HP Security Bulletin HPSBGN03352 2 – A potential security vulnerability has been identified with HP Asset Manager. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the RC4 vulnerability known as Bar Mitzvah, which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
Monthly Archives: July 2015
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Original release date: July 07, 2015
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.
Available updates include:
- Firefox 39
- Firefox ESR 38.1
- Thunderbird 38.1
US-CERT encourages users and administrators to review the Security Advisory for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
D-Link 2750u / 2730u Local File Disclosure
D-Link 2750u and 2730u suffer from a local file disclosure vulnerability.
DSA-3305 python-django – security update
Several vulnerabilities were discovered in Django, a high-level Python
web development framework:
Vuln: SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
Grandstream GXV3275 SSH Key / Command Execution
Grandstream GXV3275 ships with a default root SSH key which could be used a backdoor. It also suffers from an issue where restricted commands can be leveraged to break out into a full shell.
[CFP] Hackito Ergo Sum 2015
Posted by tAd on Jul 07
Hi all,
Please find our CFP below:
–[ Hackito Ergo Sum 2015
Conference: October 29-30, 2015
CFP closing date: September 10, 2015
Venue: Paris, France
Web: http://2015.hackitoergosum.org/
Email: hes-cfp_rAt_lists.hackitoergosum.org
Twitter: @hesconference
IRC: #hackito on freenode
–[ CFP
It’s 2015 and we’re still in the place for a new year of hack and fun!
During the two days of HES, research conferences, solutions
presentations,…
Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5
Posted by Larry W. Cashdollar on Jul 07
Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-05
Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling
Vendor: https://profiles.wordpress.org/haet/
Vendor Notified: 2015-07-05, fixed in version 2.6.
Vendor Contact: http://wpshopstyling.com
Description: Customize your WP ecommerce store with HTML mail templates, message content,…
Remote file download in WordPress Plugin mdc-youtube-downloader v2.1.0
Posted by Larry W. Cashdollar on Jul 07
Title: Remote file download in WordPress Plugin mdc-youtube-downloader v2.1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-01
Download Site: https://wordpress.org/plugins/mdc-youtube-downloader
Vendor: https://profiles.wordpress.org/mukto90/
Vendor Notified: 2015-07-01, removed vulnerable code.
Vendor Contact: n.mukto () gmail com
Description: MDC YouTube Downloader allows visitors to download YouTube videos directly from your WordPress…
Fake links in Skype
Posted by Jaanus on Jul 07
http://jaanuskp.blogspot.com/2015/07/fake-links-in-skype.html
The issue in Skype (bit hard to name it a real vulnerability) is actually a
simple one – you can send links that seem to direct user to one URL, but
actually send to some other. This is quite normal and expected in web pages <a
href=”BAD_PLACE”>GOOD_PLACE</a> but it is not expected from Skype, because
Skype creates these links itself and by default you can’t…