Boxoft WAV to MP3 Converter version 1.0 SEH-based buffer overflow exploit.
Monthly Archives: June 2016
British Drone Freezing Ray Gets US Airports Trial
How LinkedIn's Password Sloppiness Hurts Us All
Myspace Blames Data Breach On Russian Hacker Behind LinkedIn And Tumblr Attacks
Windows 10 Zero Day Selling For $90,000
Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes!
Posted by Francisco Amato on Jun 01
A brand new Faraday version is ready! Faraday v1.0.20 is here,
bringing more functionality to our GTK interface and other cool new
features.
If you’ve been keeping up with Faraday, on our last release
http://blog.infobytesec.com/2016/04/prepare-warm-welcome-for-faraday-v1019.html
we published a new experimental GTK interface. In this iteration we
added several missing features and fixed a lot of small bugs.
You will probably notice the…
MitM Attack against KeePass 2's Update Check
Posted by Bogner Florian on Jun 01
MitM Attack against KeePass 2’s Update Check
Metadata
===================================================
Release Date: 02-03-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: all tested version up to the current 2.33
Tested on: Windows 7
CVE : CVE-2016-5119
URL: https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Video: https://youtu.be/gOxcQSbpA-Q
Vulnerability Status:…
XSS in CMSimple <= v4.6.2
Posted by Manuel Garcia Cardenas on Jun 01
=============================================
MGC ALERT 2016-004
– Original release date: May 28, 2016
– Last revised: June 1, 2016
– Discovered by: Manuel Garcia Cardenas
– Severity: 4,8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
Reflected XSS in CMSimple <= v4.6.2
II. BACKGROUND
————————-
CMSimple is a php based Content Managemant System (CMS) , which…
Keystone Assembler Engine is out!
Posted by Nguyen Anh Quynh on Jun 01
Greetings,
We are very excited to announce the first public release of Keystone
Engine, the multi-arch, multi-platform, multi-bindings assembler framework
you are all longing for!
Keystone Engine offers some unparalleled features:
– Multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon,
Mips, PowerPC, Sparc, SystemZ & X86 (include 16/32/64bit).
– Clean/simple/lightweight/intuitive architecture-neutral API.
– Implemented…
CVE-2016-3670 Stored Cross Site Scripting in Liferay CE
Posted by Fernando Camara on Jun 01
Fernando Câmara @ Integrity S.A
www.integrity.pt
https://twitter.com/overflowy
https://labs.integrity.pt/advisories/cve-2016-3670/
—
CVE-2016-3670 Stored Cross Site Scripting in Liferay CE
1. Vulnerability Properties
Title: Stored Cross-Site Scripting Liferay CE
CVE ID: CVE-2016-3670
CVSSv3 Base Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Vendor: Liferay Inc
Products: Liferay
Advisory Release Date: 27 May 2016
Advisory URL:…