Posted by joernchen on Nov 14

Hi,

I just ran into some RCE issue with xdg-open today and figured it’s known
and unfixed since 2013-06-10 [0] (respectively 2013-07-07 upstream [1])

As apparently noone cares about this I just leave a silly PoC [3]
(should work with Chromium on Arch/Gentoo Linux) here. Additional
requirement is a Window Manager which is _NOT_ one of the following:

* KDE
* GNOME
* MATE
* XFCE
* ENLIGHTENMENT

Cheers,

joernchen

[0]…

Posted by William Costa on Nov 14

I. VULNERABILITY

————————-

XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 –
Revisión PC141031

II. BACKGROUND
Pandora FMS is the monitoring software chosen by several companies all
around the world for managing their IT infrastructure. Besides ensuring
high performance and maximum flexibility, it has aIII.

DESCRIPTION
————————-
Has been detected a Reflected XSS vulnerability in Pandora FMS…

Posted by Timo Schmid on Nov 14

XSS in Gogs Markdown Renderer
=============================
Researcher: Timo Schmid <tschmid () ernw de>

Description
===========
Gogs(Go Git Service) is a painless self-hosted Git Service written in
Go. (taken
from [1])

It is very similiar to the github hosting plattform. Multiple users can
create
multiple repositories and share code with others with the git version
control
system. Repositories can be marked as public or private to…

Posted by Programa STIC on Nov 14

Fundación Dr. Manuel Sadosky – Programa STIC Advisory
www.fundacionsadosky.org.ar

Prey Anti-Theft for Android missing SSL certificate validation

1. *Advisory Information*

Title: Prey Anti-Theft for Android missing SSL certificate validation
Advisory ID: STIC-2014-0731
Advisory URL: http://www.fundacionsadosky.org.ar/publicaciones-2
Date published: 2014-11-11
Date of last update: 2014-11-11
Vendors contacted: Fork Ltd….

Posted by Jing Wang on Nov 14

CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability

Exploit Title: Atlas Systems Aeon XSS Vulnerability
Product: Aeon
Vendor: Atlas Systems
Vulnerable Versions: 3.6 3.5
Tested Version: 3.6
Advisory Publication: Nov 12, 2014
Latest Update: Nov 12, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7290
Solution Status: Fixed by Vendor
Credit: Wang Jing [Mathematics, Nanyang Technological…

Posted by Timo Schmid on Nov 14

Unauthenticated SQL Injection in Gogs repository search
=======================================================
Researcher: Timo Schmid <tschmid () ernw de>

Description
===========
Gogs(Go Git Service) is a painless self-hosted Git Service written in
Go. (taken
from [1])

It is very similiar to the github hosting plattform. Multiple users can
create
multiple repositories and share code with others with the git version
control
system….

Posted by Timo Schmid on Nov 14

Blind SQL Injection in Gogs label search
========================================
Researcher: Timo Schmid <tschmid () ernw de>

Description
===========
Gogs(Go Git Service) is a painless self-hosted Git Service written in
Go. (taken
from [1])

It is very similiar to the github hosting plattform. Multiple users can
create
multiple repositories and share code with others with the git version
control
system. Repositories can be marked as…

Posted by Jing Wang on Nov 14

Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net
<http://googleads.g.doubleclick.net/>
— Google Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net
<http://googleads.g.doubleclick.net/>

The vulnerability exists at “Logout?” page with “&continue” parameter, i.e.
https://www.google.com/accounts/Logout?service=writely&continue=https://googleads.g.doubleclick.net

The…

Posted by Jing Wang on Nov 14

Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities
Can be Used by Spammers

Although Google does not include Open Redirect vulnerabilities in its bug
bounty program, its preventive measures against Open Redirect attacks have
been quite thorough and effective to date.

However, Google might have overlooked the security of its DoubleClick.net
<http://doubleclick.net/> ​advertising system. After some test, it is found…

Posted by Hazel Ann on Nov 14

The Fourth International Conference on Informatics & Applications (ICIA2015)

July 20-22, 2015 » Takamatsu, Japan
Kagawa University

Venue: Takamatsu Symbol Tower

http://sdiwc.net/conferences/icia2015/

icia2015 () sdiwc net

All registered papers will be included in SDIWC Digital Library
==============================================================

The conference aims to enable researchers build connections between
different digital…