Since 2010, Sysdream organizes the “Hack In Paris” event in Paris, France. Aiming to bring together security professionals and enthusiasts, Hack In Paris will focus on the latest advances in IT security. Hack In Paris will be held at a totally new location in Paris from June 15th to 19th, 2015. The Nuit Du Hack will take place on June 20th at the same place.
Monthly Archives: January 2015
WebGUI 7.10.29 stable version Cross site scripting vulnerability
Posted by SECUPENT Research Center on Jan 20
Exploit Title: WebGUI 7.10.29 stable version Cross site scripting vulnerability
Software Link: http://www.webgui.org/download
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 17-1-2015
Version: 7.10.29. Previous version maybe vulnerable also.
Vulnerable area: http://localhost/style-underground/search
XSS PoC: 1″ onmouseover=prompt(907460) bad=”
Screenshot:
Link:…
CESA-2015:0066 Moderate CentOS 7 openssl SecurityUpdate
CentOS Errata and Security Advisory 2015:0066 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0066.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 90ae8d39a7d2342fcd225c1f29623e858481e0d10b8f00550be14f681244d59f openssl-1.0.1e-34.el7_0.7.i686.rpm 3e1d713d05b41822d4c22fa2973711b531869e9f828645cf39b9b9b43f7b9f22 openssl-1.0.1e-34.el7_0.7.x86_64.rpm 5b041b8c76efcb798e1365535474608901aa5a99479effd7a59dfe12a77cc242 openssl-devel-1.0.1e-34.el7_0.7.i686.rpm 3a92c6e4601bc02cdd7ca5caef886ba9cfbc33946c419061edbca11957dd59a7 openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm 15ffc9d006339c93bade220756c6146887877c4e5365bd993b293e03f5963328 openssl-libs-1.0.1e-34.el7_0.7.i686.rpm 26d0980530f90c3ae4fc1da9eacd05a46e00c884f382cdb19db89f9e1af95b0b openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm 530630998dc49cc5303c4975dab4b8fd0874bb4669dcd310393c5c2faa1dc869 openssl-perl-1.0.1e-34.el7_0.7.i686.rpm 54e69cbfec586c962cbf1d96e12aec00fdf9b3570bd314c8f63cb6465cdb3a41 openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm 43db079d24be715a4f39fe84171434e4f2480df36726dc105a36f70a6b6928af openssl-static-1.0.1e-34.el7_0.7.i686.rpm b621a8f4a88c85d73d89840cc4b91f02c274ba5673da63965702d1b9ec21b2bf openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm Source: 32a75488cc166cf657df4f485013d98431a1904058be4b74183b9c0501044f2e openssl-1.0.1e-34.el7_0.7.src.rpm
CEBA-2015:0060 CentOS 7 sblim-sfcb BugFix Update
CentOS Errata and Bugfix Advisory 2015:0060 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0060.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 0707ed38dedad39c53af31d3119a4387ca6e428c34c07669b60cbb547c158a45 sblim-sfcb-1.3.16-12.el7_0.i686.rpm 3d5ba044dd1bdb4599b3b9d1a54caad16c1a036143d637d4d68e3efd94cf48a3 sblim-sfcb-1.3.16-12.el7_0.x86_64.rpm Source: 8ac5bd7bbb1f007dac416625a98c4ef6a85b62dad6c9599cdef5577ba9b2b1c0 sblim-sfcb-1.3.16-12.el7_0.src.rpm
CEBA-2015:0055 CentOS 7 subscription-managerBugFix Update
CentOS Errata and Bugfix Advisory 2015:0055 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0055.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8d04924ae03adb72b4812d671c28b088a97f2843ff9630e6814b89c73f359216 subscription-manager-1.10.14-13.el7.centos.i686.rpm 3d60d541e3d7ad3ca5ed45ed03b48995eb30fadb88323d58b964399c9cbcddee subscription-manager-1.10.14-13.el7.centos.x86_64.rpm 842a276bfdc3b3b6270fcf4bbe9da47c2c471abcc52d089ab5622c8a10f83016 subscription-manager-firstboot-1.10.14-13.el7.centos.i686.rpm 38294f3348ea730d37e0bbb14ae28a6761a9aca79edf5a382f35dbe261a411ce subscription-manager-firstboot-1.10.14-13.el7.centos.x86_64.rpm 9a212d0302f2268015adbf93f7ca03efc1c28667515660737dc0a2b9b287ac6a subscription-manager-gui-1.10.14-13.el7.centos.i686.rpm 1182675a1ac4096a47d8b48f49ced0348fd1b392bc89f53d508a2a57c272f77a subscription-manager-gui-1.10.14-13.el7.centos.x86_64.rpm 7a78bcbd2d63461af95e8eba7a9ef3ea9b97c87a818e65672cc7d7f44ed8fbf3 subscription-manager-migration-1.10.14-13.el7.centos.i686.rpm 1ba887e94e824864e4d0a6fa31d4ee1b224101d8a08100712418d98982163543 subscription-manager-migration-1.10.14-13.el7.centos.x86_64.rpm Source: a406d3c4ac5d1c9f0882b2d255e033edcd82e012321a1c626e93dabe70ac682a subscription-manager-1.10.14-13.el7.centos.src.rpm
CEBA-2015:0059 CentOS 6 selinux-policy BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0059 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0059.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: cb79dfabcda8be35ef537edb7fc9ec99a1484131d961d520e3e5f2a3c2abd51f selinux-policy-3.7.19-260.el6_6.2.noarch.rpm 921a73ad0063ab3555f80af904b0423be57d95730dd6bf5ef934d48e9f915282 selinux-policy-doc-3.7.19-260.el6_6.2.noarch.rpm 54c5786efda3da93e31556258a8cadde4bec938da1027fc24c3e4d822ef9af49 selinux-policy-minimum-3.7.19-260.el6_6.2.noarch.rpm d2b65353dc1db08d865fcf725a40a9b8457e659ec8fc6d93b1d053d567fa1831 selinux-policy-mls-3.7.19-260.el6_6.2.noarch.rpm c719c22596bb7e5272f7359aaa92a9798bb2cd31d9a47ee04b565375b0725ec7 selinux-policy-targeted-3.7.19-260.el6_6.2.noarch.rpm x86_64: cb79dfabcda8be35ef537edb7fc9ec99a1484131d961d520e3e5f2a3c2abd51f selinux-policy-3.7.19-260.el6_6.2.noarch.rpm 921a73ad0063ab3555f80af904b0423be57d95730dd6bf5ef934d48e9f915282 selinux-policy-doc-3.7.19-260.el6_6.2.noarch.rpm 54c5786efda3da93e31556258a8cadde4bec938da1027fc24c3e4d822ef9af49 selinux-policy-minimum-3.7.19-260.el6_6.2.noarch.rpm d2b65353dc1db08d865fcf725a40a9b8457e659ec8fc6d93b1d053d567fa1831 selinux-policy-mls-3.7.19-260.el6_6.2.noarch.rpm c719c22596bb7e5272f7359aaa92a9798bb2cd31d9a47ee04b565375b0725ec7 selinux-policy-targeted-3.7.19-260.el6_6.2.noarch.rpm Source: c8d7f4d405463cdca83c4ece3a840998adb16ea29bde91f2153c188dd03b248d selinux-policy-3.7.19-260.el6_6.2.src.rpm
CESA-2015:0066 Moderate CentOS 6 openssl SecurityUpdate
CentOS Errata and Security Advisory 2015:0066 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0066.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 0b92c578790913dffc24ce526b0465d216dd988451a5a9666a357a321969c276 openssl-1.0.1e-30.el6_6.5.i686.rpm 20132caa37d324fd551964ea57cc7e8b92f96695636bd43ba526a304b3c03050 openssl-devel-1.0.1e-30.el6_6.5.i686.rpm 4f8ca10e73d8e34e3a40f3d9c4ffc65ac4950cda286945379e12fb6477ded3aa openssl-perl-1.0.1e-30.el6_6.5.i686.rpm 6284c6df0f702aa0af230863d08889d3ba98a33dd80a584e0d9ad017a03911e6 openssl-static-1.0.1e-30.el6_6.5.i686.rpm x86_64: 0b92c578790913dffc24ce526b0465d216dd988451a5a9666a357a321969c276 openssl-1.0.1e-30.el6_6.5.i686.rpm 6c41a21d88d83691e9ff90fe1612a72f6f63bb8ebaaf8442c00c3cfdfd177e22 openssl-1.0.1e-30.el6_6.5.x86_64.rpm 20132caa37d324fd551964ea57cc7e8b92f96695636bd43ba526a304b3c03050 openssl-devel-1.0.1e-30.el6_6.5.i686.rpm 380236927e3a982f53571a887ae6beaa64d11e3c136bc1bdb395105b53bc5be5 openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm d5ac362e346090eb1d21230e705b5edf926ea84dd5c9f98f4922bb7f9ec1fffa openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm 53c1ac46c19c5592ca38cb5b63841988dbe5472a0463e030fec765fbcc6d2a6a openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm Source: 61aaf1b8adff685f227ace33dec9b5ab68b4e614587d40b5dd11ba76117461ca openssl-1.0.1e-30.el6_6.5.src.rpm
CEBA-2015:0064 CentOS 5 cups BugFix Update
CentOS Errata and Bugfix Advisory 2015:0064 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0064.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c80c9433e51f9c275fc3a6b91c45c357ffbfe05737be4b1020c893c93fbbe978 cups-1.3.7-32.el5_11.i386.rpm 124483ceae7dfa3ff906feb3c820ed3b2409b5fe8fa1e3dd572c7cda7c117590 cups-devel-1.3.7-32.el5_11.i386.rpm dd8463437fb118b4d3f97a7ccaf912589f4c10e7d8e58ca026775ddd158da417 cups-libs-1.3.7-32.el5_11.i386.rpm 1252dfae304b695761eca1d315da0e68decbbcd0a781b8f71a303ceb64c6aae9 cups-lpd-1.3.7-32.el5_11.i386.rpm x86_64: 0db0927678de2522ea8d4a093bcd4fb71c206eb9bf938f36f895c381cc2e291f cups-1.3.7-32.el5_11.x86_64.rpm 124483ceae7dfa3ff906feb3c820ed3b2409b5fe8fa1e3dd572c7cda7c117590 cups-devel-1.3.7-32.el5_11.i386.rpm 54ed32ef707ab0a92ee3c943eb5a3801beee8238c9e0a1611a26d2a96e6cc09c cups-devel-1.3.7-32.el5_11.x86_64.rpm dd8463437fb118b4d3f97a7ccaf912589f4c10e7d8e58ca026775ddd158da417 cups-libs-1.3.7-32.el5_11.i386.rpm 08e6bc09f6670850e566fea6c7e77ee5f3a74d4a0dfce2c81700b720aa45aa15 cups-libs-1.3.7-32.el5_11.x86_64.rpm fce05862ee2eec17c9d3cbb2e2bf4f65a7ac7dd1d54c53a9955d351d96981579 cups-lpd-1.3.7-32.el5_11.x86_64.rpm Source: 0afd43e4f5ea5709fa069a76c881d587b67b894f063ec791b67c84f2fe087ddf cups-1.3.7-32.el5_11.src.rpm
Selling or giving away your old smartphone or tablet?
