Full Disclosure
Posted by Vulnerability Lab on Jun 02
Document Title:
===============
WebDrive 12.2 (B4172) – Buffer Overflow Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1500
Release Date:
=============
2015-06-01
Vulnerability Laboratory ID (VL-ID):
====================================
1500
Common Vulnerability Scoring System:
====================================
6.8
Product & Service Introduction:…
Posted by Tomi Tuominen on Jun 02
#
# t2’15 – Call For Papers (Helsinki, Finland) – October 29 – 30, 2015
#
Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally
lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without any
recollection how you got there? Helsinki offers you the safe and comfortable low-temperature alternative with a chance
of first snow….
Posted by Milos Krasojevic on Jun 02
Hi all,
This is our Call for Papers for 3rd Balkan Computer Congress. It would
be awesome to see many submissions from you guys.
Call for Papers for 3rd Balkan Computer Congress – BalCCon2k15
11|12|13 September 2015, Novi Sad, Vojvodina, Serbia, Europe, Earth,
Milky Way
=========
The Event
=========
Balkan Computer Congress has been conceptualized as a three days
gathering of the international hacker community in the…
Posted by DAU Huy Ngoc on Jun 02
Hello list,
Here are two CVEs I reported to Freebox, a french ISP:
– CVE-2014-9382 – CSRF in VPN user account creation
– CVE-2014-9405 – XSS
Vulnerable product: Freebox OS Web interface 3.0.2.
CVE-2014-9382 – CSRF in Freebox OS Web interface 3.0.2 allowing VPN user
account creation
====================
Risk level: High
Freebox allows users to create VPN connections to their home network.
In version 3.0.2 when a new user is created, the…
Posted by Genevieve Southwick on Jun 02
————————BEGIN TRANSMISSION——————–
**SOURCE Dublin 2015 Call for Papers is Open!**
SOURCE Dublin
Training September 5-6, 2015
Conference September 7-8, 2015
Trinity College
Submit at: https://sourcedublin2015.busyconf.com/proposals/new
**What is SOURCE?**
SOURCE Conference brings security experts and business professionals
together in an intimate and personal environment to discuss the security
industry’s most…
Posted by Michal Zalewski on May 31
Well… http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html
Posted by MustLive on May 31
Hello list!
There is XML Injection vulnerability in multiple Hikvision IP cameras and
DVR. Earlier I wrote about Abuse of Functionality and Brute Force
vulnerabilities in multiple Hikvision IP cameras and DVR
(http://seclists.org/fulldisclosure/2015/Mar/161).
————————-
Affected vendors:
————————-
Hikvision
http://www.hikvision.com
————————-
Affected products:
————————-…
Posted by MustLive on May 31
Hello list!
I want to warn you about Cross-Site Scripting vulnerability in IBM Domino.
This is one from many vulnerabilities in Domino, which I’ve found at
03.05.2012. In previous years I wrote about multiple vulnerabilities in
Lotus Domino (http://securityvulns.ru/docs29277.html) and Lotus Notes
Traveler (http://securityvulns.ru/docs30224.html).
During 2012-2013 I informed IBM that have other holes in Domino (as this
XSS), besides…
Posted by Zach C on May 31
Part 6 is live! We continue reversing the undocumented Netgear
firmware header by debugging the embedded HTTP server. We identify two
more fields, including an unknown checksum. A disassembly-to-python
reimplementation of the checksum algorithm is provided in this week’s
update to the example code.
Here’s a link:
http://shadow-file.blogspot.com/2015/05/abandoned-part-06.html
I forgot to include the link to part 5 in last week’s…
Posted by vishnu raju on May 31
Hi List,
Greetings from Vishnu(@dH4Wk)
This is a responsible disclosure. Google brushed of this finding, as in
their point of view everything works as intended :-P..
*Summary*
Google’s OAuth is used by many third party vendors to authenticate their
users.
Condition for the bug to be exploited:
An active Google session
*Affected Parties*:
[1] Google users
[2] Third parties who use google OAuth
Affected Security Aspects
[1]…