[FD] AST-2014-018: AMI permission escalation through DB dialplan function

2014-11-20 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2014-018 ProductAsterisk SummaryAMI permission escalation through DB dialplan function

[FD] AST-2014-017: Permission escalation through ConfBridge actions/dialplan functions

2014-11-20 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2014-017 ProductAsterisk SummaryPermission escalation through ConfBridge actions/dialplan functions

[FD] AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver

2014-11-20 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2014-016 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service

[FD] AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver

2014-11-20 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2014-015 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service

[FD] AST-2014-014: High call load may result in hung channels in ConfBridge.

2014-11-20 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2014-014 ProductAsterisk SummaryHigh call load may result in hung channels in ConfBridge.

[FD] AST-2014-013: PJSIP ACLs are not loaded on startup

2014-11-20 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2014-013 ProductAsterisk SummaryPJSIP ACLs are not loaded on startup Nature of Advisory Unauthorized Access

[FD] AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic.

2014-11-20 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2014-012 ProductAsterisk SummaryMixed IP address families in access control lists may permit unwanted traffic.

[FD] Beginners error: "Google update" runs rogue programs %USERPROFILE%\Local.exe, %USERPROFILE%\Local Settings\Application.exe, %SystemDrive%\Documents.exe, %SystemDrive%\Program.exe, ...

2014-11-20 Thread Stefan Kanthak
Hi @ll, Google update, which is installed together with Google Chrome and other Google products, resp. the Chrome updater run the rogue programs "%USERPROFILE%\Local.exe", "%USERPROFILE%\Local Settings\Application.exe", "%SystemDrive%\Documents.exe", "%SystemDrive%\Documents and.exe", "%SystemDriv

[FD] DAVOSET v.1.2.3

2014-11-20 Thread MustLive
Hello participants of Mailing List. After making public release of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html), I've made next update of the software. At 15th of November DAVOSET v.1.2.3 was released - DDoS attacks via other sites execution

[FD] WordPress 3 persistent script injection

2014-11-20 Thread Jouko Pynnonen
OVERVIEW A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don't require authentication by default. The JavaScript injected into a comment is executed when the targe

[FD] CVE-2014-8349 LIFERAY Portal Stored XSS

2014-11-20 Thread Garcia, Ariel (LATCO - Buenos Aires)
"[CVE-2014-8349] " ** - Vendor Status: CONFIRMED - Vendor Disclosure Date: October 17th 2014 - Public Disclosure Date: November 14th 2014 - Affected Vendor: LIFERAY - http://www.liferay.com/ - Affected System: Lif

[FD] Capstone disassembly engine 3.0 released!

2014-11-20 Thread Nguyen Anh Quynh
Greetings, We are happy & excited to release version 3.0 of Capstone disassembly framework! This major version brings three new architectures (Sparc, SystemZ & XCore), together with a lot of bugfixes and important updates on Arm, Arm64, Mips, PPC & X86. Find the link to source code, binaries & de