Posted by Portcullis Advisories on Dec 05

Vulnerability title: Multiple Authenticated SQL Injections In OpenEMR
CVE: CVE-2014-5462
Vendor: OpenEMR
Product: OpenEMR
Affected version: 4.1.2(7) and earlier
Fixed version: N/A
Reported by: Jerzy Kramarz
Details:

SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could
allow an authenticated attacker to access information such as usernames and password hashes that are stored in the…

Posted by VMware Security Response Center on Dec 05

————————————————————————
VMware Security Advisory

Advisory ID: VMSA-2014-0012
Synopsis: VMware vSphere product updates address security
vulnerabilities
Issue date: 2014-12-04
Updated on: 2014-12-04 (Initial Advisory)
CVE number: CVE-2014-3797, CVE-2014-8371, CVE-2013-2877, CVE-2014-0191,
CVE-2014-0015, CVE-2014-0138, CVE-2013-1752 and…

Posted by Or Peles on Dec 04

Hi,

We have discovered an impersonation attack on social login protocols (e.g.
Oauth 1.0 / 2.0 used for authentication) based on a combination of an
implementation vulnerability existing in some identity providers (e.g.
LinkedIn, which has fixed the issue) and a known design problem in the
relying (third-party) website side.

The identity provider vulnerability is allowing the use of un-verified
email in the social login authentication…

Posted by Hector Marco on Dec 04

Hi,

This is a disclosure of a weakness of the ASLR Linux implementation.
The problem appears when the executable is PIE compiled and it has an
address leak belonging to the executable. We named this weakness:
offset2lib.

In this scenario, an attacker is able to de-randomize all mmapped
areas (libraries, mapped files, etc.) by knowing only an address
belonging to the application and the offset2lib value.

We have built a PoC which bypasses on a…

Posted by Barry Dorrans on Dec 04

I believe that’s the asp.net error page you’re seeing (Was it yellow?)

That exception is from Request Validation (which we don’t consider a security boundary any more, and we advise folks to
validate themselves, as validation is context specific).

You’re seeing the dev error page, which by default is only shown if you’re accessing via //localhost. Developers can
override that setting to always show the default…

Posted by Alexander Lashkov on Dec 03

Every night when we go to sleep we have a chance to wake up in another universe. At any time, the expanding to infinity
universe may turn back and then rush to the start point. Or maybe finish point. Back to singularity.

The cyber universe has plunged into turmoil. Cyber criminals and special agencies operating beyond the society control
start us thinking whether it is a good decision to live in a cyber world, where threats are real while…

Posted by Daniel Busch on Dec 03

Posted by Pedro Ribeiro on Dec 03

A small correction: the NetFlow vulnerable versions are actually v8.6 to
v10.2 (which is the latest release). I’ve updated the advisory in the repo.

Regards
Pedro

Posted by A Z on Dec 03

Thank you all for the replies,

Unfortunately, I can no longer really test this (it was on some internal
network, so for example link shortening wouldn’t work), but I wanted to
know if anyone had encountered this stuff before. I should try on a clean
install as suggested – if it works I’ll let you know.

For some unknown reason there was no HTML encoding in this error response,
however the payload was truncated to 20 chars. I googled it…

Posted by James Hooker on Dec 03

You could skip the schema on any includes, and just use ‘//’. That will
then use the schema provided in the original URL. That will save you 4
characters at least. You can also skip most quotes in tags – that will save
you a few more characters. Link shortening services might also be of use,
however one that generates links short enough might be hard to come by –
more likely, you’ll need a 3 character domain, with a 2 character…