Humhub versions 0.10.0-rc.1 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
Monthly Archives: December 2014
BulletProof FTP Client 2010 Buffer Overflow
BulletProof FTP Client 2010 SEH buffer overflow exploit that affects version 2010.75.0.76.
Microsoft Security Bulletin Revision Increment For December, 2014
This bulletin summary lists two bulletins that have undergone a major revision increment for December, 2014.
Re: Interesting Backdoor
Posted by Brandon Vincent on Dec 09
This looks like a Jynx derived rootkit which relies on LD_PRELOAD [1].
[1] http://volatility-labs.blogspot.com/2012/09/movp-24-analyzing-jynx-rootkit-and.html
Brandon Vincent
Re: Interesting Backdoor
Posted by Ed Tredgett on Dec 09
Check the following link out it may provide you with a greater insight as is looks like that rootkit from the
information you’ve provided, which I’ve found floating around recently
https://gitorious.org/dongforce/main/source/e08f161206e31cc12f1a874d8add153764564065:__UMBREON__
Ed
Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities
Posted by Simo Ben youssef on Dec 09
Title: Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities
Author: Simo Ben youssef
Contact: Simo_at_Morxploit_com
Discovered: 02 November 2014
Updated: 9 December 2014
Published: 9 December 2014
MorXploit Research
http://www.MorXploit.com
Vendor: Concrete5
Vendor url: www.concrete5.org
Software: Concrete5 CMS
Versions: 5.7.2 and 5.7.2.1 (probably older)
Status: Unpatched
Vulnerable scripts:…
Call for Presenters – B-Sides Vancouver 2015 – March 16-17, 2015 in Vancouver, Canada
Posted by Colin Keigher on Dec 09
The third annual Security B-Sides Vancouver is an information security
conference that will be held March 16th and 17th in Vancouver, British
Columbia, Canada.
We love to see brand new speakers, seasoned speakers, and everyone in
between!
Topics of interest include (but are in no way limited to) the following,
preference given to talks that actually provide solutions as as well as
insight to problems:
– Information technology
– Network…
Keurig 2.0 Genuine K-Cup Spoofing Vulnerability
Posted by Kenneth Buckler on Dec 09
*Overview*
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity
of coffee pods, known as K-Cups, uses weak verification methods, which are
subject to a spoofing attack through re-use of a previously verified K-Cup.
*Impact*
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete…
CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Posted by Jing Wang on Dec 09
*CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security
Vulnerabilities*
Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security
Vulnerabilities
Product: WebPress
Vendor: goYWP
Vulnerable Versions: 13.00.06
Tested Version: 13.00.06
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8751
Credit: Wang Jing [SPMS, Nanyang…
CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability
Posted by Jing Wang on Dec 09
*CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints”
Dest Redirect Privilege Escalation Security Vulnerability*
Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP
Endpoints” Dest Redirect Privilege Escalation Security Vulnerability
Product: PingFederate 6.10.1 SP Endpoints
Vendor: Ping Identity Corporation
Vulnerable Versions: 6.10.1
Tested Version: 6.10.1
Advisory Publication:…