Full Disclosure
Posted by Larry W. Cashdollar on Nov 18
Title: Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp
Author: Larry W. Cashdollar, @_larry0
Date: 2016-10-01
Download Site: http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmware
Vendor: Teradata
Vendor Notified: 2016-10-01
Vendor Contact: web form contact
Description: Teradata is a relational database, they provide a Virtual Machine image for developers and…
Posted by Curesec Research Team (CRT) on Nov 18
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: MyLittleForum 2.3.6.1
Fixed in: 2.3.7beta
Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/
v2.3.7beta
Vendor Website: http://mylittleforum.net/
Vulnerability Type: XSS & RPO
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to 11/10/2016
public:
Release mode: Coordinated…
Posted by 0xr0ot on Nov 18
Hi,
I’d like to request CVE for the following vulnerability fixed in NOV,2016.
Fix:
http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016
Description of the security vulnerability:
Severity: Medium
Affected versions: M(6.0)
Reported on: May 26, 2016
Disclosure status: Privately disclosed.
The vulnerability allowing unauthorized access to system APIs from system
service with improper access control enables attackers to control…
Posted by Berend-Jan Wever on Nov 18
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
thirteenth entry in that series. Unfortunately I won’t be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161117001.html.
Follow me…
Posted by Berend-Jan Wever on Nov 18
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
twelfth entry in that series. Unfortunately I won’t be able to publish
everything within one month at the current rate, so I may continue to
publish these through December and January.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161116001.html.
Follow me on…
Posted by Vulnerability Lab on Nov 18
Document Title:
===============
Reason Core Security v1.2.0.1 – Unqoted Path Privilege Escalation Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2003
Release Date:
=============
2016-11-14
Vulnerability Laboratory ID (VL-ID):
====================================
2003
Common Vulnerability Scoring System:
====================================
4
Product & Service Introduction:…
Posted by Vulnerability Lab on Nov 18
Document Title:
===============
EditMe CMS – CSRF Privilege Escalate Web Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1996
Release Date:
=============
2016-11-14
Vulnerability Laboratory ID (VL-ID):
====================================
1996
Common Vulnerability Scoring System:
====================================
2.8
Product & Service Introduction:…
Posted by Vulnerability Lab on Nov 18
Document Title:
===============
Habari CMS v0.9.2 – (Backend Comments) XSS Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1999
Release Date:
=============
2016-11-09
Vulnerability Laboratory ID (VL-ID):
====================================
1999
Common Vulnerability Scoring System:
====================================
3.5
Product & Service Introduction:…
Posted by Vulnerability Lab on Nov 18
Document Title:
===============
Apple iOS 10.1 – Multiple Access Permission Vulnerabilities
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2012
Apple Security ID: 648680301
Video1: https://www.youtube.com/watch?v=fY2Obtxk_Dg
Video2: https://www.youtube.com/watch?v=46CHjQxkKxk
Release Date:
=============
2016-11-17
Vulnerability Laboratory ID (VL-ID):
====================================
2012…
Posted by Jason Cooper on Nov 16
Hi Hector,
This wording appears to have caused a lot of misunderstanding. afaict,
the binary executable ‘cryptsetup’ has nothing to do with this bug.
Rather, it is completely in the initrd’s script for decrypting a
partition containing the rootfs.
On Debian based systems, the initrd script is in the cryptsetup package,
but if one looks at the upstream repository for cryptsetup: