[FD] [KIS-2016-13] Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability

2016-11-07 Thread Egidio Romano
--- Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability --- [-] Software Link: https://piwik.org/ [-] Affected Versions: Version 2.16.0 and prior versions. [-

[FD] [RootedCON 2017] Call for Papers open for RootedCON Madrid 2017!

2016-11-07 Thread Román Ramírez
Hello all: We have opened the Call for Papers for our upcoming event in Madrid, Spain. RootedCON is the biggest security event in Spain and one of the biggest of Europe. Here you can find attached the text for the CFP (EN, for english speakers, ES, for spanish ones), and you if you prefer to acce

[FD] VBScript CRegExp..Execute use of uninitialized memory details (MSIE 8-11, IIS, CScript.exe/WScript.exe)

2016-11-07 Thread Berend-Jan Wever
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the fifth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161107001.html. There you can find a repro tha

[FD] Several unpatched vulns in OwnCloud

2016-11-07 Thread Felix Matei
Dear Community By comparing the advisory of NextCloud and OwnCloud I figured out that OwnCloud has multiple not patched vulnerabilities. You can see list here it seems all patches missing from latest Nextcloud 10.0.1 release in OwnCloud: https://nextcloud.com/security/advisories. This seems to

[FD] [SYSS-2016-085] Aruba OS Improper Authentication - (CWE-287)

2016-11-07 Thread Klaus Tichmann
Advisory ID: SYSS-2016-085 Product: AOS Manufacturer: Aruba Networks Affected Version(s): 6.3.1.19 Tested Version(s): 6.3.1.19 on an RAP-3 router Vulnerability Type: Improper Authentication Risk Level: High Solution Status: Open Manufacturer Notification: 2016-09-06 Solution Date: -- Public Disclos

[FD] Intel(R) HD Graphics 10 - Unquoted Path Privilege Escalation

2016-11-07 Thread Vulnerability Lab
Document Title: === Intel(R) HD Graphics 10 - Unquoted Path Privilege Escalation References (Source): https://www.vulnerability-lab.com/get_content.php?id=1981 Release Date: = 2016-11-02 Vulnerability Laboratory ID (VL-ID):

[FD] Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability

2016-11-07 Thread Vulnerability Lab
Document Title: === Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1931 Release Date: = 2016-11-07 Vulnerability Laboratory ID (VL-ID): =

[FD] Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability

2016-11-07 Thread Vulnerability Lab
Document Title: === Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1871 Release Date: = 2016-11-04 Vulnerability Laboratory ID (VL-ID): ===

[FD] Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability

2016-11-07 Thread Vulnerability Lab
Document Title: === Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1870 Release Date: = 2016-11-03 Vulnerability Laboratory ID (VL-ID): =