Hack Talk
Fighting boredom one headshot at a time Home | Gitweb | Status | IRC

Tue, 01 Sep 2015 16:04:01 +0200

State Chart XML (SCXML): State Machine Notation for Control Abstraction is a W3C Recommendation
    01 Sep 2015 | 15:01 from W3C News

The Voice Browser Working Group has published a W3C Recommendation of State Chart XML (SCXML): State Machine Notation for Control Abstraction. This document describes SCXML, or the “State Chart extensible Markup Language”. SCXML provides a generic state-machine based execution environment based on CCXML and Harel State Tables. Learn more about the Voice Browser Activity.


[security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information
    31 Aug 2015 | 20:30 from Bugtraq

Posted by security-alert on Aug 31

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04773256

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04773256
Version: 1

HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...

[security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information
    31 Aug 2015 | 20:22 from Bugtraq

Posted by security-alert on Aug 31

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04770140

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04770140
Version: 1

HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote
Unauthorized Modification, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...

Dogma India dogmaindia CMS - Auth Bypass Vulnerability
    31 Aug 2015 | 14:06 from Bugtraq

Posted by Vulnerability Lab on Aug 31

Document Title:
===============
Dogma India dogmaindia CMS - Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1583

Release Date:
=============
2015-08-25

Vulnerability Laboratory ID (VL-ID):
====================================
1583

Common Vulnerability Scoring System:
====================================
8.1

Product & Service Introduction:...

[SECURITY] [DSA 3346-1] drupal7 security update
    31 Aug 2015 | 13:57 from Bugtraq

Posted by Alessandro Ghedini on Aug 31

-------------------------------------------------------------------------
Debian Security Advisory DSA-3346-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
August 31, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2015-6658 CVE-2015-6659...

Jenkins 1.626 - Cross Site Request Forgery / Code Execution
    31 Aug 2015 | 13:49 from Bugtraq

Posted by smash on Aug 31

#Title: Jenkins 1.626 - Cross Site Request Forgery / Code Execution
#Date: 27.08.15
#Affected versions: => 1.626 (current)
#Vendor: jenkins-ci.org
#Contact: smash [at] devilteam.pl

Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of users
for most request. Using CSRF it is able to change specific settings or even execute code on os as shown below.

Examples:

<html>...

LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability
    31 Aug 2015 | 13:41 from Bugtraq

Posted by Vulnerability Lab on Aug 31

Document Title:
===============
LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1585

Release Date:
=============
2015-08-26

Vulnerability Laboratory ID (VL-ID):
====================================
1585

Common Vulnerability Scoring System:
====================================
8.1

Product & Service Introduction:...

PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability
    31 Aug 2015 | 13:33 from Bugtraq

Posted by Vulnerability Lab on Aug 31

Document Title:
===============
PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1588

Video: http://www.vulnerability-lab.com/get_content.php?id=1587

Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2015/08/28/paypal-inc-bug-bounty-2015-stored-cross-site-vulnerability-disclosed-researcher

Release Date:...

[security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modification, Disclosure of Information
    31 Aug 2015 | 13:25 from Bugtraq

Posted by security-alert on Aug 31

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04773119

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04773119
Version: 1

HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized
Modification, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

[security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access
    31 Aug 2015 | 13:17 from Bugtraq

Posted by security-alert on Aug 31

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04756070

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04756070
Version: 1

HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution,
Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-27...

[security bulletin] HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information
    31 Aug 2015 | 13:09 from Bugtraq

Posted by security-alert on Aug 31

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04776510

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04776510
Version: 1

HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-28
Last Updated:...

[SECURITY] [DSA 3345-1] iceweasel security update
    31 Aug 2015 | 13:01 from Bugtraq

Posted by Salvatore Bonaccorso on Aug 31

-------------------------------------------------------------------------
Debian Security Advisory DSA-3345-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 29, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2015-4497 CVE-2015-4498...

