Monthly Archives: December 2014

Full Disclosure

CA20141215-01: Security Notice for CA LISA Release Automation

Posted by Williams, Ken on Dec 16

CA20141215-01: Security Notice for CA LISA Release Automation

Issued: December 15, 2014

CA Technologies Support is alerting customers to multiple
vulnerabilities in CA Release Automation (formerly CA LISA Release
Automation, change effective 2014-09-19).

The first vulnerability, CVE-2014-8246, is a cross-site request forgery
(CSRF) issue related to insufficient validation. A remote attacker can
potentially execute privileged actions on a…

Full Disclosure

fulldisclosure:你的文件

Posted by 庄容如 on Dec 16

庄容如:您好!!

《销售精英技能提升训练营》
【培训时间】2014年12月13-14北京、12月18-19上海、12月20-21深圳
【培训对象】总经理、销售总监、区域经理、销售经理、业务代表、销售培训专员等。
【授课方式】讲师讲授 + 视频演绎 + 案例研讨 +角色扮演 + 讲师点评 + 落地工具
【培训费用】1980元/2天/1人,(含资料费、午餐、茶点)…

Full Disclosure

CVE-2014-5437: Arris TG862G – Cross-site Request Forgery (CSRF)

Posted by Seth Art on Dec 16

———–
Vendor:
———–
Arris Interactive, LLC (http://www.arrisi.com/)
ISP: Comcast Xfinity

—————————————–
Affected Products/Versions:
—————————————–
HW: Arris Touchstone TG862G/CT (Xfinity branded)
SW: Version 7.6.59S.CT (Tested)

—————–
Description:
—————–
Title: Cross-site Request Forgery (CSRF)
CVE: CVE-2014-5437
CWE: CWE-352:…

Full Disclosure

CVE-2014-5438: Arris TG862G – Cross-site Scripting (XSS)

Posted by Seth Art on Dec 16

———–
Vendor:
———–
Arris Interactive, LLC (http://www.arrisi.com/)
ISP: Comcast Xfinity

—————————————–
Affected Products/Versions:
—————————————–
HW: Arris Touchstone TG862G/CT (Xfinity branded)
SW: Version 7.6.59S.CT (Tested)

—————–
Description:
—————–
Title: Cross-site Scripting (XSS)
CVE: CVE-2014-5438
CWE: CWE-79:…