Posted by nullcon on Aug 24
Dear Hackers and Security Pros,
Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.
What is 8-bit?
As a tradition of…
Posted by gen type on Aug 24
#############################################
Dotclear 2.9.1 Malicious File Upload Restriction Bypass
#############################################
[+] Software: https://dotclear.org/
[+] Author: Wiswat Aswamenakul
[+] Affected version: only tested on 2.9.1 (previous version might be
affected)
[+] Platform: tested on Ubuntu 14.04, PHP 5.5.9
[+] Description
Dotclear has a feature to upload files in Media Manager. However, by
default, there is a…
Posted by gen type on Aug 24
#################################
Dotclear 2.9.1 SSRF/XSPA Vulnerability
#################################
[+] Software: https://dotclear.org/
[+] Author: Wiswat Aswamenakul
[+] Affected version: only tested on 2.9.1 (previous version might be
affected)
[+] Platform: tested on Ubuntu 14.04, PHP 5.5.9
[+] Description
Dotclear has a feature to import blog content through RSS feed.
Authenticated users could have access to this feature. The feature…
Posted by Julien Ahrens on Aug 24
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AlienVault USM/OSSIM
Vendor URL: www.alienvault.com
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-05-24
Date published: 2016-08-23
CVSSv3 Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2016-6913
2. CREDITS
==========
This vulnerability was discovered and researched by Julien…
Posted by gen type on Aug 24
######################################
Dotclear 2.9.1 Directory Download Vulnerability
######################################
[+] Software: https://dotclear.org/
[+] Author: Wiswat Aswamenakul
[+] Affected version: only tested on 2.9.1 (previous version might be
affected)
[+] Platform: tested on Ubuntu 14.04, PHP 5.5.9
[+] Description
Authenticated users with media manager access permission are allowed to
download media directories in zip file…
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
nullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 3rd through the 4th, 2017.
Red Hat Security Advisory 2016-1763-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.