Category Archives: Full Disclosure

Full Disclosure

Hacktivity 2015 CFP

May 22, 2015 007admin

Posted by Ferenc Spala on May 22

Hi all,

Please find our CFP below – would be great to see many submissions from you
😉

[ == Hacktivity 2015 Call For Papers == ]

Conference: October 9-10, 2015

CFP closing date: June 30, 2015

CFP notification to authors: July 31, 2015

Venue: Budapest, Hungary

Web: https://hacktivity.com

Email: cfp _!{at}!_ hacktivity.com

Twitter: @hacktivityconf

Hacktivity is the leading hacking conference in Hungary. Hacktivity brings
together…

Full Disclosure

SAP Security Notes May 2015

May 22, 2015 007admin

Posted by Darya Maenkova on May 22

SAP <http://www.sap.com/>has released the monthly critical patch update
for May 2015. This patch update closes a lot of vulnerabilities in SAP
products, some of them belong in the SAP HANA security area. This month,
three critical vulnerabilities found by ERPScan researchers Dmitry
Chastukhin and Vahagn Vardanyan were closed.

*Issues that were patched with the help of ERPScan*

The detailed list of corrected vulnerabilities that were…

Full Disclosure

[CORE-2015-0010] – Sendio ESP Information Disclosure Vulnerability

May 22, 2015 007admin

Posted by CORE Advisories Team on May 22

1. Advisory Information

Title: Sendio ESP Information Disclosure Vulnerability
Advisory ID: CORE-2015-0010
Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability
Date published: 2015-05-22
Date of last update: 2015-05-22
Vendors contacted: Sendio
Release mode: Coordinated release

2. Vulnerability Information

Class: OWASP Top Ten 2013 Category A2 – Broken Authentication and Session Management…

Full Disclosure

CVE for Apple's ECDHE-ECDSA SecureTransport bug?

May 20, 2015 007admin

Posted by Jeffrey Walton on May 20

Does anyone know if Apple’s ECDHE-ECDSA SecureTransport bug was
assigned a CVE? It affected OS X and iOS.

Effectively, the bug was an implementation error that cause
interoperability failures. To mostly counter it, the cipher suites had
to be disabled, which resulted in a loss of security. If the person
experiencing it did not know the cause, then they were left with a
Denial of Service (DoS).

To be clear, this was a different bug than…

Full Disclosure

CVE ID assignment – eZPublish vulnerability

May 20, 2015 007admin

Posted by us3r777 on May 20

Hi,

I’m trying to get a CVE-ID attributed to the issue discribed bellow.

I tried to contact cve-assign () mitre org two times, on March 31 and on
May 11, but I did not get any answer.

The issue is now public and described here :
http://share.ez.no/community-project/security-advisories/ezsa-2015-001-potential-vulnerability-in-ez-publish-password-recovery

May someone attribute a CVE-ID to this vulnerability please ?

Description…

Full Disclosure

hardwear.io – Hardware Security Conference Call for Papers

May 20, 2015 007admin

Posted by Hardwear Team on May 20

Dear Hackers and Security Gurus,

hardwear is seeking innovative research on hardware security. If you
have done interesting research on attacks or mitigation on any
Hardware and want to showcase it to the security community, just
submit your research paper. Please find all the relevant details for
the submission below.

About hardwear.io
—————————-
Somewhere in the mid of last year, amidst all the news and concerns
surrounding…

Full Disclosure