Full Disclosure
Posted by Kyriakos Economou on Jul 10
CVE: CVE-2015-1438
Vendor: Panda Security
Product: Multiple Products
Affected version: 1.0.0.13 (PSKMAD.sys driver version)
Fixed version: 15.1.0 (Products Version)
Reported by: Kyriakos Economou
Details:
Panda Kernel Memory Access Driver doesn’t validate the size of data
to be copied to both an allocated kernel paged pool buffer and to an
allocated non-paged pool buffer. Furthermore, the attacker has control
over the start-to-copy…
Posted by Joshua Rogers on Jul 10
Not new.
You can type it in the Skype application, and press control-shift-enter,
and it will send the HTML.
e.g., I can put into the chatbox
<a
href=”http://jaanuskp.blogspot.com.au/2015/07/fake-links-in-skype.html">google.com</a>
hold down control and shift, and then press enter. It will appear as
google.com, and be clickable to your blog.
Posted by Dau, Huy-Ngoc (FR – Paris) on Jul 10
Merethis Centreon – Unauthenticated blind SQLi and Authenticated Remote Command Execution
CVEs: CVE-2015-1560, CVE-2015-1561
Vendor: Merethis – www.centreon.com
Product: Centreon
Version affected: 2.5.4 and prior
Product description:
Centreon is the choice of some of the world’s largest companies and mission-critical organizations for real-time IT
performance monitoring and diagnostics management. (from https://www.centreon.com/en/)…
Posted by Dau, Huy-Ngoc (FR – Paris) on Jul 10
SOPlanning – Simple Online Planning Tool multiple vulnerabilities
CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677
Vendor: http://www.soplanning.org/
Product: SOPlanning – Simple Online Planning
Version affected: 1.32 and prior
Product description:
SO Planning is an open source online planning tool completely free, designed to easily plan projects / tasks online, in
order to manage and define work for a whole…
Posted by VMware Security Response Center on Jul 10
————————————————————————
VMware Security Advisory
Advisory ID: VMSA-2015-0005
Synopsis: VMware Workstation, Player and Horizon View Client for
Windows updates address a host privilege escalation
vulnerability
Issue date: 2015-07-09
Updated on: 2015-07-09
CVE number: CVE-2015-3650…
Posted by CORE Advisories Team on Jul 08
1. Advisory Information
Title: AirLink101 SkyIPCam1620W OS Command Injection
Advisory ID: CORE-2015-0011
Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection
Date published: 2015-07-08
Date of last update: 2015-07-08
Vendors contacted: AirLink101
Release mode: User release
2. Vulnerability Information
Class: OS Command Injection [CWE-78], Use of Hard-coded Credentials” [CWE-798]
Impact: Code…
Posted by tAd on Jul 07
Hi all,
Please find our CFP below:
–[ Hackito Ergo Sum 2015
Conference: October 29-30, 2015
CFP closing date: September 10, 2015
Venue: Paris, France
Web: http://2015.hackitoergosum.org/
Email: hes-cfp_rAt_lists.hackitoergosum.org
Twitter: @hesconference
IRC: #hackito on freenode
–[ CFP
It’s 2015 and we’re still in the place for a new year of hack and fun!
During the two days of HES, research conferences, solutions
presentations,…
Posted by Larry W. Cashdollar on Jul 07
Title: Remote file download in WordPress Plugin mdc-youtube-downloader v2.1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-01
Download Site: https://wordpress.org/plugins/mdc-youtube-downloader
Vendor: https://profiles.wordpress.org/mukto90/
Vendor Notified: 2015-07-01, removed vulnerable code.
Vendor Contact: n.mukto () gmail com
Description: MDC YouTube Downloader allows visitors to download YouTube videos directly from your WordPress…
Posted by Larry W. Cashdollar on Jul 07
Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-05
Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling
Vendor: https://profiles.wordpress.org/haet/
Vendor Notified: 2015-07-05, fixed in version 2.6.
Vendor Contact: http://wpshopstyling.com
Description: Customize your WP ecommerce store with HTML mail templates, message content,…
Posted by Jaanus on Jul 07
http://jaanuskp.blogspot.com/2015/07/fake-links-in-skype.html
The issue in Skype (bit hard to name it a real vulnerability) is actually a
simple one – you can send links that seem to direct user to one URL, but
actually send to some other. This is quite normal and expected in web pages <a
href=”BAD_PLACE”>GOOD_PLACE</a> but it is not expected from Skype, because
Skype creates these links itself and by default you can’t…