XenForo ToggleME 3.1.2 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenForo ToggleME plugin Vendor URL: https://xenforo.com/community/resources/toggleme.137/ Type: Cross-Site Scripting CWE-79 Date found: 2016-09-06 Date published: 2016-09-11 CVSSv3 Score: 5....

How to Change Desktop Icon for All Delivery Groups

This document outlines how to change Desktop Icon for All Delivery Groups in XD 7.X using storefront 2.X or 3.X. Changes If you are publishing both XenApp desktops and XenDesktop desktops you may want to change the default Xendesktop Icon to Custom Icon. XenDesktop desktop has the default icon as...

Microsoft Azure Cloud Security Auditing: Azurite

Microsoft Azure Cloud Security Auditing Auditing Cloud services has become an essential task and significant effort is required to assess the security of the available resources. Azurite was developed to assist penetration testers and auditors during the enumeration and reconnaissance activities...

BASHLITE Family Of Malware Infects 1 Million IoT Devices

More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say. According to Level 3 Threat Research Labs, a small malware family that goes by the names Lizkebab, BASHLITE, Torlus and Gafgyt is behind a web ...

Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook

Alleging a trail of broken promises, two privacy-focused advocacy groups yesterday filed a complaint with the Federal Trade Commission against a recent WhatsApp privacy policy change that states it will begin sharing user data with parent company Facebook. The Electronic Privacy Information Cente...

phpMyAdmin 4.4.15.x < 4.4.15.7 / 4.6.x < 4.6.3 Multiple Vulnerabilities

Binary data 9536.prm...

PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PCRE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the compilation of regular...

FreePBX 13/14 - Remote Command Execution / Privilege Escalation

!/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 STA...

Trump Comments Straddle Line of Soliciting Computer Crime

Donald Trump may have left himself an out today when he urged Russian hackers to find 30,000 emails deleted by Hillary Clinton from her private server. “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said during a press conference in Florida. “I...

Attributing Advanced Attacks Remains Challenge For Researchers

Amid the connections being made between the Russian government and the attack on the Democratic National Committee DNC, researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s...

Django CMS 'Groups' HTML Injection Vulnerability

Django CMS is Django Software Foundation of a set of open source based on the Django framework for content management systems . Django CMS suffers from an HTML injection vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be...

Drupal Organic groups module access bypass vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Organic groups is one of the modules that allows users to create and manage their own groups. A security vulnerability exists in the Drupal Organic groups module that could be exploited...

Microsoft Windows Current Groups

Binary data microsoftwindowscurrentgroups.nbin...

Server: Incorrect setup of external storage

The external storage functionality as implemented in ownCloud 9.0.x before 9.0.2 is improperly setting up external storages when multiple groups have been granted access to an external storage and a user is member of both groups. The storage class is setup without any setup information, leading t...

Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2016-04309)

phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in phpmyadmin versions 4.4.x and 4.6.x in the user permissions page and the user group function, which can be exploited by an attacker to execute arbitrary scripts across sites...

Multiple XSS vulnerabilities

PMASA-2016-21 Announcement-ID: PMASA-2016-21 Date: 2016-06-23 Summary Multiple XSS vulnerabilities Description An XSS vulnerability was discovered on the user privileges page. An XSS vulnerability was discovered in the error console. An XSS vulnerability was discovered in the central columns...

Nuclear, Angler Exploit Kit Activity Has Disappeared

Criminal hackers are fickle about their attack vectors. You need to look no further for evidence of this than their constant migration from one exploit kit to another. And while there is an expansive menu of exploit kits, attackers do seem to congregate around a precious few. Researchers who stud...

Underground Market Selling Cheap Access to Hacked Servers

Criminals and advanced attackers for two years have had at their disposal an extensive trading platform selling access to hacked servers worldwide. For as little as $6 USD, attackers can purchase access to a compromised machine and launch attacks or get a one-time peek at all the data on a server...

CVE-2016-2500

Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814...

CVE-2016-2500

Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814...