thunderbird CVE-2013-1678 Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox and Thunderbird CVE-2013-1678 Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: Cisco WebEx Social CVE-2013-1244 Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Cisco WebEx Social CVE-2013-1244 Cross Site Scripting Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox SeaMonkey and Thunderbird CVE-2012-1942 Local Privilege Escalation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox SeaMonkey and Thunderbird CVE-2012-1942 Local Privilege Escalation Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox and Thunderbird CVE-2013-1670 Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox and Thunderbird CVE-2013-1670 Cross Site Scripting Vulnerability

  Tags:   

• 0:00

  Vuln: OpenSSL ECC Private Key Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL ECC Private Key Information Disclosure Vulnerability

  Tags:   

• 0:00

  Vuln: Oracle Java SE CVE-2013-1540 Remote Java Runtime Environment Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2013-1540 Remote Java Runtime Environment Vulnerability

  Tags:   

• 0:00

  Vuln: CMSLogik Arbitrary File Upload and Multiple HTML Injection Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  CMSLogik Arbitrary File Upload and Multiple HTML Injection Vulnerabilities

  Tags:   

• 0:00

  Vuln: VideoJS Cross Site Scripting and Denial of Service Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  VideoJS Cross Site Scripting and Denial of Service Vulnerabilities

  Tags:   

• 0:00

  Vuln: Oracle Java SE CVE-2013-2420 Integer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2013-2420 Integer Overflow Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox/Thunderbird CVE-2013-1674 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox/Thunderbird CVE-2013-1674 Remote Code Execution Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox and Thunderbird CVE-2013-1680 Use After Free Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox and Thunderbird CVE-2013-1680 Use After Free Memory Corruption Vulnerability

  Tags:   

• 0:00

  Vuln: Mozilla Firefox and Thunderbird CVE-2013-0801 Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox and Thunderbird CVE-2013-0801 Memory Corruption Vulnerability

  Tags:   

• May 14, 2013
• 22:14

  German Publisher Accuses Microsoft Of URL Sniffing

   » ‎ Packet Storm Security Headlines
  German Publisher Accuses Microsoft Of URL Sniffing

  Tags:   

• 22:11

  Russia Busts CIA 'Spy' And His Gmail

   » ‎ Packet Storm Security Headlines
  Russia Busts CIA 'Spy' And His Gmail

  Tags:   

• 22:11

  IE 0-Day Highlights Microsoft May Patch Release

   » ‎ Packet Storm Security Headlines
  IE 0-Day Highlights Microsoft May Patch Release

  Tags:   

• 22:10

  EU To Warn China It May Levy Duties Against Huawei

   » ‎ Packet Storm Security Headlines
  EU To Warn China It May Levy Duties Against Huawei

  Tags:   

• 17:00

  [dos] - Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of service

   » ‎ Exploit-DB
  Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of service

  Tags:   

• 15:02

  [web applications] - Joomla Jnews 8.0.1 Cross Site Scripting Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - Joomla Jnews 8.0.1 Cross Site Scripting Vulnerability

  Tags:   

• 15:01

  [web applications] - WordPress Securimage 3.2.4 Cross Site Scripting Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - WordPress Securimage 3.2.4 Cross Site Scripting Vulnerability

  Tags:   

• 15:01

  [web applications] - WordPress Video JS Cross Site Scripting Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - WordPress Video JS Cross Site Scripting Vulnerability

  Tags:   

• 15:00

  [web applications] - WordPress Search And Share 0.9.3 Cross Site Scripting Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [web applications] - WordPress Search And Share 0.9.3 Cross Site Scripting Vulnerability

  Tags:   

• 14:58

  [local exploits] - Avira Personal Privilege Escalation Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Avira Personal Privilege Escalation Vulnerability

  Tags:   

• 13:12

  Remote command Injection in Creme Fraiche 0.6 Ruby Gem

   » ‎ Full Disclosure

  Posted by Larry W. Cashdollar on May 14

  TITLE: Remote command Injection in Creme Fraiche 0.6 Ruby Gem
  
  DATE: 5/14/2013
  
  AUTHOR: Larry W. Cashdollar (@_larry0)
  
  DOWNLOAD: http://rubygems.org/gems/cremefraiche, http://www.uplawski.eu/technology/cremefraiche/
  
  DESCRIPTION: Converts Email to PDF files.
  
