Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 12 min 47 sec ago

Multiple vulnerabilities in ASUS RT-N10

15 September, 2016 - 14:34

Posted by MustLive on Sep 15

Hello list!

There are multiple vulnerabilities in ASUS Wireless Router RT-N10. There are
Code Execution, Cross-Site Scripting and URL Redirector Abuse
vulnerabilities.

-------------------------
Affected products:
-------------------------

Vulnerable are the next models: ASUS RT-N10, RT-N10E, RT-N10LX and RT-N10U
with different versions of firmware. I checked in RT-N10 with firmware
version 1.9.2.7.

Asus ignored vulnerabilities in RT-G32,...

Keypatch v2.0 is out!

15 September, 2016 - 14:34

Posted by Nguyen Anh Quynh on Sep 15

Greetings,
(cc: Thanh Nguyen, VNSecurity)

We are excited to release Keypatch 2.0, a better assembler for IDA Pro!

This new version of Keypatch brings some important features, as follows.

- Fix some issues with ARM architecture (including Thumb mode)
- Better support for Python 2.6 & older IDA versions (confirmed to work on
IDA 6.4)
- Save original instructions (before patching) in IDA comments.
- NOP padding also works when new instruction...

Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )

15 September, 2016 - 14:34

Posted by Mark Koek on Sep 15

Well, 'remote root'... The PoC asks for a working MySQL user name and
password.

And I don't really get how that account can re-set the logfile location
without SUPER privileges?

Am I wrong in thinking that this is really "just" a MySQL admin -> root
privilege escalation? Don't get me wrong, still a very nice exploit, but...

Mark

Re: Brute force every Samsung repair customer's info with ease

15 September, 2016 - 14:34

Posted by Justa Person on Sep 15

Either Samsung reads this list or they just have great timing. Just shy of
three weeks later they responded asking for more information. Hope they
close it soon.

Security Advisory -- Multiple Vulnerabilities - MuM Map Edit

15 September, 2016 - 14:34

Posted by Paul Baade on Sep 15

# Security Advisory -- Multiple Vulnerabilities - MuM Map Edit

## Product

Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH
Product: MapEdit
Affected software version: 3.2.6.0

MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and
regional governmental infrastructures to provide geodata to the population. It consists of a
silverlight client and a C#.NET backend. The...

Re: Brute force every Samsung repair customer's info with ease

15 September, 2016 - 14:34

Posted by Justa Person on Sep 15

Sure..Was having one heck of a time figuring out the proper number to enter
into the web form for my own repair and got to thinking about how terrible
it seemed to disclose all that info based on just a ticket number and
telephone number..And that I had tried a LOT of combinations from the info
they had given me unsuccessfully without any lockout or anything. Putting
those together I was able to do about 500 guesses/minute with that ugly
code....

Re: Brute force every Samsung repair customer's info with ease

15 September, 2016 - 14:34

Posted by Nick on Sep 15

You wish to give anymore info on how u came cross this? Please.

Ta

APPLE-SA-2016-09-14-1 iOS 10.0.1

15 September, 2016 - 14:30

Posted by Apple Product Security on Sep 15

APPLE-SA-2016-09-14-1 iOS 10.0.1

iOS 10.0.1 is now available and addresses the following:

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4655: Citizen Lab and Lookout

iOS 10.0.1 also includes the security content of iOS 10....

APPLE-SA-2016-09-13-3 watchOS 3

15 September, 2016 - 14:29

Posted by Apple Product Security on Sep 15

APPLE-SA-2016-09-13-3 watchOS 3

watchOS 3 is now available and addresses the following:

GeoServices
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermès
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719 : Razvan Deaconescu, Mihai Chiroiu (University...

APPLE-SA-2016-09-13-2 Xcode 8

15 September, 2016 - 14:29

Posted by Apple Product Security on Sep 15

APPLE-SA-2016-09-13-2 Xcode 8

Xcode 8 is now available and addresses the following:

otool
Available for: OS X El Capitan 10.11.5 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4704 : Shrek_wzw of Qihoo 360 Nirvan Team
CVE-2016-4705 : riusksk of Tencent Security Platform...

