Posted by Vic Vandal on Jan 27

CarolinaCon-12 will be held on March 4th-6th, 2016 in Raleigh NC. For the cheap price of $40 YOU could get a full
weekend of talks, hacks, contests, and parties. Regarding the price increase to $40, it was forced due to ever-rising
venue costs. But we promise to provide more value via; great talks, great side events, kickass new attendee badges,
cool giveaways, etc.

We’ve selected as many presentations as we can fit into the lineup….

Posted by murtuja bharmal on Jan 27

TO Commit a SIN is Human.
TO Learn from SINs is a Better Human.
TO Learn from others SINs… its like a Hacker
TO Exploit others SINs with SYN/FIN/ACK/RST

We are proud to present the seventh edition of HackIM 2016 Powered by EMC2.

Starting from : 29th Jan, 2016 10:00 PM (GMT +530)
Battle on Till : 31st Jan 2016 10:00 PM (GMT +530).

Get in the Zone, Register at http://ctf.nullcon.net

Its a not just a CTF its a WAR, WAR on your SIN
Some SINs…

Posted by Imre RAD on Jan 27

The FastCGI Process Manager (FPM) SAPI of PHP was vulnerable to memory
leak and buffer overflow in the access logging feature.

PHP-FPM offers customization of the access log lines based on format
string variables which can be specified with the access.format option of
the FPM configuration file.
The log lines were compiled in php-fpm.c. The %{something}e fields were
processed at line 237:

len2 = snprintf(b, FPM_LOG_BUFFER – len, “%s”,…

Posted by Imre RAD on Jan 27

In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master
process during startup. It is running as root and accepts LSAPI
requests, which in turn specify what user under the script should run.
The LSAPI request is authenticated with a MAC, which is based on
preshared random key between the the PHP and the web server.

We found, the Litespeed PHP SAPI module did not clear this secret in its
child processes so it was available in the…

Posted by Imre RAD on Jan 27

The LiteSpeed SAPI module in PHP did not sanitize several fields of the
LSAPI request correctly. In the source file sapi/litespeed/lsapilib.c,
the parseRequest function calculated addresses of thesevariables in the
following way:

pReq->m_pScriptFile = pReq->m_pReqBuf +
pReq->m_pHeader->m_scriptFileOff;
pReq->m_pScriptName = pReq->m_pReqBuf +
pReq->m_pHeader->m_scriptNameOff;
pReq->m_pQueryString…

Posted by Imre Rad on Jan 27

PHP File Manager 0.9.8 (http://phpfm.sourceforge.net/) is vulnerable to
authentication bypass due to insecure implementation of register globals
emulation. An attacker is able to override the blockKeys array and thus
build a valid session and access all the protected functionality (including
execution of shell commands) without actual knowledge of the password set.

PoC URLs:…

Posted by Shahmeer Baloch on Jan 27

Greetings
Upon communication with the SAP team, i was told to send over the advisory
to you. Please read and revert

Posted by Hacking Corporation Sàrl on Jan 27

—————————————————————————-
Advisory ID: HCA0005 – http://hackingcorp.ch/advisories/HCA0005.pdf
Product: Horizon HD / WiFi
Vendor: Liberty Global plc companies (Unitymedia GmbH, UPC Cablecom, …)
Affected Version(s): unknown
Tested Version(s): current
Vulnerability Type: Weak WiFi passphrase generation
Risk Level: Medium
Vendor Notification: 2015-05-14
Public Disclosure: 2016-01-25, patch ready…