Monthly Archives: January 2016

CentOS

CEEA-2016:0026 CentOS 7 ahci Enhancement Update

CentOS Errata and Enhancement Advisory 2016:0026 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0026.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
6b5d15024f2fa78a95bd5fc3722b219bd4aaab85e83caf64eff877c621dd4f9e  kmod-ahci-327_RH1-1.el7_2.x86_64.rpm

Source:
ab6782c2a8518c0abc7ad3e1d21dcd8a7e4697efd0e1db6a82b3658716016134  ahci-327_RH1-1.el7_2.src.rpm
Full Disclosure

Html injection Dolibarr 3.8.3

Posted by NaxoneZ . on Jan 13

# Title: HTML Injection in dolibarr
# Author: Sergio Galán – @NaxoneZ
# Date: Dec 24,2015
# Vendor Homepage: *http://www.dolibarr.es/ <http://www.dolibarr.es/>*
# Vulnerable version: < 3.8.3
# CVE: CVE-2015-8685

Dolibarr no properly escape untrusted data to prevent injection in the
text fields.

Any examples of fields affected are the parameter url from external
calendar or the bank’s name field (maybe others can be affected)….

Full Disclosure

EasyDNNnews Reflected XSS

Posted by Peter Lapp on Jan 13

Details
=======

Product: EasyDNNnews
Vulnerability: Reflected XSS
Author: Peter Lapp, lappsec () gmail com
CVE: None
Vulnerable Versions: <7.5
Fixed Version: 7.5

Summary
=======

module that enables non-technical users to publish and manage articles,
news, press releases, stories and editorials.”

During an engagement it was discovered that reflected XSS could be achieved
in two locations by appending a bogus GET parameter that…

Hackers News

How to Hack WiFi Password from Smart Doorbells

The buzz around The Internet of Things (IoT) is growing, and it is growing at a great pace.

Every day the technology industry tries to connect another household object to the Internet. One such internet-connected household device is a Smart Doorbell.

Gone are the days when we have regular doorbells and need to open the door every time the doorbell rings to see who is around.

<!– adsense