Take these steps to ensure you don’t give away your data when you sell your old smartphone!
You got a new device for Christmas and have finally finished migrating the data and apps from your old one to the new one. Now you’re thinking about what you can do with your old smartphone or tablet, and you come up with two alternatives: Sell it or give it away.
You’ve heard about some sites on the internet where you can sell your phone, so you do some research and decide on a fair price for your used device. Register yourself at the site and… Wait. Something suddenly occurred to you.
Will the new owner be able to see my personal stuff on my old phone?
You’re right to think about that because Tens of thousands of Americans sell themselves online every day. Not only do they sell the devices, they sell themselves as all the personal data could be recovered.
If you don’t want a stranger to see your selfies, discover your bank account details and your credit card numbers, and even some problematic Snapchats and SMSs… you need to do something. Do you remember the celebrities photos scandal?
So what to do? Use a hammer? Well, there are other options.
1. Backup your important data
Much of our lives are stored in our smartphones: Photos, music, videos, personal and professional contacts, call logs and SMSs. And you want all this stuff in your new device, don’t you? Avast Mobile Backup was specially designed to make this easier for you. It makes a backup in your Avast account (or in your Google Drive storage) and then allows you to recover them in a new device: All your paid apps and games (with their data) will be restored.
If you have a MicroSD card, remove it from your device and insert it into your PC, making a full copy and paste operation for all files. Remember that many Android devices store photos and other media files in the DCIM folder of the internal memory. Back it up, too.
Make sure your contacts are being synced with your Google account in order to restore them automatically in the new device: Check Settings > Accounts> Google> your email address and verify if “Contacts” is checked and already synced.
2. Disconnect your smartphone from your wireless carrier
This is especially important to allow the buyer to activate his/her own service. If you don’t do that, the phone will be linked to your services and you’ll need to inform the buyer of your email address or your new number so he/she can set up their own account. So, do it now, after you backup your data.
3. Unlink your smartphone from two-factor authentication services
If you set a two-factor authentication in your online accounts, be sure to unlink your device from the online accounts before wiping it (see next step) or selling it. We will post about this next Tuesday, so come back to our blog.
4. Wipe your device
It’s not enough to delete the photos and files from your phone. They will remain there and specialized tools are able to recover them. You need to wipe. But, remember, it’s not enough. Even going for it, you need to use an app or service that deeply wipes, so the files are unrecoverable on your device. Avast Anti-Theft does this for you. You just need to go to your Avast account and send the command to wipe your phone.
Android also offers a factory reset (Settings > Backup & reset > Factory data reset). This step is a no-return one. Make sure you have followed Step 1 consciously.
Of course, it will be good if after that, you remove your SIM card and keep it with you, without selling or passing it away. That allows you to keep your phone number, too.
5. Wipe your memory card
Along with the internal memory of your phone or tablet, many of them allow you to use an external card. To clean it, turn off your phone, remove the card, and use Avast Data Shredder to wipe all the files. If you have our Premier product in your PC, you have access to the data shredder. Put your card in your computer, open Avast, then go for Tools > Data Shredder > Shred whole partition. Choose your card and then click on Shred. If you have Avast Free Antivirus, you can find other free tools on the internet that does the wiping job for you.
6. Inform which accessories and batteries will be sold or passed away
Choose what accessories you will keep with you and inform the buyer exactly what you’re selling, so the buyer knows it prior to the sale.
7. Do some cleaning
Last but not least, cleaning is a nice gesture and rewards the buyer for his purchase. But take care so you don’t harm internal parts by removing dust!
Fedora 20 Security Update: xdg-utils-1.1.0-0.35.rc3.fc20
refresh packaging to 1.1.0-rc3, and include fix for possible command injection vulerability, see https://bugs.freedesktop.org/show_bug.cgi?id=66670