iScripts EasyCreate version 3.0 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Monthly Archives: January 2016
ManageEngine Eventlog Analyzer 10 Privilege Escalation
ManageEngine Eventlog Analyzer versions 4.0 through 10 suffer from a privilege escalation vulnerability.
HP Security Bulletin HPSBHF03419 3
HP Security Bulletin HPSBHF03419 3 – A potential security vulnerability has been identified in HPE Networking Products. This is a Virtual routing and forwarding (VRF) hopping vulnerability that could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access. Note: This vulnerability could be exploited remotely as a result of the following network interface conditions: VRF (Virtual Routing and Forwarding) is enabled. MPLS (Multiprotocol Label Switching) is disabled. MPLS-labeled packets are received that match FIB (Forwarding Information Base) entries. When all the above conditions exist, the interface could incorrectly forward the MPLS-labeled packets. Revision 3 of this advisory.
ManageEngine Network Configuration Management Build 11000 CSRF
ManageEngine Network Configuration Management build 11000 suffers from a cross site request forgery vulnerability.
Police Using Planes Equipped with Dirtbox to Spy on your Cell Phones
The Anaheim Police Department of California — Home of Disneyland — admitted that they used special Cell Phone surveillance technology, known as DirtBox, mounted on aircraft to track millions of mobile users activities.
More than 400 pages of new documents [PDF] published Wednesday revealed that Local Police and federal authorities are using, DRTBox, an advanced version of Dirtbox developed
BlackEnergy malware deployed using malicious Word docs – SC Magazine
10 Moves That Threaten Your Company’s Security – Information Week
The Malware That Led to the Ukrainian Blackout – VICE Motherboard
Threatpost News Wrap, January 29, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor.
Avira Cross Site Scripting
translate.avira.com suffers from a cross site scripting vulnerability.