Posted by Rodrigo Menezes on Jan 08
Many of us have now been long aware of the possibility of programming an USB device to emulate a keyboard and
automatically send keystrokes in order to perform malicious actions on a computer. Some of the most interesting
payloads that can be used with this technique are based around downloading or creating an executable file and then
running it.
However, defenses such as Windows’ User Account Control (UAC) and SmartScreen might make…
Posted by Onur Yilmaz on Jan 08
Information
——————–
Advisory by Netsparker
Name: XSS Vulnerability in Serendipity
Affected Software : Serendipity
Affected Versions: v2.0.2 and possibly below
Vendor Homepage : http://www.s9y.org
Vulnerability Type : Cross-site Scripting
Severity : Important
Status : Fixed
CVE-ID : CVE-2015-8603
Netsparker Advisory Reference : NS-15-024
Description
——————–
By exploiting a Cross-site scripting vulnerability the attacker…
Posted by Apple Product Security on Jan 08
APPLE-SA-2016-01-07-1 QuickTime 7.7.9
[Re-sending with a valid signature]
QuickTime 7.7.9 is now available and addresses the following:
QuickTime
Available for: Windows 7 and Windows Vista
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory…
Posted by changzhao.mao () dbappsecurity com cn on Jan 08
Application: Cacti
Vendor URL: http://www.cacti.net
Bugs: SQL injection
Author:changzhao.mao(DBAPPSecurity Ltd)
Version affected: 0.8.8f and prior
================================
Introduction
================================
Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate
them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to…
Posted by Onur Yilmaz on Jan 08
Information
——————–
Advisory by Netsparker
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions: v2.1.0.1 and possibly below
Vendor Homepage : http://www.opencart.com
Vulnerability Type : Cross-site Scripting
Severity : Important
Status : Fixed
CVE-ID : CVE-2015-4671
Netsparker Advisory Reference : NS-15-023
Description
——————–
By exploiting a Cross-site scripting vulnerability the attacker…
Posted by Andraz Sraka on Jan 08
-=[ #BSidesLjubljana ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Event info:
BSidesLjubljana – https://bsidesljubljana.si
Date: March 9th, 2016
Venue: Poligon creative centre, Ljubljana, Slovenia, Europe
CFP URL: https://bsidesljubljana.si/cfp/
CFP Submit form: http://goo.gl/forms/rzLHcHBHau
Email: cfp[at]bsidesljubljana.si
Twitter: @BSidesLjubljana
-=[ CALL FOR PAPERS ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
After great success of first…
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php.
Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.