Posted by David Vieira-Kurz on Apr 26

CREDITS

========

This issue has been identified by David Vieira-Kurz of Immobilien Scout GmbH.

CVE

====

CVE-2016-3109

AFFECTED PRODUCT

==================

Shopware < 5.1.5 : https://en.shopware.com/

IMPACT

=======

This issue has been triaged with the highest severity (CRITICAL) by the Shopware maintainer because it allows
unauthenticated remote code execution by any attacker! This means that an attacker is able to read ANY files on…

Posted by Paget Philippe on Apr 26

[cid:[email protected]]

# GreHack 2016 – Call For Paper

* website: http://grehack.fr
* online version: http://grehack.fr/data/cfp.txt

## What’s GreHack?

GreHack is an international security conference which takes place in Grenoble (France). It aims to bring together
academics, industry, governments, students and hackers to discuss new advances in computer and information security
research. This year will be the fourth…

Posted by David Leo on Apr 26

The process of AWS login has a feature: if you use “fresh” browser(no cookie, no cache, etc) to sign in, put correct
email and correct password there, CAPTCHA is required(“To better protect your account, please re-enter your password
and then enter the characters as they are shown in the image below”).

And I accidentally noticed this feature can be easily bypassed:

MY SYSTEM
Knoppix 7.6.0 on Read-Only USB Stick – always…

Posted by dev on Apr 26

CVEs pending, screenshots and further examples available soon on my site.

Cross-Site Request Forgery (CSRF) on all form POSTs
———————————————————————————
The Voo branded Netgear CG3700b custom firmware (newest version, V2.02.03)
allows a (context-dependent) attacker to perform a Cross-Site Request
Forgery (CSRF) attack on all configuration setting
(/goform/<settingspage>) page POST…