Posted by jungle Boogie on Mar 17

Your URL is wrong.

Correct location:
http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow

Posted by Sachin Wagh on Mar 17

*Product: Bulletproof SecurityExploit Author: Sachin WaghAffected Version:
0.53.2*

*Fixed Version:** 0.53.3 *
(http://forum.ait-pro.com/forums/topic/bps-changelog/
<http://forum.ait-pro.com/forums/topic/bps-changelog/>)

*Home page Link: https://wordpress.org/plugins/bulletproof-security/
<https://wordpress.org/plugins/bulletproof-security/>*

*Detail:*

The Bulletproof Security plugin for WordPress is prone to a multiple
cross-site…

Posted by Laël Cellier on Mar 17

Hello, original report describing the first overflow full details is
here http://pastebin.com/UX2P2jjg or at the attachment
The aim is to push a crafted tree object if the target is a server or
make a client cloning a crafted repository.

Of course everything Peff talked about above is now fixed in git 2.7.1
with the removal of path_name() and the size_t/overflow check in
tree-diff.c. It was even fixed earlier for users of github enterprise….

Posted by Weidenhamer, Andrew on Mar 17

We are pleased to announce our annual OWASP AppSec USA 2016 conference to be to be held at the Renaissance Washington
DC on October 11th<http://airmail.calendar/2016-10-11%2012:00:00%20EDT> – 14th. We are actively looking for Call for
Papers and Call for Trainings which can be found at the official OWASP AppSec USA 2016 website below:

https://2016.appsecusa.org<https://2016.appsecusa.org/>

If you have any other cool ideas for…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Zenphoto 1.4.11
Fixed in: 1.4.12
Fixed Version Link: https://github.com/zenphoto/zenphoto/archive/
zenphoto-1.4.12.zip
Vendor Website: http://www.zenphoto.org/
Vulnerability Type: RFI
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to 03/15/2016
public:
Release mode: Coordinated Release
CVE:…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: PivotX 2.3.11
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://pivotx.net/
Vulnerability Type: Reflected XSS
Remote Exploitable: Yes
Reported to vendor: 01/20/2016
Disclosed to public: 03/15/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview

PivotX is a…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: PivotX 2.3.11
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://pivotx.net/
Vulnerability Type: Directory Traversal
Remote Exploitable: Yes
Reported to vendor: 01/20/2016
Disclosed to public: 03/15/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview

PivotX…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: PivotX 2.3.11
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://pivotx.net/
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 01/20/2016
Disclosed to public: 03/15/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview

PivotX is a…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: BigTree 4.2.8
Fixed in: BigTree 4.2.9
Fixed Version Link: https://www.bigtreecms.org/download/
Vendor Website: https://www.bigtreecms.org/
Vulnerability Type: Object Injection & Improper Filename Sanitation
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 03/15/2016
Release mode: Coordinated Release
CVE:…

Posted by Stefan Kanthak on Mar 17

Hi @ll,

this multipart post does not require a MIME-compliant MUA.-)

Part 0:
~~~~~~~

On Windows 7 (other versions of Windows not tested for this
vulnerability, but are likely vulnerable too) all executable
installers/self-extractors based on Microsoft’s SFXCAB [*]
load and execute a rogue CryptDll.dll from their application
directory instead of %SystemRoot%System32CryptDll.dll.

For software downloaded with a web browser the application…