[FD] Sophos WAF (WebServer Protection) does not analyze JSON data

SECURITYLABS INTELLIGENT RESEARCH - SECURITY ADVISORY http://www.securitylabs.com.br/ ADVISORY/0115 - SOPHOS WAF (WEBSERVER PROTECTION) DOES NOT ANALYZE JSON DATA PRIORITY: MEDIUM TYPE: WAF Bypass 1 - About SecurityLabs Intelligent Research --- Sec

[FD] New release: UFONet v0.5b "Invasion"

Hi list, I am glad to present a new release of this tool. http://ufonet.sf.net "UFONet is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet." Main options are: * Auto-update * Clean code (only needs python-py

[FD] [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information Disclosure via SQL IMPORT FROM statement 1. Impact on Business = Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated

[FD] [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection Vulnerability 1. Impact on Business = Under certain conditions the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attac

[FD] hwclock(8) SUID privilege escalation

Hello, During a recent assessment I have stumbled across a system which had hwclock(8) setuid root hwclock is a part of util-linux, all versions affected $ man hwclock | sed -n '223,231p' Users access and setuid Sometimes, you need to install hwclock setuid root. If you want users other

[FD] Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability

Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability -- http://www.info-sec.ca/advisories/Thycotic-SecretServer.html Overview "With the Password Manager Secret Server app, you can access passwords for an EXISTING on-premise Secret Server or Secret Server Onl

[FD] RootedCON 2015 videos published

Hello, Finally we can share with you most of the videos of the last RootedCON talks, celebrated in Spain (Madrid) on March as always :) Some of the talks are: - Infection in BIOS, UEFI and derivatives - Turia: Development & Operations - How I met your eWallet - Can I play with madness - Bypass

[FD] ClearPass Policy Manager Stored XSS

=== title: ClearPass Policy Manager Stored XSS case id: CM-2014-01 product: Aruba ClearPass Policy Manager vulnerability type: Stored cross-site script s

[FD] CVE-2015-4066: SQLi vulnerabilities in WordPress plugin "GigPress"

# Title: SQLi vulnerabilities in WordPress plugin "GigPress" # Author: Adrián M. F. - adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage: https://wordpress.org/plugins/gigpress/ # Active installs: 20,000+ # Vulnerable version: 2.3.8 # Fixed version: 2.3.9 # CVE: CVE-2015-4066 Vulnerab

[FD] CVE-2015-4064, CVE-2015-4065: Multiple vulnerabilities in WordPress plugin "WordPress Landing Pages"

# Title: Multiple vulnerabilities in WordPress plugin "WordPress Landing Pages" # Author: Adrián M. F. - adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage: https://wordpress.org/plugins/landing-pages/ # Active installs: 20,000+ # Vulnerable version: 1.8.4 # Fixed version: 1.8.5 # CVE:

[FD] CVE-2015-4062, CVE-2015-4063: Multiple vulnerabilities in WordPress plugin "NewStatPress"

# Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" # Author: Adrián M. F. - adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage: https://wordpress.org/plugins/newstatpress/ # Active installs: 20,000+ # Vulnerable version: 0.9.8 # Fixed version: 0.9.9 # CVE: CVE-2015-406