Posted by Fernando A. Lagos Berardi on Sep 27
Hi Simon,
I have found this vulnerability 1 year ago (july 2015). I’ve tried to
contact them many times but no answers.
cheers,
Fernando
2016-09-22 5:28 GMT-03:00 Simon Rawet <sr () outpost24 com>:
Monthly Archives: September 2016
skype installer dll hijacking vulnerability – CVE-2016-5720
Posted by Tien Phan on Sep 27
Hi,
There are a dll planting vuln in skype installer. This vuln had been
reported to Microsoft but they decided not fix this.
Here is the vulnerability details:
——
Skype installer in Windows is open to DLL hijacking.
Skype looks for a specific DLL by dynamically going through a set of
predefined directories. One of the directory being scanned is the
installation directory, and this is exactly what is abused in this
vulnerability….
Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform
Posted by Francisco Amato on Sep 27
After a long sprint we are proud to present Faraday v2.1:
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that…
Re: CVE-2016-6662 – MySQL Remote Root Code Execution / Privilege Escalation ( 0day )
Posted by Dawid Golunski on Sep 27
Hi Mark,
Thanks for the feedback.
I’ll answer your questions and throw in a few other comments on here
using the occasion that will
hopefully clarify some of the other misconceptions I’ve seen around or
be otherwise useful to someone.
As for SUPER priv requirement.
The short answer is: yes, you are wrong in thinking that (but good
that you question it at least 🙂
SUPER privilege is not required as mentioned in my advisory in the…
Vulnerability Note VU#667480 – AVer EH6108H+ hybrid DVR contains multiple vulnerabilities
Posted by Travis Lee on Sep 27
Vulnerability Note VU#667480
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/667480
Overview:
AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly
earlier, reportedly contains multiple vulnerabilities, including
undocumented privileged accounts, authentication bypass, and information
exposure.
Description:
AVer Information EH6108H+ hybrid DVR is an IP security…
Recon Europe 2017 Call For Papers – January 27 – 29, 2017 – Brussels, Belgium
Posted by cfpbrussels2017 on Sep 27
` . R E C O N * B R U S S E L S .
. . C F P ‘ .
‘ https://recon.cx
. 27 – 29 January 2017 . .
. ‘ Brussels, Belgium .
.
-6)) +
† ….
Call for Papers 0x7E0 hack4 in Berlin
Posted by Daniel Ashton on Sep 27
**********************************
******* 0x7E0 hack4@berlin *******
**********************************
-> Preamble:
Dear audience,
the 3rd row of hack4 the two days security conference in berlin
asks yours kindly to send in papers and workshops for the crowd.
-> Where is the con?
As every year hack4 is in Berlin.
-> When is the con?
29th and 30th of december
-> Who should attend?
As you are reading fd, you.
-> What is…
Mozilla Wants to Drop WoSign as Trusted CA
Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.
EMC ViPR SRM Cross Site Scripting
EMC ViPR SRM versions prior to 4.0.1 suffer from a stored cross site scripting vulnerability.
Adobe Flash 23 Sandbox Bypass
Adobe Flash versions 23 and below local-with-filesystem sandbox bypass via navigateToURL() and UI redressing. Proof of concept included.