Posted by Security Explorations on Nov 30
Hello All,
On Jun 30, 2015 Security Explorations reported a security vulnerability
(Issue 42 assigned CVE-2015-4871) to Oracle affecting Java SE 7 [1].
In our original report [2], we indicated that the vulnerability had its
origin in klassItable::initialize_itable_for_interface method’s
implementation of Java SE 7 HotSpot VM. We have recently learned that
our initial analysis regarding the root cause of Issue 42 was incorrect.
As a…
Red Hat Security Advisory 2015-2524-01 – Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability.
Belkin N150 wireless home routers suffer from cross site request forgery, cross site scripting, session hijacking, and default credential vulnerabilities.
ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.