Hi all,
Please find our CFP below:
–[ Hackito Ergo Sum 2015
Conference: October 29-30, 2015
CFP closing date: September 10, 2015
Venue: Paris, France
Web: http://2015.hackitoergosum.org/
Email: hes-cfp_rAt_lists.hackitoergosum.org
Twitter: @hesconference
IRC: #hackito on freenode
–[ CFP
It’s
Title: Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-01
Download Site: https://wordpress.org/plugins/mdc-youtube-downloader
Vendor: https://profiles.wordpress.org/mukto90/
Vendor Notified: 2015-07-01, removed vulnerable co
Title: Remote file download vulnerability in wordpress plugin
wp-ecommerce-shop-styling v2.5
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-05
Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling
Vendor: https://profiles.wordpress.org/haet/
Vendor Notified: 2015-07-05, fixed
http://jaanuskp.blogspot.com/2015/07/fake-links-in-skype.html
The issue in Skype (bit hard to name it a real vulnerability) is actually a
simple one - you can send links that seem to direct user to one URL, but
actually send to some other. This is quite normal and expected in web pages GOOD_PLACE
It's public now:
https://code.google.com/p/chromium/issues/detail?id=497588
Interesting Points:
They did reproduce
"I can reproduce this locally"
They say it's DoS
"seems like any renderer denial-of-service"
(The browser does not crash!)
They say it's not security issue
"remove security flags
The Grandstream GXV3275 is an Android-based VoIP phone. Several
vulnerabilities were found affecting this device.
* The device ships with a default root SSH key, which could be used as a
backdoor:
/system/root/.ssh # cat authorized_keys
Public key portion is:
ssh-rsa
B3NzaC1yc2EDAQABg
