Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 3 min 4 sec ago

IBM WebSphere deserialization of untrusted data

11 October, 2016 - 11:51

Posted by Agazzini Maurizio on Oct 11

Security Advisory @ Mediaservice.net Srl
(#02, 07/10/2016) Data Security Division

Title: IBM WebSphere deserialization of untrusted data
Application: IBM WebSphere 7,8,8.5,9
Description: The application server deserializes unstrusted data
when the WASPostParam cookie is present. This can lead
to a DoS via resource exhaustion and potentially remote
code execution....

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

11 October, 2016 - 11:50

Posted by Matthias Deeg on Oct 11

Advisory ID: SYSS-2016-043
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-05-19
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory:...

[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks

11 October, 2016 - 11:47

Posted by Matthias Deeg on Oct 11

Advisory ID: SYSS-2016-068
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-07-07
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory:...

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

11 October, 2016 - 11:45

Posted by Matthias Deeg on Oct 11

Advisory ID: SYSS-2016-043
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-05-19
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory:...

[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

11 October, 2016 - 11:45

Posted by Matthias Deeg on Oct 11

Advisory ID: SYSS-2016-033
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-04-22
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory: Gerhard...

Re: IE11 is not following CORS specification for local files

11 October, 2016 - 11:43

Posted by Ricardo Iramar dos Santos on Oct 11

Same attack using XSS as vector.
Imagine that https://xss-doc.appspot.com is a site about gift cards.
The XSS payload below will create a giftcard.htm file in the default
download folder.
If the victim open the file a GET to
https://mail.google.com/mail/u/0/#inbox will be submitted.
After the GET the file will perform a POST to
http://192.168.1.36/req.php using the GET response as a body.
An attacker would be able to read all the emails in the...

Re: IE11 is not following CORS specification for local files

11 October, 2016 - 11:43

Posted by Ricardo Iramar dos Santos on Oct 11

I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on download default folder.
If the victim perform the three following clicks (Save, Open and Allow
blocked content) an attacker would be able to perform any...

Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348]

11 October, 2016 - 11:40

Posted by Nightwatch Cybersecurity Research on Oct 11

Original at:
https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/

Summary

Android devices can be crashed remotely forcing a halt and then a soft
reboot by a MITM attacker manipulating assisted GPS/GNSS data provided
by Qualcomm. This issue affects the open source code in AOSP and
proprietary code in a Java XTRA downloader provided by Qualcomm. The
Android issue was fixed by in the October 2016 Android bulletin....

[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities

11 October, 2016 - 11:26

Posted by Gergely Eberhardt on Oct 11

Avtech devices multiple vulnerabilities
--------------------------------------------------

Platforms / Firmware confirmed affected:
- Every Avtech device (IP camera, NVR, DVR) and firmware version. [4]
contains the list of confirmed firmware versions, which are affected.
- Product page: http://www.avtech.com.tw/

ôAVTECH, founded in 1996, is one of the worldÆs leading CCTV
manufacturers. With stably increasing revenue and practical business...

CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.)

11 October, 2016 - 11:24

Posted by Dawid Golunski on Oct 11

Vulnerability: Apache Tomcat packaging on RedHat-based distros

CVE-2016-5425

Discovered by:
Dawid Golunski (http://legalhackers.com)

Affected systems: Multiple Tomcat packages on RedHat-based systems
including: CentOS,Fedora,OracleLinux,RedHat etc.

Short Description:

Apache Tomcat packages provided by default repositories of RedHat-based
distributions (including CentOS, RedHat, OracleLinux, Fedora, etc.)
create a tmpfiles.d configuration...

Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities

11 October, 2016 - 11:22

Posted by admin () evolution-sec com on Oct 11

Document Title:
===============
Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1928

Release Date:
=============
2016-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
1928

Common Vulnerability Scoring System:
====================================
3.7

Product & Service Introduction:...

Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG

11 October, 2016 - 10:45

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-048
- Onapsis SVS ID: ONAPSIS-00243...

Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm

11 October, 2016 - 10:33

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could impersonated as another person.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-029
- Onapsis SVS ID: ONAPSIS-00151
- CVE: CVE-2016-4407
-...

Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage

11 October, 2016 - 10:01

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage

1. Impact on Business
=====================
By exploiting this vulnerability, an attacker could obtain access to additional SAP systems, potentially compromising
these systems as well as the information stored and processed by them.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
-...

Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

11 October, 2016 - 09:41

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-046
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

11 October, 2016 - 09:21

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-45
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY

11 October, 2016 - 08:48

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-044
- Onapsis SVS ID: ONAPSIS-00250
-...

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability

11 October, 2016 - 08:10

Posted by Vulnerability Lab on Oct 11

Document Title:
===============
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1972

Vulnerability Magazine:
https://www.vulnerability-db.com/?q=articles/2016/10/10/facebook-api-v21-hit-rfc6749-open-redirect-attack-vulnerability

Release Date:
=============
2016-10-10

Vulnerability Laboratory ID (VL-ID):
====================================...

SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT)

11 October, 2016 - 02:03

Posted by SEC Consult Vulnerability Lab on Oct 11

SEC Consult Vulnerability Lab Security Advisory < 20161011-0 >
=======================================================================
title: XML External Entity Injection (XXE)
product: RSA Enterprise Compromise Assessment Tool (ECAT)
vulnerable version: 4.1.0.1
fixed version: 4.1.2.0
CVE Number: -
impact: Medium
homepage: https://www.rsa.com
found: 2016-04-27...