Digital Forensics pros,
InfoSec pros,
h4x0rs,
stuff breakers,
g33k girls,
The first BloomCON Forensics and Security conference will be held February
5-6, 2016 in Bloomsburg, PA (USA). We are
now officially accepting presentation and workshop submissions for the
event. We will have two speaking and one workshop tracks. We are looking
for talks of 25 or 50 minutes in length and 2-hr or 4-hr workshops.
There are some news sites that confuse this Magento/Zend Framework
vulnerability with an old SOAP parser xxe vulnerability of CVE-2013-1643
in the PHP core which was fixed in PHP 5.4.13 in 2013.
The incorrect news may give false sense of security to users with
newer PHP versions when in fact, their Magento installation may be
affected.
I wanted to clarify that the Magento/Zend Framework vulnerability I reported
does not depend on this old…
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via “malicious traffic.”
The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.