Monthly Archives: January 2015

Mandriva

[ MDVSA-2015:020 ] libssh

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:020
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libssh
 Date    : January 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libssh packages fix security vulnerability:
 
 Double free vulnerability in the ssh_packet_kexinit function in kex.c
 in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to
 cause a denial of service via a crafted kexinit packet (CVE-2014-8132).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132
 http://advisories.mageia.org/MGASA-2015-0014.html
 ____________________________________________________________________
ESET

The drones are coming, what could go wrong?

Leave a comment

Continuing from Consumer Electronics Show 2015 here in Las Vegas where we were covering this week the first impresisions of the show and also some lessons that this digital invasion is leaving us. Now, we will approach another interesting topic that involves privacy and new technology: drones.

The post The drones are coming, what could go wrong? appeared first on We Live Security.

Full Disclosure

ZTE Datacard PCW(Telecom MF180) – Multiple Software Vulnerabilities

Leave a comment

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
ZTE Datacard PCW(Telecom MF180) – Multiple Software Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1405

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
====================================
1405

Common Vulnerability Scoring System:
====================================
6

Product & Service Introduction:…

Full Disclosure

Heroku API Bug Bounty #1 – Persistent Invitation Vulnerability

Leave a comment

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
Heroku API Bug Bounty #1 – Persistent Invitation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1300

Video: http://www.vulnerability-lab.com/get_content.php?id=1335

BugCrowd ID: e8a8ecb81b9bf115226ed2ff05937a0424da101610ba1289f027a1f8319d4eb9

Acknowledgement (Hall of Fame): https://bugcrowd.com/heroku/hall-of-fame

Vulnerability Magazine:…

Full Disclosure

Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability

Leave a comment

Posted by Jing Wang on Jan 12

*Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A
New Open Redirect Security Vulnerability*

*Domain:*
http://www.facebook.com

*Discover:*
Wang Jing, School of Physical and Mathematical Sciences (SPMS), Nanyang
Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/

*(1) General Vulnerabilities Description:*

*(1.1)* Two Facebook vulnerabilities are introduced in this article.
Facebook has a…

Full Disclosure

Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect

Leave a comment

Posted by Jing Wang on Jan 12

*Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust
& kindlepost.com <http://kindlepost.com> omnivoracious.com
<http://omnivoracious.com> carlustblog.com <http://carlustblog.com> Open
Redirect *

*Discover:*
Wang Jing, School of Physical and Mathematical Sciences (SPMS), Nanyang
Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/

*Domains:*
http://www.amazon.com

All…