Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 10 min 12 sec ago

Announce Keypatch v2.1, a better assembler for IDA Pro!

14 hours 49 min ago

Posted by Nguyen Anh Quynh on Jan 18

Greetings,

We are happy to release Keypatch v2.1, the open-source award-winning
assembler tool for IDA Pro!

Based on Keystone engine, this new version of Keypatch brings some
important features, as follows.

- Added a new function to search for assembly instructions, so it is easy
to grep for ROP gadgets in the binary. This will be helpful for
exploitation writers.
- Removed the "Assembler" function, which is redundant since now you...

SEC Consult SA-20170117-0 :: XSS in Recommend Page extension for TYPO3 CMS (pb_recommend_page)

17 January, 2017 - 04:11

Posted by SEC Consult Vulnerability Lab on Jan 17

SEC Consult Vulnerability Lab Security Advisory < 20170117-0 >
=======================================================================
title: Cross Site Scripting (XSS)
product: Recommend Page extension for TYPO3 CMS (pb_recommend_page)
vulnerable version: <=2.0.3
fixed version: -
CVE number: -
impact: Medium
homepage: https://typo3.org/
found: 2016-10-21...

EuskalHack Security Congress CFP

17 January, 2017 - 03:59

Posted by Joxean Koret on Jan 17

] EuskalHack Call For Papers / Call For Trainings [

TL;DR: Awesome security conference in Donostia-San Sebastian (Basque
Country) with even more awesome food happening in June 23-24th 2017.
If it sounds great to you, continue reading ;)

Introduction
------------

EuskalHack Security Congress Second Edition is coming again, the first
Ethical Hacking association of Basque Country, with the aim of promoting
the community and culture in information...

Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software

17 January, 2017 - 03:58

Posted by Roberto Soares on Jan 17

=====[ Tempest Security Intelligence -ADV-2/2016 CVE-2016-6285 ]==========

Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software
---------------------------------------------------------------

Author(s):

- Roberto Soares
- roberto.soares () tempest.com.br

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents ]================================================

1....

Multiple RCE in ZyXEL / Billion / TrueOnline routers

17 January, 2017 - 03:58

Posted by Pedro Ribeiro on Jan 17

Hi,

TrueOnline is a Thai ISP that distributes customised versions of ZyXEL
and Billion routers - customised with vulnerabilities that is.
The routers contain several default administrative accounts and command
injections that can be abused by authenticated and unauthenticated
attackers. Details in the advisory below, which is a copy of
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
Metasploit modules have...

New exploit for new vulnerability in WordPress Plugin + tutorial

17 January, 2017 - 03:55

Posted by Diego on Jan 17

Hi guys.

I foun’t a new vulnerabiliti in a wordpress plugin called: “Direct Download
for WooCommerce”.

This vulnerability allow you make an Remote LFI download, so, we can
download any in the server where we’re running this plugin, I foun’t this
vulnerability the last week and I reported this to Kameleon but i don’t know
if this bug is partched right now in a new versión.

I’ve been written an exploit to this plugin in Python. This...

Security BSides Ljubljana 0x7E1 CFP - March 10, 2017

17 January, 2017 - 03:54

Posted by Andraz Sraka on Jan 17

-=[ BSidesLjubljana Event info ]=-=-=-=-=-=-=-=-=-=-=-=-=-=- 

BSidesLjubljana - https://bsidesljubljana.si  
Date: March 10th, 2017
Venue: Poligon creative centre, Ljubljana, Slovenia, Europe  
CFP URL: https://bsidesljubljana.si/cfp/
CFP Submit form: https://goo.gl/forms/QXrdRm68rdJyV1ax2
Email: cfp[at]bsidesljubljana.si
Twitter: @BSidesLjubljana
Twitter hashtag: #BSidesLjubljana

-=[ CALL FOR PAPERS...

Apple (iTunes Notify) - Filter Bypass & Persistent Web Vulnerability

16 January, 2017 - 05:08

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
Apple (iTunes Notify) - Bypass & Persistent Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2024

Followup ID: 654962036

Vulnerability Magazine:
https://www.vulnerability-db.com/?q=articles/2016/12/22/apple-ios-102-notify-function-vulnerable-attacks-idevice-itunes-appstore

Release Date:
=============
2017-01-16

Vulnerability Laboratory ID...

