Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 18 min 56 sec ago

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

iCloud for Windows 10.9.2 is now available and addresses the
following:

ImageIO
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3826: Samuel Groß of Google Project Zero

libxml2
Available for: Windows 10 and later...

APPLE-SA-2020-1-29-1 iCloud for Windows 7.17

1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-29-1 iCloud for Windows 7.17

iCloud for Windows 7.17 addresses the following:

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3826: Samuel Groß of Google Project Zero

libxml2
Available for: Windows 7 and later
Impact: Processing maliciously crafted XML may lead...

APPLE-SA-2020-1-28-6 iTunes for Windows 12.10.4

1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-6 iTunes for Windows 12.10.4

iTunes for Windows 12.10.4 is now available and addresses the
following:

Mobile Device Service
Available for: Windows 7 and later
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved permissions logic.
CVE-2020-3861: Andrea Pierini (@decoder_it), Christian Danieli
(@padovah4ck)

Installation note:

iTunes for Windows 12.10.4 may be...

APPLE-SA-2020-1-28-5 Safari 13.0.5

1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-5 Safari 13.0.5

Safari 13.0.5 is now available and addresses the following:

Safari
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-3833: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

Safari Login AutoFill...

APPLE-SA-2020-1-28-4 tvOS 13.3.1

1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-4 tvOS 13.3.1

tvOS 13.3.1 is now available and addresses the following:

Audio
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team

ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously...

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

iOS 13.3.1 and iPadOS 13.3.1 are now available and address the
following:

Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360...

APPLE-SA-2020-1-28-3 watchOS 6.1.2

1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-3 watchOS 6.1.2

watchOS 6.1.2 is now available and addresses the following:

AnnotationKit
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3877: an anonymous researcher working with Trend Micro's
Zero Day Initiative

Audio...

APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update
2020-001 Mojave, Security Update 2020-001 High Sierra

macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and
Security Update 2020-001 High Sierra are now available and
address the following:

AnnotationKit
Available for: macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An...

[CFP] leHACK - June 26 - June 27, 2020

1 February, 2020 - 02:17

Posted by Hackira on Jan 31

Hello everyone,

For the second edition, leHACK will be held at la Cité des Sciences et de l'Industire, in Paris, on June 26 & 27 2020.

Since our community and the team enjoyed the site from the last year, it wasn't hard to pick a location, which hosted
la Nuit du Hack and leHACK for the previous years.

This year again will be at your disposal : a 3 level mezzanine, a 900 seats amphitheater, 2000m2 area decated to
exposure, the...

Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers

1 February, 2020 - 02:16

Posted by Błażej Adamczyk on Jan 31

UPDATE:
As there is no response from direct vendors (TOTOLINK and other) and
because the vulnerablity has a big impact (CVSSv3: 9.6, 70k vulnerable
devices on Internet) I decided to publish the exploit code:
https://sploit.tech/files/CVE-2019-19822-19825-exploit.sh

I kindly ask to spread information about the threat to make the users
aware of the problem and maybe force vendors to reconsider patching
their products..

Video:...

Become a speaker at Positive Hack Days 10. Call for Papers is now open

28 January, 2020 - 12:35

Posted by Alexander Lashkov via Fulldisclosure on Jan 28

The Call for Papers is now open for the Positive Hack Days forum on practical information security. Please submit your
application by March 31.

Both the esteemed experts and young specialists are welcome. An international program committee consisting of
independent researchers and leading IS and IT experts will name the best talks.

PHDays 10 topic is "The Origin." We invite everyone to participate in developing the concept of future...

Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers

24 January, 2020 - 13:11

Posted by Błażej Adamczyk on Jan 24

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
MULTIPLE VULNERABILITIES IN SEVERAL SERIES OF
REALTEK SDK BASED ROUTERS (TOTOLINK AND MANY
OTHER)

Blazej Adamczyk (br0x)
blazej.adamczyk () gmail com...

[UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857

24 January, 2020 - 13:10

Posted by hyp3rlinx on Jan 24

Updated, exploit PoC had a check for an unused module was testing and
removed, had two versions but previously sent the wrong one.

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.neowise.com

[Product]
CarbonFTP v1.4

CarbonFTP is a...

CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows

24 January, 2020 - 13:10

Posted by Pentagrid AG on Jan 24

Local Privilege Escalation in many Ricoh Printer Drivers for Windows
(CVE-2019-19363)
======================================================================

Summary
--------

Pentagrid has been asked to manage the coordinated disclosure process
for a vulnerability that affects several Windows printer drivers for a
wide range of printers by the printer manufacture Ricoh. Due to
improperly set file permissions of file system entries...

SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS

23 January, 2020 - 09:32

Posted by SEC Consult Vulnerability Lab on Jan 23

SEC Consult Vulnerability Lab Security Advisory < 20200123-0 >
=======================================================================
title: Cross-Site Request Forgery (CSRF)
product: Umbraco CMS
vulnerable version: version 8.2.2
fixed version: version 8.5
CVE number: CVE-2020-7210
impact: medium
homepage: https://umbraco.com/
found: October 2019...

SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus

22 January, 2020 - 06:09

Posted by SEC Consult Vulnerability Lab on Jan 22

SEC Consult Vulnerability Lab Security Advisory < 20200122-0 >
=======================================================================
title: Reflected XSS
product: ZOHO ManageEngine ServiceDeskPlus
vulnerable version: <= 11.0 Build 11007
fixed version: 11.0 Build 11010
CVE number: CVE-2020-6843
impact: medium
homepage: https://www.manageengine.com/products/service-desk/...

CarolinaCon CFP

21 January, 2020 - 13:24

Posted by CarolinaCon on Jan 21

CarolinaCon16 will be hosted in Charlotte, North Carolina at the Embassy
Suites, April 10th through the 11th. All interested in speaking in the
realm of hacking, technology, science, robotics or any other related
field are invited to submit a proposal to speak at the Con. A proposal
should include the following:

* Name or handle/alias
* Presentation name
* A brief abstract, 1-2 paragraphs
* An estimated time-length of your...

[REVIVE-SA-2020-001] Revive Adserver Vulnerability

21 January, 2020 - 13:23

Posted by Matteo Beccati via Fulldisclosure on Jan 21

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2020-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2020-001
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2020-01-21
Risk Level: Low...

Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857

21 January, 2020 - 13:22

Posted by hyp3rlinx on Jan 21

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.neowise.com

[Product]
CarbonFTP v1.4

CarbonFTP is a file synchronization tool that enables you to synch local
files with a remote FTP server and vice versa.
It provides a step-by-step...

[TZO-10-2020] - Bitdefender Malformed Archive bypass (RAR Compression Information)

17 January, 2020 - 13:21

Posted by Thierry Zoller on Jan 17