APPLE-SA-2016-09-13-1 iOS 10

15 September, 2016 - 14:29

Posted by Apple Product Security on Sep 15

APPLE-SA-2016-09-13-1 iOS 10

iOS 10 is now available and addresses the following:

Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for...

XSS found on www.google.fr

12 September, 2016 - 10:38

Posted by Sysdream Labs on Sep 12

# Cross-site scripting vulnerability found on www.google.fr

We were able to identify a cross-site scripting (XSS) vulnerability in the main domain of Google: www.google.fr.

### Description

Cross-site scripting is a kind of vulnerability that allows an attacker to send malicious code, usually in the form of
Javascript, to another user. Exploiting an XSS may lead to private information compromise, cookie theft or even browser
take over....

[RCESEC-2016-006] XenForo ToggleME 3.1.2 "/admin.php?options/list/toggleME" Multiple Persistent Cross-Site Scriptings

12 September, 2016 - 10:38

Posted by Julien Ahrens on Sep 12

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenForo ToggleME plugin
Vendor URL: https://xenforo.com/community/resources/toggleme.137/
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-09-06
Date published: 2016-09-11
CVSSv3 Score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered...

CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )

12 September, 2016 - 10:38

Posted by Dawid Golunski on Sep 12

Vulnerability: MySQL Remote Root Code Execution / Privilege Escalation 0day
CVE: CVE-2016-6662
Severity: Critical
Affected MySQL versions (including the latest):
<= 5.7.15
<= 5.6.33
<= 5.5.52

Discovered by:
Dawid Golunski
http://legalhackers.com

An independent research has revealed multiple severe MySQL vulnerabilities.
This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662.
The vulnerability affects MySQL...

Brute force every Samsung repair customer's info with ease

12 September, 2016 - 10:38

Posted by Justa Person on Sep 12

Samsung has zero interest in fixing this and I'm tired of trying to report
it to them. Enjoy.

http://pastebin.com/cKu2WDGV

[oss-security] CVE request - Airmail URLScheme render and file:// xss vulnerability

12 September, 2016 - 10:38

Posted by redrain root on Sep 12

Airmail is a popular email client on iOS and OS X.
I found a vulnerability in airmail of the latest version which could cause
a file:// xss and arbitrary file read.

Author: redrain, yu.hong () chaitin com
Date: 2016-08-15
Version: 3.0.2 and earlier
Platform: OS X and iOS
Site: http://airmailapp.com/
Vendor: http://airmailapp.com/
Vendor Notified: 2016-08-15

Vulnerability:
There is a file:// xss in airmail version 3.0.2 and earlier.
The app can...

Persistent Cross-Site Scripting in Woocommerce WordPress plugin

10 September, 2016 - 05:29

Posted by Summer of Pwnage on Sep 10

------------------------------------------------------------------------
Persistent Cross-Site Scripting in Woocommerce WordPress plugin
------------------------------------------------------------------------
Sipke Mellema, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A vulnerability exists in the Woocommerce API that allows...

Authorization bypass in InfiniteWP Admin Panel

10 September, 2016 - 05:29

Posted by Summer of Pwnage on Sep 10

------------------------------------------------------------------------
Authorization bypass in InfiniteWP Admin Panel
------------------------------------------------------------------------
Sipke Mellema, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
An authorization bypass was found in the InfiniteWP Admin Panel that
allows...

Command injection in InfiniteWP Admin Panel

10 September, 2016 - 05:28

Posted by Summer of Pwnage on Sep 10

------------------------------------------------------------------------
Command injection in InfiniteWP Admin Panel
------------------------------------------------------------------------
Sipke Mellema, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
The InfiniteWP Admin Panel can be used to execute arbitrary system
commands....

Reflected Cross-Site Scripting vulnerability in MailPoet Newsletters plugin

10 September, 2016 - 05:28

Posted by Summer of Pwnage on Sep 10

------------------------------------------------------------------------
Reflected Cross-Site Scripting vulnerability in MailPoet Newsletters
plugin
------------------------------------------------------------------------
Sipke Mellema, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found...