Posted by vishnu raju on Jan 05
Dear List,
Greetings from vishnu (@dH4wk)
1. Vulnerable Product
– Advanced Encryption Package
– Company http://www.aeppro.com/
2. Vulnerability Information
(A) Buffer OverFlow
Impact: Attacker gains administrative access
Remotely Exploitable: No
Locally Exploitable: Yes
3. Vulnerability Description
A 1006 byte causes the overflow. It is due to the inefficient/improper
handling of exception. This is an SEH based…
Posted by MustLive on Jan 05
Hello list!
Happy New Year!
There are multiple vulnerabilities in Office Document Reader for iOS. There
are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities.
Earlier I’ve informed developer of Office Document Reader about this and
other his software.
————————-
Affected products:
————————-
Vulnerable are Office Document Reader 5.1.13 for iOS and previous versions.
Vulnerable as paid,…
Posted by Sebastian Perez on Jan 05
[Systems Affected]
Product : Confluence
Company : Atlassian
Versions (1) : 5.2 / 5.8.14 / 5.8.15
CVSS Score (1) : 6.1 / Medium (classified by vendor)
Versions (2) : 5.9.1 / 5.8.14 / 5.8.15
CVSS Score (2) : 7.7 / High (classified by vendor)
[Product Description]
Confluence is team collaboration software, where you create, organize and
discuss work with your team. it is developed and marketed by Atlassian.
[Vulnerabilities]
Two vulnerabilities…
Posted by Pierre Kim on Jan 05
## Advisory Information
Title: Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html
Date published: 2016-01-05
Vendors contacted: Google, MITRE
Organization contacted: Riseup
Release mode: Released
CVE: CVE-2015-7944, CVE-2015-7945
CNNVD: no current CNNVD
## Product Description
Ganeti is…
Posted by freeman on Jan 05
CALL FOR PAPERS – NUIT DU HACK – 02/03 JULY 2016
If you’re reading this, you know what NDH and a CFP stands for, so I
won’t bother you that long.
Conference format: 45min, including 5 to 10min of Q&A
Submission: submit.hackerzvoice.net
Deadline: April 10th
Announcement: April 25th
Beer, kudos, awkward hugs, travel expenses, and many more for the lucky
ones.
If you’re not familiar with all this, let us present you Le French…
Posted by Uğur Cihan KOÇ on Jan 05
Document Title:
===============
Alcatel Lucent Home Device Manager – Management Console Multiple XSS
CVE-Number:
===========
CVE-2015-8687
Release Date:
=============
03 Jan 2016
Abstract Advisory Information:
=============================
Ugur Cihan Koc discovered ten Reflected XSS
vulnerabilities Alcatel Lucent Home Device Manager – Management Console
Vulnerability Disclosure Timeline:
==================================
10 Dec 2015 Bug…
Posted by Stefan Kanthak on Jan 05
Hi @ll,
quite some utilities offered for free by Kaspersky Lab load and execute
rogue/bogus DLLs (UXTheme.dll, HNetCfg.dll, RichEd20.dll, RASAdHlp.dll,
SetupAPI.dll, ClbCatQ.dll, XPSP2Res.dll, CryptNet.dll, OLEAcc.dll etc.)
eventually found in the directory they are started from (the “application
directory”).
For software downloaded with a web browser the application directory is
typically the user’s “Downloads”…
Posted by Eitan Caspi on Jan 05
Initial note: The vendor has graded this issue as a vulnerability graded as “High” in my email exchange with it, but
eventually posted the issue as a “Know Issue”, so some of this issue’s characteristic that follows can be treated as
initial ones, as I ask the IS community to look into this issue and give a “second opinion” about it. Thank you.
Suggested severity level: High (per the vendor’s initial…
The Alcatel Lucent Home Device Manager management console suffers from multiple cross site scripting vulnerabilities.
Researchers at Synacktiv have disclosed a vulnerability in the Cisco Jabber Client for various platforms that exposes devices to man-in-the-middle attacks.