Posted by Mustafa Al-Bassam on Jun 26

Two weeks ago I posted a security advisory[1] detailing severe security
flaws in E-Detective, a “lawful” communications interception system. The
vendor is a company called Decision Group and they claim on their
website that their software is used by over 100 law enforcement agencies.

A few days ago they posted a press release[2] to respond to an IBTimes
article[3] that covered the security flaws.

The mere fact that they responded to a…

Posted by Larry W. Cashdollar on Jun 26

Title: Arbitrary File download in wordpress plugin wp-instance-rename v1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-12
Download Site: https://wordpress.org/plugins/wp-instance-rename/
Vendor: Vlajo
Vendor Notified: 2015-06-12
Advisory: http://www.vapid.dhs.org/advisory.php?v=127
Vendor Contact:
Description: WordPress Rename plugin allows you to easily rename the complete WordPress installation. This plugin
allows you to rename…

Posted by Larry W. Cashdollar on Jun 26

Title: Remote file download vulnerability in download-zip-attachments v1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-10
Download Site: https://wordpress.org/plugins/download-zip-attachments/
Vendor: rivenvirus
Vendor Notified: 2015-06-15
Vendor Contact: https://profiles.wordpress.org/rivenvirus/
Advisory: http://www.vapid.dhs.org/advisory.php?v=129
Description:
Download all attachments from the post into a zip file.

Vulnerability:…

Posted by SEC Consult Vulnerability Lab on Jun 26

SEC Consult Vulnerability Lab Security Advisory < 20150626-0 >
=======================================================================
title: Critical vulnerabilities allow surveillance on conferences
product: Polycom RealPresence Resource Manager (RPRM)
vulnerable versions: <8.4
fixed version: 8.4
CVE numbers: CVE-2015-4681, CVE-2015-4682, CVE-2015-4683, CVE-2015-4684…

Posted by Raschin Ghanad-Tavakoli on Jun 25

===============================================================================================
SBA Research Vulnerability Disclosure 
===============================================================================================

title: Koha Unauthenticated SQL injection
product:         Koha ILS
affected version: 3.20.x <= 3.20.1, 3.18.x <= 3.18.8, 3.16.x <= 3.16.12
fixed version:…

Posted by ICSS Security on Jun 25

A flaw exist in K9 Web Protection version 4.4.268 that allow any user to bypass the K9 Web Protection filter by using
proxies.
Proxies are well known to bypass ISP filters as well any parental block aplication such as K9 Web Protection.
For this test we have run 638 listed proxies and 25 could bypass the “Proxy Avoidance” category because they were
incorrectly categorized.

Posted by Marco Delai on Jun 25

#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# CVE ID : CVE-2015-3443
# Product: Secret Server [1]
# Vendor: Thycotic
# Subject: Stored Cross-Site Scripting Vulnerability (XSS)
# Risk: High
# Effect: Remotely exploitable
# Author: Marco Delai…

Posted by Darya Maenkova on Jun 25

From the developer’s perspective

For all generic Web applications where you accept input parameters, you
must use encoding methods provided by the ICF handler. The
implementation of the encoding is available as an API in two variants:

•ABAP built-in function ESCAPE (available as of SAP_BASIS >= 731);

•Class implementation in CL_ABAP_DYN_PRG.

In releases higher or equal to SAP NetWeaver Release 7.0 enhancement
package 3…

Posted by Craig Young on Jun 24

Hi List,

FYI – This is a post for the n00bs in the audience. If you already know
how to chain together gadgets to form a ROP chain and get a shell, this
post is not for you.

I know there are some on the list who could benefit by a better
understanding of ROP so:
http://www.tripwire.com/state-of-security/off-topic/vert-vuln-school-return-oriented-programming-rop-101/

The target binary/VM as well as some other info is available from the
VulnHub…

Posted by Mehdi Talbi on Jun 23

Hey list,

A new version (0.3.0) of Haka is available at haka-security.org.

The new release adds a stream-based asm instruction disassembler module
based on Capstone engine. This enables to detect obfuscated shellcode at
network level for instance.

The new version improves also logging performance and fixes various bugs.
Thanks for all users who have reported these bugs.

As a remainder, Haka is an open source security oriented language that…