Hacking

Exactly as  I did one year ago, I have decided to publish the aggregated statistics related to all the events (a total of 1061 cyber attacks) that I collected during 2016. Again, I want to stress that the data for the statistics is derived from the timelines that I…

Read More

Full Disclosure mailing list archives Tap ‘n’ Sniff From: “Curesec Research Team (CRT)” <crt () curesec com> Date: Thu, 19 Jan 2017 14:45:38 +0100 Content Table 1. Introduction 2. Failsafe mode 3. Installing Openwrt 4. Configuring Openwrt 5. Testing 1. Introduction The goal of this guide is to provide a…

Read More

Full Disclosure mailing list archives [RCESEC-2016-012] Mattermost <= 3.5.1 “/error” Unauthenticated Reflected Cross-Site Scripting / Content Injection From: Julien Ahrens <info () rcesecurity com> Date: Wed, 18 Jan 2017 21:43:59 +0100 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Mattermost Vendor URL: www.mattermost.org Type: Cross-Site Scripting [CWE-79] Date found:…

Read More

Full Disclosure mailing list archives Persistent XSS in Ghost 0.11.3 From: Patrick <patrick.costa () tempest com br> Date: Wed, 18 Jan 2017 14:28:47 -0300 =====[ Tempest Security Intelligence – ADV-9/2017 ]======================== Persistent Cross-Site Scripting (XSS) in Ghost ——————————————————- Author: – Patrick Costa < patrickrbcosta () gmail.com > Tempest Security Intelligence…

Read More

Full Disclosure mailing list archives CALL FOR PAPERS – br3aking c0de From: Estación Informática <franciscojaviersantiagovazquez () gmail com> Date: Wed, 18 Jan 2017 14:57:20 +0100 {About br3aking c0de} Congress of security alternative and different. Speak freely without censorship. Assistance only for guests or through acceptance of call for paper CFP….

Read More

Full Disclosure mailing list archives [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 – INFORMATION DISCLOSURE From: ERPScan inc <erpscan.online () gmail com> Date: Thu, 19 Jan 2017 16:30:21 +0300 Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.11-7.4 Vendor URL: http://SAP.com Bugs: Information disclosure Sent: 10.03.2016 Reported: 11.03.2016…

Read More

Full Disclosure mailing list archives [ERPSCAN-16-036] SAP ASE ODATA SERVER – DENIAL OF SERVICE From: ERPScan inc <erpscan.online () gmail com> Date: Thu, 19 Jan 2017 16:07:24 +0300 Application: SAP ASE Versions Affected: SAP ASE ODATA Server v16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor…

Read More

Full Disclosure mailing list archives APPLE-SA-2017-01-18-2 Logic Pro X 10.3 From: Apple Product Security <product-security-noreply () lists apple com> Date: Wed, 18 Jan 2017 11:57:24 -0800 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 APPLE-SA-2017-01-18-2 Logic Pro X 10.3 Logic Pro X 10.3 is now available and addresses the following: Projects Available…

Read More

Full Disclosure mailing list archives APPLE-SA-2017-01-18-1 GarageBand 10.1.5 From: Apple Product Security <product-security-noreply () lists apple com> Date: Wed, 18 Jan 2017 11:57:21 -0800 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 APPLE-SA-2017-01-18-1 GarageBand 10.1.5 GarageBand 10.1.5 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 and…

Read More