Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 3 min ago

[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR)

14 February, 2020 - 12:32

Posted by Thierry Zoller on Feb 14


[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

14 February, 2020 - 12:32

Posted by Thierry Zoller on Feb 14


[TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum)

14 February, 2020 - 12:32

Posted by Thierry Zoller on Feb 14


[EnumJavaLibs]_ Remote Java classpath enumerator

14 February, 2020 - 12:32

Posted by RedTimmy Security on Feb 14

Hi,
we have just released EnumJavaLibs to perform java classes enumeration against java services.

To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding
calls to readObject() and finding a way for user input to reach that function. In case we don’t have source code
available, we can spot serialized objects on the wire by looking for binary blobs or base64 encoded objects (recognized...

RootedCON 2020 - Registration, Trainings, Speakers and Hacker Night

14 February, 2020 - 12:32

Posted by omarbv on Feb 14

______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|

Rooted CON 2020 will be held from 5th to 7th 2020 in Kinepolis cinemas
in Madrid (Spain). All talks are both in English and Spanish as there is
simultaneous translation (...

Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag

14 February, 2020 - 12:31

Posted by Marcin Kozlowski on Feb 14

OK, I think I got it the condition

Below is Mobile (Android) Bluetooth subsystem log:

02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch reassemble_and_dispatch
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch partial_packet->offset 21 packet->len 683
HCI_ACL_PREAMBLE_SIZE 4
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch projected_offset...

CA20200205-01: Security Notice for CA Unified Infrastructure Management

14 February, 2020 - 12:31

Posted by Ken Williams via Fulldisclosure on Feb 14

CA20200205-01: Security Notice for CA Unified Infrastructure Management

Issued: February 5th, 2020
Last Updated: February 14th, 2020

CA Technologies, A Broadcom Company, is alerting customers to three
vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM).
Multiple vulnerabilities exist that can allow an unauthenticated remote
attacker to execute arbitrary code or commands, read from or write to
systems, or conduct denial of...

CVE-2019-18915 HP System Event Utility / Privilege Escalation Vulnerability

14 February, 2020 - 12:31

Posted by hyp3rlinx on Feb 14

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/HP-SYSTEM-EVENT-UTILITY-LOCAL-PRIVILEGE-ESCALATION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.hp.com

[Product]
HP System Event Utility

The genuine HPMSGSVC.exe file is a software component of HP System Event
Utility by HP Inc.
HP System Event Utility enables the functioning of special...

[KIS-2020-05] SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities

12 February, 2020 - 14:05

Posted by Egidio Romano on Feb 12

----------------------------------------------------------
SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities
----------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.10 and prior versions.

[-] Vulnerabilities Description:

1) The vulnerability is located within the SOAP API, specifically into
the set_entries() SOAP
function. User input passed through...

[KIS-2020-04] SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control Vulnerability

12 February, 2020 - 14:04

Posted by Egidio Romano on Feb 12

------------------------------------------------------------------------------
SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control
Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.11 and prior versions.

[-] Vulnerability Description:

There is a Local File Inclusion vulnerability within the...

[KIS-2020-03] SuiteCRM <= 7.11.11 (action_saveHTMLField) Bean Manipulation Vulnerability

12 February, 2020 - 14:03

Posted by Egidio Romano on Feb 12

--------------------------------------------------------------------------
SuiteCRM <= 7.11.11 (action_saveHTMLField) Bean Manipulation
Vulnerability
--------------------------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.11 and prior versions.

[-] Vulnerability Description:

The vulnerability exists because the...

[KIS-2020-02] SuiteCRM <= 7.11.11 Multiple Phar Deserialization Vulnerabilities

12 February, 2020 - 14:02

Posted by Egidio Romano on Feb 12

-----------------------------------------------------------------
SuiteCRM <= 7.11.11 Multiple Phar Deserialization Vulnerabilities
-----------------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.11 and prior versions.

