Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 8 min 35 sec ago

C & C++ for OS - Filter Bypass & Persistent Vulnerability

25 April, 2016 - 05:03

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
C & C++ for OS - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1825

Release Date:
=============
2016-04-14

Vulnerability Laboratory ID (VL-ID):
====================================
1825

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator

22 April, 2016 - 05:39

Posted by SEC Consult Vulnerability Lab on Apr 22

SEC Consult Vulnerability Lab Security Advisory < publishing date 20160422-1 >
=======================================================================
title: Multiple vulnerabilities in Digitalstrom Konfigurator
product: Digitalstrom Konfigurator
vulnerable version: 1.10.0
fixed version: 1.10.4
CVE number: -
impact: High
homepage: http://www.digitalstrom.com/...

SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app

22 April, 2016 - 05:33

Posted by SEC Consult Vulnerability Lab on Apr 22

SEC Consult Vulnerability Lab Security Advisory < 20160422-0 >
=======================================================================
title: Insecure data storage
product: my devolo - android application - air.de.devolo.my.devolo
vulnerable version: 1.2.8
fixed version:
CVE number:
impact: High
homepage: http://www.devolo.com/
found: 2015-10-30...

CVE-2016-3074: libgd: signedness vulnerability

21 April, 2016 - 14:35

Posted by Hans Jerry Illikainen on Apr 21

Overview
========

libgd [1] is an open-source image library. It is perhaps primarily used
by the PHP project. It has been bundled with the default installation
of PHP since version 4.3 [2].

A signedness vulnerability (CVE-2016-3074) exist in libgd 2.1.1 which
may result in a heap overflow when processing compressed gd2 data.

Details
=======

4 bytes representing the chunk index size is stored in a signed integer,
chunkIdx[i].size, by...

Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (predicatable filename)

21 April, 2016 - 14:35

Posted by Sysdream Labs on Apr 21

Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (predicatable filename)
==========================================================================================================

Description
===========

When using the "database backup/logging on filesystem" feature, iThemes security generates a weak filename allowing
attackers to obtain the backup/log file if they know when the backup/log file was...

Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights)

21 April, 2016 - 14:35

Posted by Sysdream Labs on Apr 21

Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights)
==================================================================================================

Description
===========

A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to
backup/log files.

By default, when using the "database backup on filesystem" feature, iThemes Security...

Time-based SQL Injection in Admin panel ImpressCMS <= v1.3.9

21 April, 2016 - 14:35

Posted by Manuel Garcia Cardenas on Apr 21

=============================================
MGC ALERT 2016-002
- Original release date: April 8, 2016
- Last revised: April 21, 2016
- Discovered by: Manuel García Cárdenas
- Severity: 7,1/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
-------------------------
Time-based SQL Injection in Admin panel ImpressCMS <= v1.3.9

II. BACKGROUND
-------------------------
ImpressCMS is a community developed...

Avast SandBox Escape via IOCTL Requests

20 April, 2016 - 15:07

Posted by Kyriakos Economou on Apr 20

* CVE: CVE-2016-4025
* Vendor: Avast
* Reported by: Kyriakos Economou
* Date of Release: 19/04/2016
* Affected Products: Multiple
* Affected Version: Multiple
* Fixed Version: N/A

Description:
A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by
dropping its files out of it and/or by modifying existing legitimate files of any type.

Affected Products:

Avast Internet Security v11.x.x...

Lock Browser 5.3 (Browser Security, Open Source, Python)

20 April, 2016 - 15:07

Posted by David Leo on Apr 20

SUMMARY
This open source tool strictly controls what web browser can access, which stops web browser from loading harmful
content - Phishing, Non-Secure HTTP, or whatever that's not in your whitelist.

SITUATION
"Security flaws in Google Chrome, Microsoft Edge, and Apple Safari were all successfully exploited... browsers as well
as Windows, OS X, and Flash"...

Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1

20 April, 2016 - 15:07

Posted by research () rv3lab org on Apr 20

###################################################

01. ### Advisory Information ###

Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly
Webshare) v1.3.1
Date published: 2016-15-04
Date of last update: 2014-03-04
Vendors contacted: Oliver (formerly Webshare) v1.3.1
Discovered by: Rv3Laboratory [Research Team]
Severity: Medium

02. ### Vulnerability Information ###

CVE reference: CVE-2014-2710
VU#279207
OVI-2016-7982
CVSS v2 Base...

[ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability

20 April, 2016 - 15:07

Posted by ERPScan inc on Apr 20

Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-005]
Risk: Medium
Advisory URL:...

[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability

20 April, 2016 - 15:07

Posted by ERPScan inc on Apr 20

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2234918
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-004]
Risk: Medium
Advisory URL:...

Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege

20 April, 2016 - 15:07

Posted by Stefan Kanthak on Apr 20

Hi @ll,

the executable installers of G-Data's "security" products for
Windows, available from <https://www.gdata.de/downloads>, allow
escalation of privilege!

The downloadable executables are self-extractors containing the
real executable installer as resource: they create the subdirectory
%TEMP%\{guidguid-guid-guid-guid-guidguidguid}
using another resource containing the hardcoded value of this GUID,
extract the real...

Announcing NorthSec 2016 - Montreal, May 19-22

16 April, 2016 - 08:32

Posted by Pierre-David / NorthSec Conference on Apr 16

www.nsec.io - northsec.eventbrite.ca

NorthSec 2016, one of the biggest applied security event in Canada, coming up in Montreal May 17-22, with 2 days of
intense training sessions, followed by a 2-day technical conference and the largest 48h on-site CTF.

-------- Training Sessions --------
There are still a few seats available in our Training Sessions
https://www.nsec.io/training-sessions/

* Modern Object-Oriented Malware Reverse Engineering...

Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability

16 April, 2016 - 08:32

Posted by Sandro Poppi on Apr 16

Abstract
--------
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting
Vulnerability
Affected Version: MSHTML.DLL 11.0.9600.18231 and probably below on
Windows 7 SP1
Vendor Homepage: http://www.microsoft.com
Severity: high
Status: fixed
CVE-ID: CVE-2016-0160

Description
-----------
Microsoft Internet Explorer 11 ships with MSHTML.DLL referencing various
DLLs which are not present on a Windows 7 SP1 installation, Windows 10
is not...

[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues

16 April, 2016 - 08:32

Posted by ERPScan inc on Apr 16

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-003]
Risk: Hight
Advisory URL:...

[ERPSCAN-16-002] SAP HANA - log injection and no size restriction

15 April, 2016 - 09:26

Posted by ERPScan inc on Apr 15

Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP HANA
Advisory ID: [ERPSCAN-16-002]
Risk: Hight
Advisory URL:...

[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability

15 April, 2016 - 09:26

Posted by ERPScan inc on Apr 15

Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-001]
Risk: Hight
Advisory URL:...

PfSense Community Edition Multiple Vulnerabilities

15 April, 2016 - 09:25

Posted by Francesco Oddo on Apr 15

( , ) (,
. '.' ) ('. ',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_=''"''=....

Re: end of useable crypto in browsers?

15 April, 2016 - 09:25

Posted by Tony Arcieri on Apr 15

On Sat, Apr 9, 2016 at 2:34 AM, Árpád Magosányi <mag () magwas rulez org>
wrote:

Using X.509 client certificates with browsers has a *huge* problem: they
don't follow the same-origin policy, and <keygen> was not designed for this
in mind. Without following SOP, browsers wind up doing a terrible thing:
prompting the user to select which TLS client cert/key to use with a
particular web site. This is bad for both UX and...