Posted by Guang Gong on Mar 12

Correct the format

#############################################################################
#
# QIHU 360 SOFTWARE CO. LIMITED http://www.360safe.com/
#
#############################################################################
#
# CVE ID: CVE-2015-1474
# Product: Android
# Vendor: Google
# Subject: Integer overflow leading to heap corruption while unflattening
GraphicBuffer
# Effect: Gain privileges or cause a denial of…

Posted by Guang Gong on Mar 12

Correct the format

#############################################################################
#
# QIHU 360 SOFTWARE CO. LIMITED http://www.360safe.com/
#
#############################################################################
#
# CVE ID: CVE-2015-1530
# Product: Android
# Vendor: Google
# Subject: An integer overflow in Android media could be exploited to get
media_server permission
# Effect: Gain privileges or cause a denial…

Posted by Brandon Perry on Mar 12

Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 web
interface with a hardcoded session secret
of 8e238c9702412d475a4c44b7726a0537.

This can be used to achieve unauthenticated remote code execution as the
nginx user on vulnerable systems.

msf exploit(rails_secret_deserialization) > show options

Module options (exploit/multi/http/rails_secret_deserialization):

Name Current Setting…

Posted by ITAS Team on Mar 11

#Vulnerability title: Community Gallery – Srored Corss-Site Scripting
vulnerability
#Product: Community Gallery
#Vendor: https://www.woltlab.com
#Affected version: Community Gallery 2.0 before 12/10/2014
#Download link:
https://www.woltlab.com/purchase/?products[]=com.woltlab.gallery
#Fixed version: Community Gallery 2.0 after 12/26/2014
#CVE ID: CVE-2015-2275
#Author: Pham Kien Cuong (cuong.k.pham () itas vn) & ITAS Team (www.itas.vn)…

Posted by Guang Gong on Mar 11

#############################################################################
#
# QIHU 360 SOFTWARE CO. LIMITED http://www.360safe.com/
#
#############################################################################
#
# CVE ID: CVE-2015-1530
# Product: Android
# Vendor: Google
# Subject: An integer overflow in Android media could be exploited to get
media_server permission
# Effect: Gain privileges or cause a denial of service
#…

Posted by Guang Gong on Mar 11

#############################################################################
#
# QIHU 360 SOFTWARE CO. LIMITED http://www.360safe.com/
#
#############################################################################
#
# CVE ID: CVE-2015-1474
# Product: Android
# Vendor: Google
# Subject: Integer overflow leading to heap corruption while unflattening
GraphicBuffer
# Effect: Gain privileges or cause a denial of service
# Author: Guang…

Posted by Nguyen Anh Quynh on Mar 11

Greetings,

We are pleased to announce version 3.0.2 of Capstone disassembly framework!

This stable release brings some important bugfixes for X86, Arm, Mips &
Cython binding. All users are encouraged to upgrade.

Further information is available at
http://capstone-engine.org/Version-3.0.2.html

Thanks,
Quynh

Posted by Roee Hay on Mar 11

Hi,

We have recently discovered a vulnerability in the Dropbox SDK for Android.
This vulnerability may enable theft of sensitive information from apps that
use the vulnerable Dropbox SDK both locally by malware and also remotely by
using drive-by exploitation techniques.

The vulnerability is identified as CVE-2014-8889.

We had privately reported the issue to the Dropbox team which soon provided
a fix with version 1.6.2 of the SDK.

More…

Posted by CORE Advisories Team on Mar 10

Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/

Windows Pass-Through Authentication Methods Improper Validation

1. *Advisory Information*

Title: Windows Pass-Through Authentication Methods Improper Validation
Advisory ID: CORE-2015-0005
Advisory URL:
http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation
Date published: 2015-03-10…

Posted by Jing Wang on Mar 10

*Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: Vastal I-tech phpVID Multiple XSS Security Vulnerabilities
Product: phpVID
Vendor: Vastal I-tech
Vulnerable Versions: 1.2.3 0.9.9
Tested Version: 1.2.3 0.9.9
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base…