ASP.NET jVideo Kit version 1.0 suffers from a remote SQL injection vulnerability.

BSidesLisbon 2019 has announced its call for papers. It will be held November 28th and 29th at Auditorio FMD-UL.

B-Sides Ljubljana will be held April 4th, 2020 in Ljubljana, Slovenia.

BSides Brussels is a security conference in Brussels, Belgium, with talks, workshops and villages. The goal is to strengthen the exchange of knowledge, cooperation, communication, and integration between the different actors active in the IT security industry. We are pleased to announce that the first edition of BSides Brussels will be held on May 28th, 2020.

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.

This Metasploit module exploits a stack-based buffer overflow in the Win32AddConnection function of the VideoLAN VLC media player. Versions 0.9.9 throught 1.0.1 are reportedly affected. This vulnerability is only present in Win32 builds of VLC. This payload was found to work with the windows/exec and windows/meterpreter/reverse_tcp payloads. However, the windows/meterpreter/reverse_ord_tcp was found not to work.

This whitepaper is a study that gives an overview about what methodology a hacker uses to hack into a system, discusses a theft of millions from the central bank of Bangladesh, and more.

AVideo Platform version 8.1 suffers from an information disclosure vulnerability that allows for user enumeration.

The Citytv Video Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to third party sites (Adobe Experience Cloud, ScorecardResearch). Citytv Video Android versions 4.08.0 and below and iOS versions 3.36 and below are affected.

iDEFENSE Security Advisory 01.13.05-3 - Local exploitation of a design error vulnerability in the inpview command included in multiple versions of Silicon Graphics Inc.'s IRIX could allow for arbitrary code execution as the root user. iDEFENSE has confirmed the existence of this vulnerability in SGI IRIX version 6.5.9 (feature) and 6.5.22 (maintenance).

iDEFENSE Security Advisory 04.07.05 - Local exploitation of an information disclosure vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX Operating System could allow for the disclosure of sensitive information such as the root user's password hash. The vulnerability specifically exists in the way that gr_osview opens user-specified description files without dropping privileges. When this is combined with the debug option, it is possible to dump a line from an arbitrary file, regardless of its protection.

iDEFENSE Security Advisory 04.07.05 - Local exploitation of a file overwrite vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX operating system could allow for the overwriting of arbitrary files, regardless of permissions. The vulnerability specifically exists in the way that gr_osview opens user specified files without dropping privileges. When a file is specified using the -s option, it will be opened regardless of permissions, and operating system usage information will be written into it.

iDEFENSE Security Advisory 10.10.05-1 - Local exploitation of a design error vulnerability in the runpriv command included in multiple versions of Silicon Graphics Inc.'s IRIX could allow for arbitrary code execution as the root user. iDEFENSE has confirmed the existence of this vulnerability in SGI IRIX version 6.5.22 (maintenance). It is suspected that previous and later versions of both the feature and maintenance revisions of IRIX 6.5 are also vulnerable.