EMC ViPR SRM versions prior to 3.7 suffer from a cross site request forgery vulnerability.
Monthly Archives: April 2016
AWS CAPTCHA Bypass
AWS appears to suffer from a CAPTCHA bypass vulnerability.
Malware ‘used as part of a wider toolkit’ in Bangladesh Bank attack
Malware used by cybercriminals to carry out one of the biggest cyberheists in history is thought to have been “part of a wider attack toolkit”, according to a BAE Systems’ security researcher.
The post Malware ‘used as part of a wider toolkit’ in Bangladesh Bank attack appeared first on We Live Security.
CESA-2016:0695 Critical CentOS 6 firefox SecurityUpdate
CentOS Errata and Security Advisory 2016:0695 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1b99b117160ab472b6f7b02e7daa067de60820352c24b30f9b0d6da90a21a148 firefox-45.1.0-1.el6.centos.i686.rpm x86_64: 1b99b117160ab472b6f7b02e7daa067de60820352c24b30f9b0d6da90a21a148 firefox-45.1.0-1.el6.centos.i686.rpm ef5c69545d39336f0e84ea7588841f770dbffde26cfdde9192fd009e2a614a11 firefox-45.1.0-1.el6.centos.x86_64.rpm Source: 5d2602205b09daa7e5f1fbde0c84131ceabfcb34a11f5fb3ed43844f652adf71 firefox-45.1.0-1.el6.centos.src.rpm
CESA-2016:0695 Critical CentOS 5 firefox SecurityUpdate
CentOS Errata and Security Advisory 2016:0695 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 72c6e8cc275f769961ec0e7349e27cd04a850cf2b446c87be3199f30bebf83e6 firefox-45.1.0-1.el5.centos.i386.rpm x86_64: 72c6e8cc275f769961ec0e7349e27cd04a850cf2b446c87be3199f30bebf83e6 firefox-45.1.0-1.el5.centos.i386.rpm 6c47031dd9e2de144e681e433f01aee9c58913b829ac00f8189d933a010b8088 firefox-45.1.0-1.el5.centos.x86_64.rpm Source: 1cf7031e1734831a5cfcdcb95c11af0447e427cced104533bf6f5ac07d4e2b7f firefox-45.1.0-1.el5.centos.src.rpm
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
Posted by Securify B.V. on Apr 27
————————————————————————
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
————————————————————————
Han Sahin, November 2014
————————————————————————
Abstract
————————————————————————
It was discovered that EMC M&R (Watch4net) does not…
Voo Branded Netgear CG3700b Firmware CSRF / Authentication
Voo branded Netgear CG3700b custom firmware version 2.02.03 suffers from cross site request forgery and insufficient authentication vulnerabilities.
Microsoft Windows CSRSS Privilege Escalation
The CSRSS BaseSrv RPC call BaseSrvCheckVDM allows you to create a new process with the anonymous token, which results on a new process in session 0 which can be abused to elevate privileges.
GreHack 2016 Call For Papers
The GreHack 2016 Call For Papers has been announced. GreHack is an international security conference which takes place in Grenoble (France). It aims to bring together academics, industry, governments, students and hackers to discuss new advances in computer and information security research. This year will be the fourth edition. As always, conferences will take place during the day, and you will be able to test your hacking skills with the Capture The Flag contest that will hold during the night. It will take place on November 18th, 2016.