Hack Talk
Stealth mode activated Home | Gitweb | Status | IRC

Sun, 28 Aug 2016 12:18:33 +0200

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
    26 Aug 2016 | 15:22 from Bugtraq

Posted by submit on Aug 26

--------------------------------------------------------------------------------
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
Credit: Maksymilian Arciemowicz from CXSECURITY.COM
URL: https://cxsecurity.com/issue/WLB-2016080232
--------------------------------------------------------------------------------

Apple tried to fix security issue in file system (FTS) libc implementation but doesn't patch it completely....

First Public Working Draft: SHACL Core Abstract Syntax and Semantics
    26 Aug 2016 | 15:14 from W3C News

The RDF Data Shapes Web Working Group has published a Working Draft of SHACL Core Abstract Syntax and Semantics. This document defines an abstract syntax for the core SHACL (SHApes Constraint Language). It is derived from the SHACL specification and is a non-normative version of the content of that specification.


W3C Workshop Report: Blockchains and the Web
    26 Aug 2016 | 12:40 from W3C News

W3C published today the report of the W3C Blockchains and the Web workshop held on 29-30 June, 2016, in Cambridge, Massachusetts, USA. Participants at the workshop found many topics for possible standardization or incubation, including various aspects of identity and proof-of-existence, as well as smaller blockchain primitives that could increase interoperability across different distributed ledgers. […]


[SECURITY] [DSA 3654-1] quagga security update
    26 Aug 2016 | 07:31 from Bugtraq

Posted by Sebastien Delafond on Aug 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3654-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 26, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : quagga
CVE ID : CVE-2016-4036 CVE-2016-4049
Debian...

Necroscan <= v0.9.1 Buffer Overflow
    26 Aug 2016 | 07:22 from Bugtraq

Posted by hyp3rlinx on Aug 25

[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NECROSCAN-BUFFER-OVERFLOW.txt

[+] ISR: ApparitionSec

Vendor:
===================
nscan.hypermart.net

Product:
======================================
NECROSOFT NScan version <= v0.9.1
ver 0.666 build 13
circa 1999

NScan is one of the most fast and flexible portscanners for Windows. It is specially...

[SECURITY] [DSA 3652-1] imagemagick security update
    26 Aug 2016 | 07:13 from Bugtraq

Posted by Moritz Muehlenhoff on Aug 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3652-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 25, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2016-4562 CVE-2016-4563...

APPLE-SA-2016-08-25-1 iOS 9.3.5
    25 Aug 2016 | 22:03 from Bugtraq

Posted by Apple Product Security on Aug 25

APPLE-SA-2016-08-25-1 iOS 9.3.5

iOS 9.3.5 is now available and addresses the following:

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4655: Citizen Lab and Lookout

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th...

Friday Free Software Directory IRC meetup: August 26th
    25 Aug 2016 | 16:07 from FSF's blog

Join the FSF and friends every Friday to help improve the Free Software Directory by adding new entries and updating existing ones.


The Licensing and Compliance Lab interviews Stefano Zacchiroli of Software Heritage
    25 Aug 2016 | 15:30 from FSF's blog

This is the latest installment of our Licensing and Compliance Lab's series on free software developers who choose GNU licenses for their work. In this edition, we conducted an email-based interview with Stefano Zacchiroli of Software Heritage.


SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise
    25 Aug 2016 | 10:29 from Bugtraq

Posted by SEC Consult Vulnerability Lab on Aug 25

SEC Consult Vulnerability Lab Security Advisory < 20160825-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus GroupWise
vulnerable version: GroupWise 2014 R2 (<=SP1)
GroupWise 2014
(unsupported versions may be affected)
fixed version: GroupWise 2014 R2 Service Pack 1 Hot Patch 1...

WebKitGTK+ Security Advisory WSA-2016-0005
    25 Aug 2016 | 07:55 from Bugtraq

Posted by Carlos Alberto Lopez Perez on Aug 24

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0005
------------------------------------------------------------------------

Date reported : August 25, 2016
Advisory ID : WSA-2016-0005
Advisory URL : https://webkitgtk.org/security/WSA-2016-0005.html
CVE identifiers : CVE-2016-4583, CVE-2016-4585, CVE-2016-4586,...

Only a short time left to support Libre Tea Computer Card; crowdfunding ends August 26th
    24 Aug 2016 | 23:42 from FSF's blog

The crowdfunding campaign for Earth-friendly EOMA68 Computing Devices project on Crowd Supply ends August 26th.


nullcon 8-bit Call for Papers is open
    24 Aug 2016 | 10:12 from Bugtraq

Posted by nullcon on Aug 24

Dear Hackers and Security Pros,

Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.

What is 8-bit?
As a tradition of...

[slackware-security] gnupg (SSA:2016-236-01)
    24 Aug 2016 | 07:19 from Bugtraq

Posted by Slackware Security Team on Aug 23

[slackware-security] gnupg (SSA:2016-236-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz: Upgraded.
Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
obtains 580 bytes from the standard RNG can trivially...

Free Software Directory meeting recap for August 19th, 2016
    22 Aug 2016 | 17:06 from FSF's blog

Check out the great work our volunteers accomplished at the last Free Software Directory meeting.


[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities
    22 Aug 2016 | 11:22 from Bugtraq

Posted by security-alert on Aug 22

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731
Version: 1

HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and
PHP, Multiple Local and Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

Path traversal vulnerability in WordPress Core Ajax handlers
    22 Aug 2016 | 11:05 from Bugtraq

Posted by Summer of Pwnage on Aug 22

------------------------------------------------------------------------
Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A path traversal vulnerability was found in the Core Ajax...

[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials
    19 Aug 2016 | 18:15 from Penetration Testing

Posted by ERPScan inc on Aug 19

Application: SAP Hybris E-commerce Suite

Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3

Vendor URL: http://sap.com

Bugs: Default credentials

Sent: 01.02.2016

Vendor response: 02.02.2016

Date of Public Advisory: 10.05.2016

Author:...

[ERPSCAN-16-023] Potential backdoor via hardcoded system ID
    19 Aug 2016 | 18:11 from Penetration Testing

Posted by ERPScan inc on Aug 19

Application: SAP АBAP BASIS

Versions Affected: SAP АBAP BASIS 7.4

Vendor URL: http://SAP.com

Bugs: Hardcoded credentials

Sent: 01.02.2016

Reported: 02.02.2016

Vendor response: 02.02.2016

Date of Public Advisory: 10.05.2016

Reference:...

Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform
    19 Aug 2016 | 18:05 from Penetration Testing

Posted by Francisco Amato on Aug 19

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...