Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 53 sec ago

CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0

21 December, 2018 - 04:45

Posted by Rafael Pedrero on Dec 21

<!--
# Exploit Title: DLL Hijacking in Exiftool v8.3.2.0
# Date: 18-12-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://owl.phy.queensu.ca/~phil/exiftool/
# Software Link: http://owl.phy.queensu.ca/~phil/exiftool/
# Version: v8.3.2.0
# Tested on: all
# CVE : CVE-2018-20211
# Category: webapps

1. Description

ExifTool 8.32 allows local users to gain privileges by creating a
%TEMP%\par-%username%\cache-exiftool-8.32 folder with a...

CVE-2018-20193 - Privilege escalation in Juniper Secure Access SSL VPN - SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631)

21 December, 2018 - 04:45

Posted by Rafael Pedrero on Dec 21

In 2006...

<!--
# Exploit Title: Privilege escalation in Juniper Secure Access SSL VPN -
SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631)
# Date: 18-12-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.juniper.net/
# Software Link: http://www.juniper.net/
# Version: Juniper Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2
Release (build 7631)
# Tested on: all
# CVE : CVE-2018-20193
# Category: webapps

1. Description...

DAVOSET v.1.3.7

21 December, 2018 - 04:45

Posted by MustLive on Dec 21

Hello participants of Mailing List.

Since announcement of DAVOSET in 2010 and all releases, I've made next
update of the software. Recently DAVOSET v.1.3.7 was released - DDoS attacks
via other sites execution tool (http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

GitHub: https://github.com/MustLive/DAVOSET

Download DAVOSET v.1.3.7:...

New vulnerabilities in Transcend Wi-Fi SD Card

21 December, 2018 - 04:44

Posted by MustLive on Dec 21

Hello list!

There are Directory Traversal and Cross-Site Request Forgery vulnerabilities
in Transcend Wi-Fi SD Card.

-------------------------
Affected products:
-------------------------

Vulnerable is the next model: Transcend Wi-Fi SD Card 16 GB, Firmware v.1.8.
This model with other firmware versions and other Transcend models also can
be vulnerable. Transcend didn't answer will they fix these and other holes.

----------
Details:...

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section

21 December, 2018 - 04:44

Posted by Murat Aydemir on Dec 21

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the
Notes column of the Alarms section

II. CVE REFERENCE
-------------------------
CVE-2018-20339

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
20/12/2018 OPManager replay that they fixed

V. CREDIT...

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section

21 December, 2018 - 04:44

Posted by Murat Aydemir on Dec 21

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL
injection in the Alarms section

II. CVE REFERENCE
-------------------------
CVE-2018-20338

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
20/12/2018 OPManager replay that they fixed

V. CREDIT
-------------------------...

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API

21 December, 2018 - 04:44

Posted by Murat Aydemir on Dec 21

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection
via the getGraphData API.

II. CVE REFERENCE
-------------------------
CVE-2018-20173

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
17/12/2018 OPManager replay that they fixed

V. CREDIT
-------------------------...

Capstone disassembler v4.0 is out!

21 December, 2018 - 04:43

Posted by Nguyen Anh Quynh on Dec 21

Greetings,

We are super excited to announce version 4.0 of Capstone disassembler
framework!

Exactly 5 years ago, on December 18th of 2013, we published the first
version. Today, this release 4.0 marks 5 years of our project! Such a long
journey, which is impossible without huge community support!

In no particular order, we would like to thank Thinkst Canary
<https://canary.tools/>, NowSecure <https://www.nowsecure.com/>, ECQ
<...

[CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities

21 December, 2018 - 04:39

Posted by advisories on Dec 21

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

GIGABYTE Drivers Elevation of Privilege Vulnerabilities

*1. *Advisory Information**

Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities
Advisory ID: CORE-2018-0007
Advisory URL:
http://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Date published: 2018-12-18
Date of last update: 2018-12-18
Vendors contacted: Gigabyte
Release...

[CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities

21 December, 2018 - 04:39

Posted by advisories on Dec 21

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

ASUS Drivers Elevation of Privilege Vulnerabilities

*1. *Advisory Information**

Title: ASUS Drivers Elevation of Privilege Vulnerabilities
Advisory ID: CORE-2017-0012
Advisory URL:
http://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
Date published: 2018-12-18
Date of last update: 2018-12-18
Vendors contacted: Asus
Release mode: User release...

Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)

21 December, 2018 - 04:38

Posted by zzt0907 on Dec 21

# Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
## Product Download: https://sourceforge.net/projects/pcre/files/pcre/
## Vulnerability Type??Buffer Overflow
## Attack Type : local
## Vulnerability Description
a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive
call

## POC
https://github.com/followboy1999/poc/tree/master/CVE-2017-16231
./pcretest pcre_poc.txt
##...

LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)

21 December, 2018 - 04:38

Posted by zzt0907 on Dec 21

#CVE-2017-16232
# LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)
## Product Download: http://www.libtiff.org/ http://download.osgeo.org/libtiff/
## Vulnerability Type??memory leak
## Attack Type : local
## Vulnerability Description
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow
attackers to cause a denial of service (memory consumption), as demonstrated
by tif_open.c, tif_lzw.c, and tif_aux.c
## POC...

Tracking Linux Kernel Vulnerabilities

14 December, 2018 - 13:04

Posted by Nicholas Luedtke on Dec 14

All,

I've posted this before, but due to substantial changes, it might be
more useful now. We have been tracking vulnerabilities in various
upstream Kernel versions for sometime. We have recently made the
automated output of this tracker available via the web for those who
have similar use cases. This is still under development to make the
information easier to consume. Enjoy.

https://www.linuxkernelcves.com/

-nsl

YSTS 13th Edition - CFP

14 December, 2018 - 13:03

Posted by Luiz Eduardo on Dec 14

This is the official form to submit your paper to You sh0t the Sheriff 2019

Where: Sao Paulo, Brazil

When: May 27th, 2019

Call for Papers Open: November 28th, 2018

Call for Papers Close: February 28th, 2019

http://www.ysts.org

@ystscon

ABOUT THE CONFERENCE
you Sh0t the Sheriff is a very unique, one-day, event dedicated to
bringing cutting edge talks to the top-notch
professionals of the Brazilian Information Security Community.

The...

GNU inetutils <= 1.9.4 telnet.c multiple overflows

14 December, 2018 - 13:02

Posted by Hacker Fantastic via Fulldisclosure on Dec 14

GNU inetutils <= 1.9.4 telnet.c multiple overflows
==================================================
GNU inetutils is vulnerable to a stack overflow vulnerability in the
client-side environment
variable handling which can be exploited to escape restricted shells on
embedded devices.
Most modern browsers no longer support telnet:// handlers, but in instances
where URI
handlers are enabled to the inetutils telnet client this issue maybe...

Mikrotik RouterOS telnet arbitrary root file creation 0day

14 December, 2018 - 13:02

Posted by Hacker Fantastic via Fulldisclosure on Dec 14

Mikrotik RouterOS telnet arbitrary root file creation 0day
==========================================================
This weakness occurs "post-authentication" and can be used to escape the
restricted shell on Mikrotik devices and escalate "readonly" privileges.
Mikrotik contains a hidden "devel" login option which can be enabled
through use of an "options" package.

An exploitable arbitrary file creation...

CVE-2018-7691 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities

14 December, 2018 - 13:01

Posted by alt3kx via Fulldisclosure on Dec 14

Details
================
Software: Fortify SSC (Software Security Center)
Version: 17.10, 17.20 & 18.10
Homepage: [https://www.microfocus.com](https://www.microfocus.com/)
Advisory report: https://github.com/alt3kx/CVE-2018-7691
CVE: CVE-2018-7691 at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7691
CVSS: 6.5 (Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CWE-639

Description
================
REST API contains Insecure direct object...

CVE-2018-7690 | The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities

14 December, 2018 - 13:01

Posted by alt3kx via Fulldisclosure on Dec 14

Details
================
Software: Fortify SSC (Software Security Center)
Version: 17.10, 17.20 & 18.10
Homepage: [https://www.microfocus.com](https://www.microfocus.com/)
Advisory report: https://github.com/alt3kx/CVE-2018-7690
CVE: CVE-2018-7690 at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7690
CVSS: 6.5 (Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CWE-639

Description
================
Fortify SSC (Software Security Center)...

Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the domainController API.

11 December, 2018 - 13:33

Posted by Murat Aydemir on Dec 11

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before Build 123237 has XSS via the
domainController API.

II. CVE REFERENCE
-------------------------
CVE-2018-19921

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
06/12/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Murat...

Dynamic Loader Oriented Programming - Wiedergaenger PoC (Proof of Concept) on Ubuntu 16.04.5 LTS - 2018

11 December, 2018 - 13:32

Posted by Marcin Kozlowski on Dec 11

Hi all,

This is a great technique to reliably allow to escalate unbounded array
access vulnerabilities.

Full article/writeup of my experiences with screenshots is available at:

https://www.linkedin.com/pulse/my-experiences-dynamic-loader-oriented-programming-poc-kozlowski/

or here as PDF:

https://github.com/marcinguy/LOP-wiedergaenger/blob/master/wiedergaenger.pdf

Repo URL, with samples, is at:
https://github.com/marcinguy/LOP-wiedergaenger...