Posted by Karn Ganeshen on Mar 03
*Schneider Electric Building Operation Automation Server Multiple
Vulnerabilities*
*Reported affected version:*
Schneider Electric Building Operation Automation Server
Firmware: Server 1.6.1.5000
NAME=SE2Linux
ID=se2linux
PRETTY_NAME=SE2Linux (Schneider Electric Embedded Linux)
VERSION_ID=0.2.0.212
*Reported on: *August 2015
*Schneider Electric fix & public disclosure:*
Feb 25, 2016
*URL:*…
Posted by Jonathan Brossard on Mar 03
—-++++++++++++++++++++++++++++++++++++—-
Shakacon VIII – Honolulu, Hawaii
“Sun, Surf, and C Shells”
CALL FOR PAPERS
www.shakacon.org/CFP2016.html
—-++++++++++++++++++++++++++++++++++++—-
Who: Shakacon Crew
What: Shakacon VIII
When: July 11-12 (Training) & July 13-14 (Conference) – 2016
Where: Honolulu, HI – Hawaii Prince Hotel Waikiki
Why: World Class…
Posted by David Leo on Mar 03
When we browse the web, top threats are:
1. Remote code execution – everything is lost
2. Man in the middle – sniffing, and tampering
3. Phishing – simple, old, and still quite useful
4. Cross site scripting – data of the vulnerable domain is lost
5. CSRF – unauthorized action
So, what if the browser can only access HTTPS of whitelist domains? With HTTPS, “man in the middle” is fixed. And with
the whitelist, other attacks become very…
Posted by David Coomber on Mar 03
Panda SM Manager iOS Application – MITM SSL Certificate Vulnerability
Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library.
Multiple vulnerabilities were discovered in the dissectors/parsers for
Pcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,
802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL
and Sniffer which could result in denial of service.
Alvaro Muñoz and Christian Schneider discovered that BeanShell, an
embeddable Java source interpreter, could be leveraged to execute
arbitrary commands: applications including BeanShell in their
classpath are vulnerable to this flaw if they deserialize data from an
untrusted source.
Posted by alendal on Mar 03
============================
Summary:
=========
Application: Vipps by DNB
Operating system: Android
Versions affected: 1.1.33, 1.2.18, 1.2.20, 1.2.44 and 1.2.45
Non-vulnerable version: 1.3.0
Bugs: Cryptographic issues
Vendor notification: 16.02.2016
Vendor fix: 29.02.2016
Author: Gunnar Alendal, alendal (at) nym.hush.com
General description:
====================
The mobile app Vipps for Android has two cryptographic issues regarding generation…
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.