Salesforce (Event Registration) - Persistent Vulnerability

16 January, 2017 - 04:45

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
Salesforce (Event Registration) - Persistent Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1991

Release Date:
=============
2017-01-11

Vulnerability Laboratory ID (VL-ID):
====================================
1991

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...

Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability

16 January, 2017 - 04:42

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2026

Release Date:
=============
2017-01-12

Vulnerability Laboratory ID (VL-ID):
====================================
2026

Common Vulnerability Scoring System:
====================================
4.4

Product & Service Introduction:...

Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege

15 January, 2017 - 10:39

Posted by Stefan Kanthak on Jan 15

Hi @ll,

the executable installers of SoftMaker's FlexiPDF,
<http://www.softmaker.net/down/flexipdf2017.exe> and
<http://www.softmaker.net/down/flexipdfbasic2017.exe>, built
with the crapware known as "InnoSetup", are vulnerable to DLL
hijacking: they load Windows DLLs from their "application
directory" instead Windows' "system directory": on Windows 7
at least UXTheme.dll and DWMAPI.dll.

This...

Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]

13 January, 2017 - 04:42

Posted by Dawid Golunski on Jan 13

[Updated CVE-2016-1247 advisory]

Nginx packages on Gentoo distros were also found vulnerable to Root
Privilege Escalation (CVE-2016-1247) exploit I discovered last year.

Updated advisory URL:
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html

Gentoo notice:
https://security.gentoo.org/glsa/201701-22

Follow:
https://twitter.com/dawid_golunski
for more vulns.

Regards,
Dawid Golunski
https://legalhackers.com...

ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers)

12 January, 2017 - 19:07

Posted by Fernando Gont on Jan 12

Folks,

I'm curious about whether folks are filtering ICMPv6 PTB<1280
and/or IPv6 fragments targeted to BGP routers (off-list datapoints are
welcome).

In any case, you mind find it worth reading to check if you're affected
(from Section 2 of recently-published RFC8021):

---- cut here ----
The security implications of IP fragmentation have been discussed at
length in [RFC6274] and [RFC7739]. An attacker can leverage the...

Multiple vulnerabilities in cPanel <= 60.0.34

12 January, 2017 - 19:07

Posted by Open Security on Jan 12

===[ Introduction ]===

cPanel offers web hosting software that automates the intricate workings
of web hosting servers.
cPanel equips server administrators with the necessary tools to provide
top-notch hosting to customers on tens of thousands of servers worldwide.

===[ Description ]===

I) Cross Domain Scripting :
A local user can run JavaScript code in other user's domain and access
cookies and compromise the victim website.
POC : User...

[CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions

12 January, 2017 - 19:07

Posted by Sysdream Labs on Jan 12

# CVE-2016-3403: Multiple CSRF in Zimbra Administration interface

## Description

Multiple CSRF vulnerabilities have been found in the administration
interface of Zimbra, giving possibilities like adding, modifying and
removing admin accounts.

## Vulnerability

Every forms in the Administration part of Zimbra are vulnerable to CSRF
because of the lack of a CSRF token identifying a valid session. As a
consequence, requests can be forged and...

Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability

11 January, 2017 - 05:00

Posted by Vulnerability Lab on Jan 11

Document Title:
===============
Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2028

Release Date:
=============
2017-01-10

Vulnerability Laboratory ID (VL-ID):
====================================
2028

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability

11 January, 2017 - 04:58

Posted by Vulnerability Lab on Jan 11

Document Title:
===============
Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2027

Release Date:
=============
2017-01-09

Vulnerability Laboratory ID (VL-ID):
====================================
2027

Common Vulnerability Scoring System:
====================================
5.8

Product & Service Introduction:...

Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability

11 January, 2017 - 04:56

Posted by Vulnerability Lab on Jan 11

Document Title:
===============
Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2025

Release Date:
=============
2017-01-10

Vulnerability Laboratory ID (VL-ID):
====================================
2025

Common Vulnerability Scoring System:
====================================
4.4

Product & Service Introduction:...

Bit Defender #39 - Auth Token Bypass Vulnerability

11 January, 2017 - 04:53

Posted by Vulnerability Lab on Jan 11

Document Title:
===============
Bit Defender #39 - Auth Token Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1683

Release Date:
=============
2017-01-09

Vulnerability Laboratory ID (VL-ID):
====================================
1683

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:
===============================...