Full Disclosure
Posted by VMware Security Response Center on Dec 10
————————————————————————
VMware Security Advisory
Advisory ID: VMSA-2014-0014
Synopsis: AirWatch by VMware product update addresses information
disclosure vulnerabilities
Issue date: 2014-12-10
Updated on: 2014-12-10 (Initial Advisory)
CVE number: CVE-2014-8372
————————————————————————
1. Summary
AirWatch by…
Posted by Walter Hop on Dec 10
Multiple vulnerabilities in InfiniteWP Admin Panel
https://lifeforms.nl/20141210/infinitewp-vulnerabilities/
—–
InfiniteWP (http://www.infinitewp.com/) allows an administrator to manage multiple WordPress sites from one control
panel. According to the InfiniteWP homepage, it is used on over 317,000 WordPress sites.
The InfiniteWP Admin Panel contains a number of vulnerabilities that can be exploited by an unauthenticated remote
attacker….
Posted by Adrian Furtuna on Dec 10
Dear List,
I am pleased to announce the release of a new tool that I have recently
developed – called PuttyRider.
In a few words, PuttyRider injects a DLL into a running putty.exe process
in order to sniff all communication and inject Linux commands on the remote
server.
This can be useful in an internal penetration test when you already have
access to a sysadmin’s machine who has a Putty session open to a Linux
server. You can use PuttyRider…
Posted by Brandon Vincent on Dec 09
This looks like a Jynx derived rootkit which relies on LD_PRELOAD [1].
[1] http://volatility-labs.blogspot.com/2012/09/movp-24-analyzing-jynx-rootkit-and.html
Brandon Vincent
Posted by Ed Tredgett on Dec 09
Check the following link out it may provide you with a greater insight as is looks like that rootkit from the
information you’ve provided, which I’ve found floating around recently
https://gitorious.org/dongforce/main/source/e08f161206e31cc12f1a874d8add153764564065:__UMBREON__
Ed
Posted by Colin Keigher on Dec 09
The third annual Security B-Sides Vancouver is an information security
conference that will be held March 16th and 17th in Vancouver, British
Columbia, Canada.
We love to see brand new speakers, seasoned speakers, and everyone in
between!
Topics of interest include (but are in no way limited to) the following,
preference given to talks that actually provide solutions as as well as
insight to problems:
– Information technology
– Network…
Posted by Simo Ben youssef on Dec 09
Title: Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities
Author: Simo Ben youssef
Contact: Simo_at_Morxploit_com
Discovered: 02 November 2014
Updated: 9 December 2014
Published: 9 December 2014
MorXploit Research
http://www.MorXploit.com
Vendor: Concrete5
Vendor url: www.concrete5.org
Software: Concrete5 CMS
Versions: 5.7.2 and 5.7.2.1 (probably older)
Status: Unpatched
Vulnerable scripts:…
Posted by Kenneth Buckler on Dec 09
*Overview*
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity
of coffee pods, known as K-Cups, uses weak verification methods, which are
subject to a spoofing attack through re-use of a previously verified K-Cup.
*Impact*
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete…
Posted by Jing Wang on Dec 09
*ESPN espn.go.com <http://espn.go.com/> Login & Register Page XSS and Dest
Redirect Privilege Escalation Security Vulnerabilities*
*Domain:*
http://espn.go.com/
*”*As of August 2013, ESPN is available to approximately 97,736,000 pay
television households (85.58% of households with at least one television
set) in the United States.[2]
<http://en.wikipedia.org/wiki/ESPN#cite_note-2> In addition to the flagship
channel and its…
Posted by Jing Wang on Dec 09
*CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints”
Dest Redirect Privilege Escalation Security Vulnerability*
Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP
Endpoints” Dest Redirect Privilege Escalation Security Vulnerability
Product: PingFederate 6.10.1 SP Endpoints
Vendor: Ping Identity Corporation
Vulnerable Versions: 6.10.1
Tested Version: 6.10.1
Advisory Publication:…