IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Monthly Archives: February 2017
CVE-2016-6099
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
Call for Speakers for CCCC17 in Copenhagen
Posted by Peter Kruse on Feb 02
Hi,
We are proud to announce the “Call for Speakers” and “Save the Date” for the 5th Copenhagen #cybercrime Conference to
be held on the 24th of May 2017 in Copenhagen, Denmark.
More details:
http://www.cyberhagen.com
Event registration will open shortly.
Please no marketing presentations.
CCCC17 is about knowledge sharing, no sales.
Cheers,
Peter
Re: Free ebook to learn ethical hacking techniques
Posted by elendil el on Feb 02
Hi,
Thanks for sharing, though I am not sure this is the right mailing list to
do so (imo).
However, you seem to raise an interesting point. @List: Do we have stuff
going on the mainframe guys ? 0days, vulns, exploits, etc ?
I’ve gone through FD archives but could not get something.
Thanks !
2017-01-29 12:11 GMT+01:00 Sparc Flow <sparc.flow () protonmail com>:
Re: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE …)
Posted by Pierre Kim on Feb 02
Hello,
Following the advisory posted to FD and Buqtraq about the Dlink DWR-932B router,
the complete version on analyzing the security on the corrected
firmware for Dlink 932B LTE
routers is posted here:
https://pierrekim.github.io/blog/2017-02-02-update-dlink-dwr-932b-lte-routers-vulnerabilities.html
Please find a text-only version below sent to security mailing lists.
=== text-version of the advisory ===
An update on this post:
MITRE…
[FOXMOLE SA 2016-07-05] ZoneMinder – Multiple Issues
Posted by FOXMOLE Advisories on Feb 02
=== FOXMOLE – Security Advisory 2016-07-05 ===
Zoneminder multiple vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected Versions
=================
Zoneminder 1.29,1.30
Issue Overview
==============
Vulnerability Type: SQL Injection, Cross Site Scripting, Session Fixation, No CSRF Protection
Technical Risk: high
Likelihood of Exploitation: medium
Vendor: Zoneminder
Vendor URL: https://zoneminder.com/
Credits: FOXMOLE employee Tim Herres…
HP Printers Wi-Fi Direct Improper Access Control
Posted by Info on Feb 02
HP Printers Wi-Fi Direct Improper Access Control
——————————————————————————–
1. Advisory Information
Title: HP Printers Wi-Fi Improper Access Control
Advisory ID: NESESO-2017-0111
Advisory URL: http://neseso.com/advisories/NESESO-2017-0111.pdf
Date published: 2017-02-01
Date of last update: 2017-02-01
Vendors contacted: Hewlett Packard
Release mode: User Release…
WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update
WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week
Printing and Marketing Firm Leaks High-Profile Customers’ Data
MacKeeper says it has found gigabytes of sensitive personal data stored by PIP Printing and Marketing Services and accessible online.
Google Adds Security Key Enforcement to G Suite Apps, Hosted S/MIME to Gmail
Google pumped more life into the use of physical keys as a second form of authentication when it added Security Key enforcement support to G Suite.