Hack Talk
It's like the Internet without all the smart people Home | Gitweb | Status | IRC

Fri, 01 Jul 2016 04:29:30 +0200

[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update
    30 Jun 2016 | 11:30 from Bugtraq

Posted by Salvatore Bonaccorso on Jun 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-3611-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 30, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libcommons-fileupload-java
CVE ID : CVE-2016-3092...

[SECURITY] [DSA 3610-1] xerces-c security update
    30 Jun 2016 | 09:26 from Bugtraq

Posted by Salvatore Bonaccorso on Jun 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-3610-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 29, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xerces-c
CVE ID : CVE-2016-4463
Debian Bug :...

BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs
    30 Jun 2016 | 09:16 from Bugtraq

Posted by Blue Frost Security Research Lab on Jun 30



[SECURITY] [DSA 3608-1] libreoffice security update
    29 Jun 2016 | 22:15 from Bugtraq

Posted by Moritz Muehlenhoff on Jun 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3608-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2016-4324

Aleksandar...

[SECURITY] [DSA 3609-1] tomcat8 security update
    29 Jun 2016 | 22:05 from Bugtraq

Posted by Moritz Muehlenhoff on Jun 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3609-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat8
CVE ID : CVE-2015-5174 CVE-2015-5345...

Friday Free Software Directory IRC meetup: July 1st
    29 Jun 2016 | 20:48 from FSF's blog

Join the FSF and friends every Friday to help improve the Free Software Directory by adding new entries and updating existing ones.


Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
    29 Jun 2016 | 19:05 from Bugtraq

Posted by Cisco Systems Product Security Incident Response Team on Jun 29

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Advisory ID: cisco-sa-20160629-piauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved
Programmable Network Manager...

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability
    29 Jun 2016 | 18:53 from Bugtraq

Posted by Cisco Systems Product Security Incident Response Team on Jun 29

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160629-cpcpauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration
Provisioning could...

Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability
    29 Jun 2016 | 18:42 from Bugtraq

Posted by Cisco Systems Product Security Incident Response Team on Jun 29

Cisco Firepower System Software Static Credential Vulnerability

Advisory ID: cisco-sa-20160629-fp

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the
device with a default account. This account does not have full administrator...

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD
    29 Jun 2016 | 17:36 from Bugtraq

Posted by Cantor, Scott on Jun 29

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.4

Description: The Xerces-C XML parser fails to successfully parse a
DTD that is deeply nested, and this causes a stack overflow, which
makes a denial of service attack against many applications possible
by an unauthenticated attacker....

Symantec SEPM v12.1 Multiple Vulnerabilities
    29 Jun 2016 | 07:26 from Bugtraq

Posted by hyp3rlinx on Jun 28

[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt

[+] ISR: ApparitionSec

Vendor:
================
www.symantec.com

Product:
===========
SEPM
Symantec Endpoint Protection Manager and client v12.1

SEPM provides a centrally managed solution. It handles security policy enforcement, host integrity checking (Symantec
Network Access...

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution
    28 Jun 2016 | 21:30 from Bugtraq

Posted by KoreLogic Disclosures on Jun 28

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

Title: Ubiquiti Administration Portal CSRF to Remote Command Execution
Advisory ID: KL-001-2016-002
Publication Date: 2016.06.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt

1. Vulnerability Details

Affected Vendor: Ubiquiti
Affected Product: AirGateway, AirFiber, mFi
Affected Version: 1.1.6, 3.2, 2.1.11...

[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
    28 Jun 2016 | 19:20 from Bugtraq

Posted by Egidio Romano on Jun 28

-------------------------------------------------------------------------------
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
-------------------------------------------------------------------------------

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerability Description:

The vulnerable code is located within the...

[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
    28 Jun 2016 | 19:09 from Bugtraq

Posted by Egidio Romano on Jun 28

-------------------------------------------------------------------------
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
-------------------------------------------------------------------------

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerabilities Description:

1) User input passed through the "uEmail" and...

[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
    28 Jun 2016 | 18:59 from Bugtraq

Posted by Egidio Romano on Jun 28

--------------------------------------------------------------------------
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
--------------------------------------------------------------------------

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerabilities Description:

Concrete5 implements a Synchronizer Token Pattern in order to provide...

Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities
    28 Jun 2016 | 15:27 from Bugtraq

Posted by Vulnerability Lab on Jun 28

Document Title:
===============
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1862

CWE-89
CWE-79
CWE-264

http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions/79
http://cwe.mitre.org/data/definitions/264

CWE-ID:
======
89

Release Date:
=============
2016-06-28

Vulnerability Laboratory ID (VL-ID):...

Upcoming Workshop: Web and Virtual Reality
    28 Jun 2016 | 12:54 from W3C News

W3C announced today Web & Virtual Reality Workshop, 19-20 October 2016, in Mountain View, CA, USA. The event is hosted by Samsung. The combination of improvements in hardware and software capabilities have brought lots of renewed interest in virtual reality experiences. Many of these improved capabilities are available in modern browsers via the Open Web […]


W3Cx opens its HTML5 Advanced MOOC Course
    27 Jun 2016 | 17:00 from W3C News

Today, W3Cx re-opens registration for the HTML5 Part 2 MOOC course which focuses on advanced features such as HTML5-based APIs, Web components, advanced multimedia, audio for music and games, and more. Taught by Michel Buffa, Professor at the University of Côte d’Azur, the course lasts 4 weeks. This course completes the HTML5 from W3C XSeries, […]


Tell EU regulators: Net neutrality isn't just for the US and India!
    24 Jun 2016 | 23:15 from FSF's blog

Net neutrality exists when Internet service providers (ISPs) must allow equal access to everything on the Web, rather than favoring some sites over others. It's a bedrock condition for Internet freedom, but ISPs generally oppose it because it prevents them from charging companies extra for privileged access to the network -- making a video from one Web site load faster than video on other sites, for example.


Upcoming W3C China 10th Anniversary in Beijing
    24 Jun 2016 | 17:31 from W3C News

W3C announced today W3C China 10th Anniversary, held on 9 July 2016, in Beijing; hosted by W3C/Beihang, which opened as the W3C China Office in 2006, and became the fourth Host of W3C in 2013–a new center for W3C technical staff and leadership activities in China. A number of developers, W3C members, invited experts from […]