[-] Vulnerabilities Description:

1) User input passed through the "backup_dir" parameter when handling
the "Backups"...

[KIS-2020-01] SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities

12 February, 2020 - 14:02

Posted by Egidio Romano on Feb 12

---------------------------------------------------------------------
SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities
---------------------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.11 and prior versions.

[-] Vulnerabilities Description:

1) The vulnerability exists because the...

Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag

11 February, 2020 - 18:02

Posted by Marcin Kozlowski on Feb 11

Hi all,

You can read more here, if you didn't hear about it:

https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/

Looking at the patch, when I understood it correctly, it seems all you need
to send fragmented GAP ACL L2CAP data over HCI:

https://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf

Anybody can confirm/deny? Anybody had success on doing it?

Starting...

xglance-bin exploit (CVE-2014-2630)

7 February, 2020 - 13:06

Posted by redazione on Feb 07

In one of our recent penetration tests we have abused a vulnerability affecting a suid binary called “xglance-bin“.
Part of HP Performance Monitoring solution, it allowed us to escalate our local unprivileged sessions on some Linux
RHEL 6.x/7.x/8.x systems to root. To be very honest, it was not the first time we leveraged that specific vulnerability
as we abused it frequently on many HP servers with RHEL installed since 2014.

There has...

New Release: UFONet v1.4 - "T|M3WaRS!"...

7 February, 2020 - 13:04

Posted by psy on Feb 07

Hi Community,

I am glad to present a new release of this tool:

- https://ufonet.03c8.net

"UFONet is a free software, P2P and cryptographic -disruptive toolkit-
that allows to perform DoS and DDoS attacks; on the Layer 7 (APP/HTTP)
through the exploitation of Open Redirect vectors on third-party
websites to act as a botnet and on the Layer3 (Network) abusing the
protocol."

See these links for more info:

- UFONet schema (WebAbuse...

Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege

1 February, 2020 - 02:17

Posted by Stefan Kanthak on Jan 31

Hi @ll,

Intel® Processor Identification Utility - Windows* Version,
version 6.0.0211 from 2019-02-11, available from
<https://downloadmirror.intel.com/28539/a08/Intel(R)%20Processor%20Identification%20Utility.exe>
via <https://downloadcenter.intel.com/download/28539>, and
earlier versions 6.0.* are vulnerable: in default installations
of all supported versions of Windows (really: Windows Vista and
later), they allows arbitrary code...

[CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED

1 February, 2020 - 02:17

Posted by Stefan Kanthak on Jan 31

Hi @ll,

on September 29, 2019, John Page reported a remote code execution
with escalation of privilege in TrendMicro's Anti-Threat Toolkit
to its vendor.
TrendMicro assigned CVE-2019-9491 to this vulnerability and told
the reporter, his dog and the world on October 18, 2019, that they
had fixed the vulnerable product.

See <https://success.trendmicro.com/solution/000149878>,
<https://seclists.org/fulldisclosure/2019/Oct/42> and...

LPE and RCE in OpenSMTPD (CVE-2020-7247)

1 February, 2020 - 02:17

Posted by Qualys Security Advisory on Jan 31

Qualys Security Advisory

LPE and RCE in OpenSMTPD (CVE-2020-7247)

==============================================================================
Contents
==============================================================================

Summary
Analysis
Exploitation
Acknowledgments

==============================================================================
Summary
==============================================================================...

Defense in depth -- the Microsoft way (part 61): security features are built to fail (or documented wrong)

1 February, 2020 - 02:17

Posted by Stefan Kanthak on Jan 31

Hi @ll,

(a long[er] form of the following advisory is available at
<https://skanthak.homepage.t-online.de/snafu.html>)

With Windows 10 1607, Microsoft introduced the /DEPENDENTLOADFLAG
linker option, a security feature to restrict or limit the search
path for DLLs:

| On supported operating systems, this option has the effect of
| changing calls to LoadLibrary("dependent.dll") to the equivalent
| of...