  VENDOR: Notifed on 5/13/2013, provided fix 5/14/2013
  
  FIX: Version in 0.6.1
  
  CVE: 2013-2090
  
  DETAILS: The following lines pass unsanitized user input directly to the command line.
  A...
  

  Tags:   

• 12:07

  www.netcraft.com - "Search Form" Cross-site Scripting vulnerability

   » ‎ Full Disclosure

  Posted by Stefan Schurtz on May 14

  Advisory: www.netcraft.com - Search Form Cross-site Scripting vulnerability
  Advisory ID: SSCHADV2013-008
  Author: Stefan Schurtz
  Affected Software: Successfully tested on www.netcraft.com
  Vendor URL: http://www.netcraft.com
  Vendor Status: fixed
  
  ==========================
  Vulnerability Description
  ==========================
  
  The 'q'-Parameter in the Search Form on...
  

  Tags:   

• 9:07

  Vulnerabilities in multiple plugins for WordPress with VideoJS

   » ‎ Full Disclosure

  Posted by MustLive on May 14

  Hello list!
  
  These are Cross-Site Scripting vulnerabilities in multiple plugins for
  WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS
  (http://seclists.org/fulldisclosure/2013/May/21). This is popular video and
  audio player, which is used at hundreds thousands of web sites and in
  multiple web applications. Google dork for VideoJS shows 446000 results and
  for WP plugins with it shows 178000 (inurl:video-js.swf...
  

  Tags:   

• 7:56

  Bloomberg: Yes, Reporters Had Access To Client Data

   » ‎ Packet Storm Security Headlines
  Bloomberg: Yes, Reporters Had Access To Client Data

  Tags:   

• 7:55

  French Bean-Counters Sweet Talked Into Trojans

   » ‎ Packet Storm Security Headlines
  French Bean-Counters Sweet Talked Into Trojans

  Tags:   

• 7:55

  Google Android Malware Levels Rocket As Spam Threats Grow

   » ‎ Packet Storm Security Headlines
  Google Android Malware Levels Rocket As Spam Threats Grow

  Tags:   

• 7:55

  A Saudi Arabia Telecom's Surveillance Pitch

   » ‎ Packet Storm Security Headlines
  A Saudi Arabia Telecom's Surveillance Pitch

  Tags:   

• 4:09

  GreHack 2013 - Call For Papers - November 15, Grenoble, France

   » ‎ Full Disclosure

  Posted by F. Duchene on May 14

  ---------------------------
  *GreHack 2013* — 2nd Call For Papers
  November 15, Grenoble, France
  http://grehack.org — Twitter: @grehack
  ---------------------------
  *Topics*
  The 2nd International Symposium on Grey-Hat Hacking — aka GreHack 2013
  — will gather researchers and practitioners from academia, industry,
  and government to discuss new advances in computer and information
  security research.
  
  All topics related to vulnerability...
  

  Tags:   

• 4:00

  [HITB-Announce] HITB Magazine Issue 010

   » ‎ Full Disclosure

  Posted by Hafez Kamal on May 14

  Hi everyone,
  
  A small reminder that article submissions for HITB Magazine Issue 010
  are due tomorrow (15th May 2013). If you're interested in submitting
  please send your > 3000 word article to editorial () hackinthebox org
  
  Topics of interest include, but are not limited to the following:
  
  Next generation attacks and exploits
  Apple / OS X security vulnerabilities
  SS7/Backbone telephony networks
  VoIP security
  Data...
  

  Tags:   

• 0:00

  Vuln: LibTIFF CVE-2013-1961 Stack Based Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  LibTIFF CVE-2013-1961 Stack Based Buffer Overflow Vulnerability

  Tags:   

• 0:00

  Vuln: WordPress Plupload Plugin 'id' Parameter Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Plupload Plugin 'id' Parameter Cross Site Scripting Vulnerability

  Tags:   

• 0:00

  Vuln: LibTIFF 't2_process_jpeg_strip()' Function Heap-based Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  LibTIFF 't2_process_jpeg_strip()' Function Heap-based Buffer Overflow Vulnerability

  Tags:   

• 0:00

  Vuln: GeSHi CVE-2012-3521 Multiple Local File Include Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  GeSHi CVE-2012-3521 Multiple Local File Include Vulnerabilities

  Tags:   

• 0:00

  Vuln: Dolibarr Multiple Cross Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Dolibarr Multiple Cross Site Scripting Vulnerabilities

  Tags: