Full Disclosure
Posted by Securify B.V. on Mar 20
————————————————————————
Viber for Android exposes insecure Javascript interface
————————————————————————
Yorick Koster, April 2014
————————————————————————
Abstract
————————————————————————
It was discovered that Viber’s Sticker Market is affected by…
Posted by Jouko Pynnonen on Mar 19
*Overview*
Google Analytics by Yoast is a WordPress plug-in for monitoring website
traffic. With approximately seven million downloads it’s one of the most
popular WordPress plug-ins.
A security vulnerability in the plug-in allows an unauthenticated attacker
to store arbitrary HTML, including JavaScript, in the WordPress
administrator’s Dashboard on the target system. The JavaScript will be
triggered when an administrator views the…
Posted by BSidesLV Info on Mar 19
CFP: https://bsideslv.org/cfp/
First Round CFP closes April 15th. Round two opens May 25th and closes June
8th.
BSidesLV 2015 will consist of seven main speaking tracks and one workshop
track.
It will also include Passwords, however they have a separate CFP.
Look for that at https://passwordscon.org/
Proving Ground – First-time speaker* mentor-ship and scholarship program.
Get matched with a great mentor who will help you craft your talk and…
Posted by Nick Boyce on Mar 19
Maybe you didn’t supply all the information required for a CVE to be
assigned ? There are a *huge* number of potential security-related
flaws being discovered in open-source software now as various
researchers pour a lot of effort into auditing – and discussions about
these flaws frequently get bogged down in whether or not the flaw is
“by design” or “as documented” or is just crappy programming but
doesn’t actually…
Posted by Peter Adkins on Mar 19
I’ve encountered a similar issue earlier this year.
I’m in the same boat with regards to wondering whether there was a
problem with content / submission – despite following the supplied
guidelines – or whether the delay in response is due to workload and
prioritization.
Initially I had responses to requests for CVE assignments from Mitre
after around 12 days. However, after replying with the requested
information it went dark, and I…
Posted by Daniel Wood on Mar 19
Unfortunately, this has been happening to many people within the last year.
My suggestion is to assign your own numbering schema to them and post the details. If they gain momentum then you may
get one assigned anyway if it’s serious enough.
Sent from my iPhone
Posted by Steven M. Christey on Mar 19
We recognize that some requesters have experienced delays, and
sometimes lengthy delays, in getting CVE IDs assigned. We apologize
for those delays.
The number of cve-assign requests has been growing dramatically, as
has the number of unique and new requesters. Our goal is always to
provide reasonable response times, and we were caught by the spike in
requests.
We are working to improve our responsiveness through a combination of
process…
Posted by Securify B.V. on Mar 19
————————————————————————
Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting
————————————————————————
Han Sahin, August 2014
————————————————————————
Abstract
————————————————————————
It was discovered that the help pages of Citrix VPX…
Posted by Securify B.V. on Mar 19
————————————————————————
Command injection vulnerability in Citrix NITRO SDK xen_hotfix page
————————————————————————
Han Sahin, August 2014
————————————————————————
Abstract
————————————————————————
Securify discovered a command injection vulnerability in…
Posted by Securify B.V. on Mar 19
————————————————————————
Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting
————————————————————————
Han Sahin, August 2014
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the…