[FD] [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability

2015-05-22 Thread CORE Advisories Team
1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update: 2015-05-22 Vendors contacted: Sendio Rele

[FD] SAP Security Notes May 2015

2015-05-22 Thread Darya Maenkova
SAP has released the monthly critical patch update for May 2015. This patch update closes a lot of vulnerabilities in SAP products, some of them belong in the SAP HANA security area. This month, three critical vulnerabilities found by ERPScan researchers Dmitry Chastukhin a

[FD] Hacktivity 2015 CFP

2015-05-22 Thread Ferenc Spala
Hi all, Please find our CFP below - would be great to see many submissions from you ;) [ == Hacktivity 2015 Call For Papers == ] Conference: October 9-10, 2015 CFP closing date: June 30, 2015 CFP notification to authors: July 31, 2015 Venue: Budapest, Hungary Web: https://hacktivity.com Ema

[FD] 0day Mailbird XSS

2015-05-22 Thread Henri Salo
I created inquiry about this issue to their support and got two replies: Leonardo Santoso, May 11, 12:50: We are investigating this issue right now, I'll let you know once we know more about it. Thank you for notifying us about it. Leonardo Santoso, May 21, 17:50: This issue should be fix in the

[FD] Hue 3.7.1 Local Privilege Escalation

2015-05-22 Thread Henri Salo
Hue project responded in two different messages: """ This is not changed, the Hue project provides this command as a helper, this is up to the packaging distribution to change the permissions of/move

[FD] Multiple Vulnerabilities in Openlitespeed <= 1.3.10 - CVE-b045-73d a.k.a. Analbleed.

2015-05-22 Thread Henri Salo
David from litespeedtech.com replied: "These are two bugs used to be in v1.3.10 and we fixed all of them in 1.3.11 now." -- Henri Salo ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RS

[FD] call for paper(information retrieval, privacy)

2015-05-22 Thread Hongkai Wu
Workshop on Privacy-Preserving Information Retrieval, held in conjunction with the ACM SIGIR conference (August 13, 2015; Santiago de Chile) Submission Deadline: June 5, 2015. Acceptance Notifications: June 15, 2015 Camera-ready Deadline: June 22, 2015 Workshop: August 13, 2015 Submission types:

[FD] Broken, Abandoned, and Forgotten Code, Part 5

2015-05-22 Thread Zach C
Part 5 is up. In this and the next several parts we start analyzing the structure of Netgear R6200 firmware updates. We switch over to the HTTP daemon because it's less broken and a little easier to analyze than upnpd. The overall goal is to reverse engineer the firmware format so we can generate