Full Disclosure
Posted by Asterisk Security Team on Nov 21
Asterisk Project Security Advisory – AST-2014-013
Product Asterisk
Summary PJSIP ACLs are not loaded on startup
Nature of Advisory Unauthorized Access
Susceptibility Remote unauthenticated sessions
Severity Moderate…
Posted by Asterisk Security Team on Nov 21
Asterisk Project Security Advisory – AST-2014-012
Product Asterisk
Summary Mixed IP address families in access control lists
may permit unwanted traffic.
Nature of Advisory Unauthorized Access
Susceptibility Remote unauthenticated sessions…
Posted by Stefan Kanthak on Nov 20
Hi @ll,
Google update, which is installed together with Google Chrome and
other Google products, resp. the Chrome updater run the rogue programs
“%USERPROFILE%Local.exe”,
“%USERPROFILE%Local SettingsApplication.exe”,
“%SystemDrive%Documents.exe”,
“%SystemDrive%Documents and.exe”,
“%SystemDrive%Program.exe” or
“%SystemDrive%Program Files.exe”
(and of course their localized…
Posted by MustLive on Nov 20
Hello participants of Mailing List.
After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I’ve made next update of the software. At 15th of November DAVOSET v.1.2.3
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub:…
Posted by Jouko Pynnonen on Nov 20
OVERVIEW
========
A security flaw in WordPress 3 allows injection of JavaScript into certain
text fields. In particular, the problem affects comment boxes on WordPress
posts and pages. These don’t require authentication by default.
The JavaScript injected into a comment is executed when the target user
views it, either on a blog post, a page, or in the Comments section of the
administrative Dashboard.
In the most obvious scenario the…
Posted by Garcia, Ariel (LATCO – Buenos Aires) on Nov 20
“[CVE-2014-8349] “
******************************************************************************
– Vendor Status: CONFIRMED
– Vendor Disclosure Date: October 17th 2014
– Public Disclosure Date: November 14th 2014
– Affected Vendor: LIFERAY – http://www.liferay.com/
– Affected System: Liferay Portal 6.2 EE SP8 and older versions
– Vulnerability Status: Fixed…
Posted by Nguyen Anh Quynh on Nov 20
Greetings,
We are happy & excited to release version 3.0 of Capstone disassembly
framework!
This major version brings three new architectures (Sparc, SystemZ & XCore),
together with a lot of bugfixes and important updates on Arm, Arm64, Mips,
PPC & X86. Find the link to source code, binaries & details on important
changes of this release at the link below:
http://capstone-engine.org/Version-3.0.html
Today is exactly one…
Posted by CORE Advisories Team on Nov 19
Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/
Advantech WebAccess Stack-based Buffer Overflow
1. *Advisory Information*
Title: Advantech WebAccess Stack-based Buffer Overflow
Advisory ID: CORE-2014-0010
Advisory URL:
http://www.coresecurity.com/advisories/advantech-webAccess-stack-based-buffer-overflow
Date published: 2014-11-19
Date of last update: 2014-11-19
Vendors contacted: Advantech
Release mode: Coordinated release…
Posted by CORE Advisories Team on Nov 19
Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/
Advantech EKI-6340 Command Injection
1. *Advisory Information*
Title: Advantech EKI-6340 Command Injection
Advisory ID: CORE-2014-0009
Advisory URL:
http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection
Date published: 2014-11-19
Date of last update: 2014-11-19
Vendors contacted: Advantech
Release mode: User release
2. *Vulnerability Information*
Class:…
Posted by CORE Advisories Team on Nov 19
Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/
Advantech AdamView Buffer Overflow
1. *Advisory Information*
Title: Advantech AdamView Buffer Overflow
Advisory ID: CORE-2014-0008
Advisory URL:
http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow
Date published: 2014-11-19
Date of last update: 2014-11-19
Vendors contacted: Advantech
Release mode: User release
2. *Vulnerability Information*
Class:…