Re: [FD] Point of Sale WinREST machines remote privilege escalation

Have you reported this to CERT and/or the company? I know from personal experience they're very slow, it's good to be covered by responsible disclosure since you just violated a series of Portuguese laws :\ I know FEUP/UP have a CERT, so you could have used them a intermediary, if you didn't al

Re: [FD] Point of Sale WinREST machines remote privilege escalation

As requested the solution is trivial. Edit samba configuration file and remove Root file share. It is pointless and not recommended at all. --- Vítor Silva up201402...@fc.up.pt Estudante FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DO PORTO Rua do Campo Alegre, s/n, 4169-007 Porto, Portugal www.fc.up

Re: [FD] Point of Sale WinREST machines remote privilege escalation

Victor, Impressive work but it seems to me you went further than necessary. The consequences of the open access were obvious without actually logging on and tainting the target system. Did you at least try to inform PIE of the vulnerable deployment? What was their response? regards, Doug > Mes

[FD] BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware

Vendor: FireEye, https://www.fireeye.com Affected Product: FireEye FX, AX, NX, EX Affected Version: FX < 7.5.1, AX < 7.7.0, NX < 7.6.1, EX < 7.6.2 Severity: High Title:

Re: [FD] [oss-security] HTTPS Only (Open Source, Python)

+-- On Thu, 11 Feb 2016, David Leo wrote --+ | If browser tries to access HTTP address, | you will have three options: | try HTTPS, | Google Cache, | or copy-and-paste the address. | | There is no option to "temporarily bypass HTTPS Only". | You can always do that in another browser. | | Project

[FD] Tiny Tiny RSS Blind SQL Injection

# Exploit Title: Tiny Tiny RSS Blind SQL Injection # Date: 15-02-2016 # Software Link: http://tt-rss.org/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps 1. Description $item_id inside process_category_order() is

[FD] Packet Hacking Village Speaker Workshops at DEF CON 24 CFP Now Open (Modified)

#Overview The Wall of Sheep would like to announce a call for presentations at DEF CON 24 at the Paris and Bally's Hotels in Las Vegas, NV from Thursday, August 4th to Sunday, August 7th. The Wall of Sheep will be delivering talks that increase security awareness and provide skills that can be imme

[FD] Browser Security Tool: HTTPS Only (Why, How, Open Source, Python)

(@moderators The original post was too brief. This one has details.) Summary This tool completely locks browser - just HTTPS, nothing else. This tool is extremely simple - less than 100 lines of code(Python and JavaScript). Why Firefox Add-on Firesheep Brings Hacking to the Masses http://www.pc

[FD] Redaxo CMS contains multiple vulnerabilities

=== LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities - Problem Overview Technical Risk: high Likelihood of Exploitation: medium Vendor: https://www.redaxo.