Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 16 min 2 sec ago

[TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO)

3 January, 2020 - 13:15

Posted by Thierry Zoller on Jan 03


Open-Xchange Security Advisory 2020-01-02

3 January, 2020 - 13:13

Posted by Open-Xchange GmbH via Fulldisclosure on Jan 03

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (open-xchange, appsuite, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 67097 (Bug ID)
Vulnerability type: Cross-site scripting (CWE-80)...

CA20191218-01: Security Notice for CA Client Automation Agent for Windows

3 January, 2020 - 13:13

Posted by Kevin Kotas via Fulldisclosure on Jan 03

CA20191218-01: Security Notice for CA Client Automation Agent for
Windows

Issued: December 18, 2019
Last Updated: December 18, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Client Automation agent on Windows. A
vulnerability exists that can allow a local attacker to gain
escalated privileges. CA published solutions to address the
vulnerability and recommends that all affected customers implement
the...

New BlackArch Linux ISOs + OVA Image available!

3 January, 2020 - 13:11

Posted by Black Arch on Jan 03

Dear list,

We've released new BlackArch Linux ISOs and OVA image (version
2020.01.01). Many improvements and QA went through all packages and
tools Blackarch Linux offers! For details see the ChangeLog below. The
BlackArch repository, Live-ISO and OVA image include more than 2400
tools now. The aarch64 repository is filled with about 2200 tools.

A ChangeLog of the Live-ISO-2020.01.01:

- added 120 new tools
- add terminus font...

Microsoft Windows .Group File / URL Field Code Execution

3 January, 2020 - 13:11

Posted by hyp3rlinx on Jan 03

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.GROUP-FILE-URL-FIELD-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] apparitionsec@gmail
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
Windows ".Group" File Type

Gorup files are a collection of contacts created by Windows Contacts, an
embedded contact management...

Microsoft Exchange Server, External Service Interaction (DNS)

3 January, 2020 - 13:11

Posted by Alphan YAVAS on Jan 03

I. VULNERABILITY
-------------------------
Microsoft Exchange Server, External Service Interaction (DNS)
Exchange Server 2013 CU22 and previous.

II. CVE REFERENCE
-------------------------
Not Assigned Yet

III. VENDOR
-------------------------
https://www.microsoft.com

IV. DESCRIPTION
-------------------------
Microsoft Exchange Server are affected from External Service
Interaction(DNS) vulnerability. A remote attacker could force the...