Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 6 min 55 sec ago

CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used

5 December, 2016 - 12:16

Posted by Eissing Stefan on Dec 05

Security Advisory - Apache Software Foundation
Apache HTTPD WebServer / httpd.apache.org

Server memory can be exhausted and service denied when HTTP/2 is used

CVE-2016-8740

The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply limitations
on request headers correctly when experimental module for the HTTP/2
protocol is used to access a resource.

The net result is that a the server...

CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption

5 December, 2016 - 12:16

Posted by Berend-Jan Wever on Dec 05

Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful, you can help me make some time available by donating
bitcoin to 183yyxa9s1s1f7JBp­PHPmz­Q346y91Rx5DX.

This is the twenty-fifth entry in the...

Microsoft Event Viewer v1.0 XML External Entity

5 December, 2016 - 12:16

Posted by hyp3rlinx on Dec 05

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EVENT-VIEWER-XXE-FILE-EXFILTRATION.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
========================
Microsoft Event Viewer
Version: 1.0

The Windows Event Viewer shows a log of application and system messages –
errors, information messages, and warnings....

Microsoft MSINFO32.EXE ".NFO" Files XML External Entity

5 December, 2016 - 12:16

Posted by hyp3rlinx on Dec 05

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
==========================
Windows System Information
MSINFO32.exe v6.1.7601

Windows MSINFO32.EXE Displays a comprehensive view of your hardware, system
components, and software environment....

Microsoft Authorization Manager "azman" XML External Entity

5 December, 2016 - 12:16

Posted by hyp3rlinx on Dec 05

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-AZMAN-XXE-FILE-EXFILTRATION.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.microsoft.com

Product:
==============================
Microsoft Authorization Manager
v6.1.7601

The Authorization Manager allows you to set role-based permissions for
Authorization Manager-enabled applications.

You...

Microsoft Excel Starter 2010 XML External Entity

5 December, 2016 - 12:16

Posted by hyp3rlinx on Dec 05

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EXCEL-STARTER-XXE-REMOTE-FILE-DISCLOSURE.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
============================
Microsoft Excel Starter 2010
EXCELC.EXE / "OFFICEVIRT.EXE"

This is a bundled Excel "starter" version that comes...

Microsoft Windows Media Center "ehshell.exe" XML External Entity

5 December, 2016 - 12:16

Posted by hyp3rlinx on Dec 05

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTER-XXE-FILE-DISCLOSURE.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.microsoft.com

Product:
==================================
Windows Media Center "ehshell.exe"
version 6.1.7600

Vulnerability Type:
====================
XML External Entity

CVE Reference:...

CVE-2013-0019: MSIE 9 CDoc::ExecuteScriptUri use-after-free

3 December, 2016 - 14:08

Posted by Berend-Jan Wever on Dec 03

Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful, you can help me make some time available by donating
bitcoin to 183yyxa9s1s1f7JBp­PHPmz­Q346y91Rx5DX.

This is the twenty-fourth entry in the...

New CSRF vulnerabilities in D-Link DAP-1360

1 December, 2016 - 13:10

Posted by MustLive on Dec 01

Hello list!

After previous Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities, here are new ones. There are Cross-Site Request Forgery
vulnerabilities in D-Link DAP-1360 (Wi-Fi Access Point and Router).

-------------------------
Affected products:
-------------------------

Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be vulnerable.

D-Link should fix these...

WinPower V4.9.0.4 Privilege Escalation

1 December, 2016 - 13:10

Posted by Kacper Szurek on Dec 01

# Exploit Title: WinPower V4.9.0.4 Privilege Escalation
# Date: 29-11-2016
# Software Link: http://www.ups-software-download.com/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# Category: local

1. Description

UPSmonitor runs as SYSTEM process.

We can communicate with monitor using RMI interface.

In manager app there’s an “Administrator” password check, but the password...

XSS in tooltip plugin of Zurb Foundation 5

1 December, 2016 - 13:10

Posted by Winni Neessen on Dec 01

XSS vulnerabilty in the tooltip plugin of Zurb Foundation 5.x
=============================================================

URL to this advisory: https://nop.li/foundation5tooltipxss

Vendor
======
http://zurb.com/

Product
=======
(Taken from http://foundation.zurb.com/sites/docs/v/5.5.3/)
Foundation is the most advanced, responsive front-end framework in the
world. The framework is mobile
friendly and ready for you to customize it any way you...

Eagle Speed USB MODEM SOFTWARE Privilege Escalation

1 December, 2016 - 13:09

Posted by Rio Sherri on Dec 01

# Vulnerability Description:
# When the Eagle Speed software is installed a service with name ZDServ is
installed.
# The service itself has the right permissions which do not allow to
reconfigure the binary
# but the path the binary is writable by any authenticated user.
#
# C:\Users\lowpriv>sc qc zdserv
# [SC] QueryServiceConfig SUCCESS
#
# SERVICE_NAME: zdserv
# TYPE : 110 WIN32_OWN_PROCESS (interactive)
#...

Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21

1 December, 2016 - 13:09

Posted by Pierre-David Oriol - Northsec Conference on Dec 01

www.nsec.io - northsec.eventbrite.ca

NorthSec 2017, one of the biggest applied security event in Canada,
coming up in Montreal in May 2017:

May 16-17 - Professional Training Sessions - Syllabus Announced Soon
May 18-19 - Security Conference & Workshops
May 19-21 - The biggest 48H on-site CTF in North America, with 350+ attendees

* We are looking for great speakers to submit to our 2017 CFP at
http://www.nsec.io/cfp

Subjects covered range...

CVE-2015-6168: MS Edge CMarkup::EnsureDeleteCFState use-after-free details

1 December, 2016 - 13:09

Posted by Berend-Jan Wever on Dec 01

As I am sure you are by now well aware, in November I decided to start
releasing details on all vulnerabilities I found in web-browsers that I
had not released before. As I was unable to publish all of them within a
single month, I will try to continue to publish all my old
vulnerabilities, including those not in web-browser, as long as I can
find some time to do so. If you find this information useful, you can
help me make some time available by...

[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues

1 December, 2016 - 13:09

Posted by FOXMOLE Advisories on Dec 01

=== FOXMOLE - Security Advisory 2016-05-02 ===

e107 Content Management System (CMS) - Multiple Issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Affected Versions
=================
e107 2.1.2 Bootstrap CMS

Issue Overview
==============
Vulnerability Type: Multiple Vulnerabilities
Technical Risk: medium
Likelihood of Exploitation: medium
Vendor: e107
Vendor URL: http://www.e107.org
Credits: FOXMOLE employee Tim Herres
Advisory URL:...

Opera foreignObject textNode::removeChild use-after-free details

1 December, 2016 - 13:09

Posted by Berend-Jan Wever on Dec 01

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twenty-second entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

Due to the recent Firefox 0-day, I've selected a very old and not so
interesting bug for today, so you can...

Google Chrome Accessibility blink::Node corruption details

1 December, 2016 - 13:09

Posted by Berend-Jan Wever on Dec 01

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twenty-first entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161129001.html. There you...

Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on Activate via local Buffer Overflow Vulnerability (Wifi Network)

1 December, 2016 - 09:32

Posted by Vulnerability Lab on Dec 01

Title: Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on
Activate via local Buffer Overflow Vulnerability (Wifi Network)

URL: https://www.youtube.com/watch?v=yygvBJBFy4s

Ref: https://www.vulnerability-lab.com/get_content.php?id=2018

Note: Using the rotate function and night shift to merge the mask,
allows as well to bypass the protection for iOS v10.1.1 like in the
video demonstrated.