Posted by Esteban Dauksis on Feb 03
The FAQin Association is proud to announce the call for [ papers,
presentations, proposals ] at FAQin congress
-=] About FAQin Congress
FAQin congress is a free invitation-only underground hacking event in
Madrid, Spain at We Rock venue from 5th to 6th of March. No press, no
cops… Just you, your peers and a bunch of free beer. Think about it.
Attendance is free, attendees must pass a CTF-like challenge to get a
ticket. Full details at…
Posted by David Coomber on Feb 03
Dell SecureWorks iOS Application – MITM SSL Certificate Vulnerability
Posted by Pedro Ribeiro on Feb 03
Hi,
CERT/CC has helped me disclose two vulnerabilities in NETGEAR’s
Pro”safe” Network Management System 300 [1]. Two classical bugs: one
remote code execution via arbitrary file upload and an authenticated
arbitrary file download.
The full advisory can be seen in my repo at [2] and it is also pasted
below. I’ve also released two Metasploit modules to exploit these
vulnerabilities [3][4].
There is currently no fix for these…
Posted by Curesec Research Team (CRT) on Feb 03
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Atutor 2.2
Fixed in: partly in ATutor 2.2.1-RC1, complete in 2.2.1
Fixed Version Link: http://www.atutor.ca/atutor/download.php
Vendor Website: http://www.atutor.ca/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 11/17/2015
Disclosed to public: 02/01/2016
Release mode: Coordinated Release
CVE: n/a…
Posted by Curesec Research Team (CRT) on Feb 03
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Opendocman 1.3.4
Fixed in: 1.3.5
Fixed Version Link: http://www.opendocman.com/free-download/
Vendor Website: http://www.opendocman.com/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 11/21/2015
Disclosed to public: 02/01/2016
Release mode: Coordinated Release
CVE: n/a
Credits Tim Coen of…
Posted by Curesec Research Team (CRT) on Feb 03
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Opendocman 1.3.4
Fixed in: 1.3.5
Fixed Version Link: http://www.opendocman.com/free-download/
Vendor Website: http://www.opendocman.com/
Vulnerability Type: HTML Injection
Remote Exploitable: Yes
Reported to vendor: 11/21/2015
Disclosed to public: 02/01/2016
Release mode: Coordinated Release
CVE: n/a
Credits Tim…
Posted by Manuel Garcia Cardenas on Feb 03
=============================================
MGC ALERT 2016-001
– Original release date: January 26, 2016
– Last revised: February 02, 2016
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
Time-based SQL Injection in Admin panel UliCMS <= v9.8.1
II. BACKGROUND
————————-
UliCMS is a modern web content…
Posted by Karn Ganeshen on Feb 03
GE Industrial Solutions – UPS SNMP Adapter Command Injection and Clear-text
Storage of Sensitive Information Vulnerabilities
*Timelines:*
Reported to ICS-CERT on: July 06, 2015
Fix & Advisory Released by GE: January 25, 2015
Vulnerability ID: GEIS16-01
*GE Advisory: *
http://apps.geindustrial.com/publibrary/checkout/GEIS_SNMP?TNR=Application%20and%20Technical|GEIS_SNMP|PDF&filename=GEIS_SNMP.pdf
<…
Posted by Onur Yilmaz on Feb 03
Information
——————–
Advisory by Netsparker
Name: XSS Vulnerability in MailPoet Newsletters
Affected Software : MailPoet Newsletters
Affected Versions: v2.6.19 and possibly below
Vendor Homepage : http://www.mailpoet.com/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID : TBA
Status : Fixed
Netsparker Advisory Reference : NS-16-001
Description
——————–
By exploiting a Cross-site scripting…
Posted by graphx on Feb 03
# Exploit Title: ASUS RT-N56U Persistent XSS
# Date: 2/2/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://asus.com/
# Version: 3.0.0.4.374_239
1 Description:
It is possible for an authenticated attacker to bypass input sanitation in
the username input field of the Server Center page. An interception proxy
is not required with the use of the developer console and changing the
field value of the username after the third verification task…