Posted by Pierre Kim on Jul 03
## Advisory Information
Title: iptime n104r3 vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-03-iptime-n104r3-vulnerable-to-CSRF-and-XSS-attacks.html
Date published: 2015-07-03
Vendors contacted: None
Release mode: Released, 0day
CVE: no current CVE
## Product Description
EFMNetworks ipTIME is the largest Korean brand of…
Posted by Stefan Kanthak on Jul 03
“Kevin Beaumont” wrote:
Since AV is utterly useless: who cares that AV doesnt work?!
Those who rely on such snake-oil are lost anyway.
To quote Eva Chen of Trend Micro
<http://www.zdnet.com/trend-micro-antivirus-industry-lied-for-20-years-3039440184/>
| Eva Chen, chief executive of Trend Micro, has strong views about how
| effective the antivirus industry has been over the past 20 years.
|
| According to Chen, the security…
Posted by Kevin Beaumont on Jul 03
All – it is probably bad form to respond to my own post, but I’ve seen some
folk dismiss this out of hand on social media so I wanted to provide two
VERY QUICK proof of concept examples. These were just put together in 10
minutes.
http://owned.lab6.com/~gossi/research/public/packager/
There’s an RTF and .docx version.
You should be able to email these to colleagues. The “Sales Invoice” file
is a .js file executed in…
Posted by Larry W. Cashdollar on Jul 03
Title: SQL Injection in easy2map wordpress plugin v1.24
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.25
Vendor Contact: https://profiles.wordpress.org/stevenellis/
Advisory: http://www.vapid.dhs.org/advisory.php?v=131
Description: The easiest tool available for creating custom & great-looking Google Maps. Add multiple…
Posted by Password Manager Pro Support on Jul 03
Hi Blazej,
Thanks for raising this issue.
We have fixed the vulnerability and have released a hot fix release today. We will send out a security advisory to all
our customers shortly.
You can upgrade PMP to latest version or install the new version 8101 to fix the issue. You can access the release
notes from the below mentioned link.
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html
Let us know if you have any…
Posted by Daniel Wood on Jul 03
Yes this is a pretty good find. I can also confirm it works on iOS 8.3 (12F69) with Safari.
DW
Sent from my iPad
Posted by Federico Fazzi on Jul 03
——————————————————–
Snorby 2.6.2 – Stored Cross-site Scripting Vulnerability
——————————————————–
Vendor
——
Version
——-
2.6.2
Description
———–
During my research and testing of new IDS (Intrusion Detection System)
like Suricata, I’ve
found a Stored Cross-site Scripting (XSS) vulnerability in Snorby (that
I’d like to use…
Posted by anidear on Jul 03
I played around with the code to see if can change it to avoid using the
fork bomb. Here’s what I came up with
https://gist.github.com/ptantiku/d37c364cd13bb31a1ee6
It seems to need at least 500 threads to update the URL at 5ms for this to
work (tested on Chrome x64 43.0.2357.130, Linux, locally).
And the first setInterval() can be substituted for setTimeout(…,10) which
will run only once for waiting the pop-up window to open.
Although…
Soreco AG Xpert.Line version 3.0 suffers from an authentication bypass vulnerability.
Anyone interested in computer security and how it is circumvented, will certainly enjoy the hacking that takes place on USA Network’s hit television show Mr. Robot. The show has been praised not only for its compelling story line but for its “accurate portrayal of cybersecurity and crime.”
Every Wednesday night after the show airs, our host Ariana asks a security expert to help us examine the hacks and explor their ramifications in the real world. We record the conversation and share it with you in our video series, Avast Hack Chat. In addition to the discussion about hacking, we also take a weekly trip back in the Time Machine to revisit special people in the history of computing or how computers have been portrayed in popular culture.
In episode 2 of Avast Hack Chat, Seth Rosenblatt, an independent security and privacy journalist, takes us through the hacks on Mr. Robot. He explains hacking a major corporation’s email servers, destroying your hard drive and SIM card to get rid of evidence, and if critical infrastructure like a natural gas plant can be hacked.
Alan Turing, who is referred to the grandfather of computer science, was recently portrayed in the movie The Imitation Game. Ariana and Pedram talk about his legacy and how the advances he made are still in use today. Plus, a computer bug.
Pedram brings us up-to-date on the celebrity photo hacking that took place last year. He shares why he thinks the hacker was an idiot.
This week’s Tips and Tricks tells you the safe way to go about sexting. Not that we want you to do it, but if you are there’s a way to make sure your messages stay secure and get to the intended recipient (who probably is not some guy sitting behind a desk at the NSA.)
Subscribe to the Avast Hack Chat YouTube channel and don’t miss a single weekly episode.
