Full Disclosure
Posted by Joxean Koret on Jan 17
] EuskalHack Call For Papers / Call For Trainings [
TL;DR: Awesome security conference in Donostia-San Sebastian (Basque
Country) with even more awesome food happening in June 23-24th 2017.
If it sounds great to you, continue reading 😉
Introduction
————
EuskalHack Security Congress Second Edition is coming again, the first
Ethical Hacking association of Basque Country, with the aim of promoting
the community and culture in information…
Posted by Roberto Soares on Jan 17
=====[ Tempest Security Intelligence -ADV-2/2016 CVE-2016-6285 ]==========
Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software
—————————————————————
Author(s):
– Roberto Soares
– roberto.soares () tempest.com.br
Tempest Security Intelligence – Recife, Pernambuco – Brazil
=====[ Table of Contents ]================================================
1….
Posted by Pedro Ribeiro on Jan 17
Hi,
TrueOnline is a Thai ISP that distributes customised versions of ZyXEL
and Billion routers – customised with vulnerabilities that is.
The routers contain several default administrative accounts and command
injections that can be abused by authenticated and unauthenticated
attackers. Details in the advisory below, which is a copy of
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
Metasploit modules have…
Posted by Diego on Jan 17
Hi guys.
I foun’t a new vulnerabiliti in a wordpress plugin called: “Direct Download
for WooCommerce”.
This vulnerability allow you make an Remote LFI download, so, we can
download any in the server where we’re running this plugin, I foun’t this
vulnerability the last week and I reported this to Kameleon but i don’t know
if this bug is partched right now in a new versión.
I’ve been written an exploit to this plugin in Python. This…
Posted by Andraz Sraka on Jan 17
-=[ BSidesLjubljana Event info ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-
BSidesLjubljana – https://bsidesljubljana.si
Date: March 10th, 2017
Venue: Poligon creative centre, Ljubljana, Slovenia, Europe
CFP URL: https://bsidesljubljana.si/cfp/
CFP Submit form: https://goo.gl/forms/QXrdRm68rdJyV1ax2
Email: cfp[at]bsidesljubljana.si
Twitter: @BSidesLjubljana
Twitter hashtag: #BSidesLjubljana
-=[ CALL FOR PAPERS…
Posted by Vulnerability Lab on Jan 16
Document Title:
===============
Apple (iTunes Notify) – Bypass & Persistent Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2024
Followup ID: 654962036
Vulnerability Magazine:
https://www.vulnerability-db.com/?q=articles/2016/12/22/apple-ios-102-notify-function-vulnerable-attacks-idevice-itunes-appstore
Release Date:
=============
2017-01-16
Vulnerability Laboratory ID…
Posted by Vulnerability Lab on Jan 16
Document Title:
===============
Salesforce (Event Registration) – Persistent Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1991
Release Date:
=============
2017-01-11
Vulnerability Laboratory ID (VL-ID):
====================================
1991
Common Vulnerability Scoring System:
====================================
3.8
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 16
Document Title:
===============
Huawei Flybox B660 – (POST SMS) CSRF Web Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2026
Release Date:
=============
2017-01-12
Vulnerability Laboratory ID (VL-ID):
====================================
2026
Common Vulnerability Scoring System:
====================================
4.4
Product & Service Introduction:…
Posted by Stefan Kanthak on Jan 15
Hi @ll,
the executable installers of SoftMaker’s FlexiPDF,
<http://www.softmaker.net/down/flexipdf2017.exe> and
<http://www.softmaker.net/down/flexipdfbasic2017.exe>, built
with the crapware known as “InnoSetup”, are vulnerable to DLL
hijacking: they load Windows DLLs from their “application
directory” instead Windows’ “system directory”: on Windows 7
at least UXTheme.dll and DWMAPI.dll.
This…
Posted by Dawid Golunski on Jan 13
[Updated CVE-2016-1247 advisory]
Nginx packages on Gentoo distros were also found vulnerable to Root
Privilege Escalation (CVE-2016-1247) exploit I discovered last year.
Updated advisory URL:
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
Gentoo notice:
https://security.gentoo.org/glsa/201701-22
Follow:
https://twitter.com/dawid_golunski
for more vulns.
Regards,
Dawid Golunski
https://legalhackers.com…