[slackware-security] mozilla-firefox (SSA:2015-241-01)
    31 Aug 2015 | 12:53 from Bugtraq

Posted by Slackware Security Team on Aug 31

[slackware-security] mozilla-firefox (SSA:2015-241-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-38.2.1esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
    31 Aug 2015 | 12:46 from Bugtraq

Posted by kev . r on Aug 31

May you teach me how to hack

Russian-speaking hackers breach 97 websites, many of them dating ones
    31 Aug 2015 | 12:24 from Info Security News

Posted by InfoSec News on Aug 31

http://www.networkworld.com/article/2977448/russian-speaking-hackers-breach-97-websites-many-of-them-dating-ones.html

By Jeremy Kirk
IDG News Service
Aug 30, 2015

Russian-speaking hackers have breached 97 websites, mostly dating-related,
and stolen login credentials, putting hundreds of thousands of users at
risk.

Many of the websites are niche dating ones similar to Ashley Madison,
according to a list compiled by Hold Security, a...

Clinton secrets hacked by spy in bag
    31 Aug 2015 | 12:23 from Info Security News

Posted by InfoSec News on Aug 31

http://www.thesun.co.uk/sol/homepage/features/6613428/Secrets-of-MI6-spy-found-dead-in-bag-revealed.html

EXCLUSIVE by TOM MORGAN
The Sun
August 30, 2015

THE MI6 spy found dead in a holdall had illegally hacked into secret data
on Bill Clinton, The Sun on Sunday can reveal.

Gareth Williams, 31, dug out the guestlist for an event the former
American president was going to as a favour for a pal.

The codebreaker — who had breached his...

The disaster-recovery lessons we learned after Katrina
    31 Aug 2015 | 12:20 from Info Security News

Posted by InfoSec News on Aug 31

http://www.csoonline.com/article/2977193/disaster-recovery/the-disaster-recovery-lessons-we-learned-after-katrina.html

By Tony Bradley
CSO
Aug 28, 2015

A decade ago New Orleans and the Gulf Coast of the United States were
devastated by the sixth strongest Atlantic hurricane ever recorded. The
National Oceanic and Atmospheric Administration claims Hurricane Katrina
was the most destructive storm to ever strike the United States.

The...

Ruskie ICS hacker drops nine holes in popular Siemens power plant kit
    31 Aug 2015 | 12:20 from Info Security News

Posted by InfoSec News on Aug 31

http://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/

By Darren Pauli
The Register
31 Aug 2015

Ilya Karpov of Russian security outfit Positive Technologies has reported
nine vulnerabilities in Siemens industrial control system kit used in
critical operations from petrochemical labs and power plants up to the
Large Hadron Collider.

The holes, now patched, also include two for Schneider...

Fake EFF site serving espionage malware was likely active for 3+ weeks
    31 Aug 2015 | 12:13 from Info Security News

Posted by InfoSec News on Aug 31

http://arstechnica.com/security/2015/08/fake-eff-site-serving-espionage-malware-was-likely-active-for-3-weeks/

By Dan Goodin
Ars Technica
Aug 28, 2015

A spear-phishing campaign some researchers say is linked to the Russian
government masqueraded as the Electronic Frontier Foundation in an attempt
to infect targets with malware that collects passwords and other sensitive
data.

The targeted e-mails, which link to the fraudulent domain...

More than 80% of healthcare IT leaders say their systems have been compromised
    28 Aug 2015 | 13:54 from Info Security News

Posted by InfoSec News on Aug 28

http://www.computerworld.com/article/2975988/healthcare-it/more-than-80-of-healthcare-it-leaders-say-their-systems-have-been-compromised.html

By Lucas Mearian
Computerworld
Aug 27, 2015

Eighty-one percent of healthcare executives say their organizations have
been compromised by at least one malware, botnet or other kind of
cyberattack during the past two years, according to a survey by KPMG.

The KPMG report also states that only half of...