Full Disclosure
Posted by up201407890 on May 27
Hello,
During a recent assessment I have stumbled across a system which had
hwclock(8) setuid root
hwclock is a part of util-linux, all versions affected
$ man hwclock | sed -n ‘223,231p’
Users access and setuid
Sometimes, you need to install hwclock setuid root. If you
want users other than the superuser to be able to display the clock
value using the direct ISA I/O
method, install it setuid root. If you have the…
Posted by omarbv on May 27
Hello,
Finally we can share with you most of the videos of the last RootedCON
talks, celebrated in Spain (Madrid) on March as always 🙂
Some of the talks are:
– Infection in BIOS, UEFI and derivatives
– Turia: Development & Operations
– How I met your eWallet
– Can I play with madness
– Bypassing DRM Protections at CDN
– And last but not least important…
– Demystifying Apple Pay
– On Relaying NFC
(and much more)…
Posted by David Coomber on May 27
Thycotic Password Manager Secret Server iOS Application – MITM SSL
Certificate Vulnerability
Posted by Cristiano Maruti on May 27
===============================================================================
title: ClearPass Policy Manager Stored XSS
case id: CM-2014-01
product: Aruba ClearPass Policy Manager
vulnerability type: Stored cross-site script
severity: Medium
found: 2014-11-24
by: Cristiano Maruti (@cmaruti)…
Posted by Adrián M . F . on May 27
# Title: SQLi vulnerabilities in WordPress plugin “GigPress”
# Author: Adrián M. F. – adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/gigpress/
# Active installs: 20,000+
# Vulnerable version: 2.3.8
# Fixed version: 2.3.9
# CVE: CVE-2015-4066
Vulnerabilities (2)
=====================
(1) Authenticated SQLi [CWE-89]
——————————-
* CODE:
admin/handlers.php:87…
Posted by Adrián M . F . on May 27
# Title: Multiple vulnerabilities in WordPress plugin “WordPress Landing
Pages”
# Author: Adrián M. F. – adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/landing-pages/
# Active installs: 20,000+
# Vulnerable version: 1.8.4
# Fixed version: 1.8.5
# CVE: CVE-2015-4064, CVE-2015-4065
Vulnerabilities (2)
=====================
(1) Authenticated SQLi [CWE-89] (CVE-2015-4064)…
Posted by Adrián M . F . on May 27
# Title: Multiple vulnerabilities in WordPress plugin “NewStatPress”
# Author: Adrián M. F. – adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/newstatpress/
# Active installs: 20,000+
# Vulnerable version: 0.9.8
# Fixed version: 0.9.9
# CVE: CVE-2015-4062, CVE-2015-4063
Vulnerabilities (2)
=====================
(1) Authenticated SQLi [CWE-89] (CVE-2015-4062)…
Posted by Securify B.V. on May 25
————————————————————————
Synology Photo Station multiple Cross-Site Scripting vulnerabilities
————————————————————————
Han Sahin, May 2015
————————————————————————
Abstract
————————————————————————
Multiple reflected Cross-Site scripting vulnerabilities…
Posted by Securify B.V. on May 25
————————————————————————
Reflected Cross-Site Scripting in Synology DiskStation Manager
————————————————————————
Han Sahin, May 2015
————————————————————————
Abstract
————————————————————————
A reflected Cross-Site scripting vulnerability was found in…
Posted by Securify B.V. on May 25
————————————————————————
Command injection vulnerability in Synology Photo Station
————————————————————————
Han Sahin, May 2015
————————————————————————
Abstract
————————————————————————
A command injection vulnerability was found in Synology Photo Station,…