Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 2 min 41 sec ago

Panda Security Multiple Business Products - Privilege Escalation

6 April, 2016 - 10:29

Posted by Kyriakos Economou on Apr 06

* CVE: CVE-2016-3943
* Vendor: Panda Security
* Reported by: Kyriakos Economou
* Date of Release: 05/04/2016
* Affected Products: Multiple
* Affected Version: Panda Endpoint Administration Agent < v7.50.00
* Fixed Version: Panda Endpoint Administration Agent v7.50.00

Description:
Panda Endpoint Administration Agent v7.30.2 allows a local attacker to elevate his privileges from any account type
(Guest included) and execute code as SYSTEM,...

hardwear.io CFP 2016 - Hardware Security Conference Call for Papers

6 April, 2016 - 10:29

Posted by Hardwear Team on Apr 06

Dear Hackers and Security Gurus,

hardwear.io is seeking innovative research on hardware security. If you
have done interesting research on attacks or mitigation on any
Hardware and want to showcase it to the security community, just
submit your research paper. Please find all the relevant details for
the submission below.

About hardwear.io
----------------------------
hardwear.io Security Conference is a platform for hardware and
security...

Fireware XTM Web UI - Open Redirect

6 April, 2016 - 10:29

Posted by Manuel Mancera on Apr 06

================================================================
Fireware XTM Web UI - Open Redirect
================================================================

Information
--------------------
Name: Fireware XTM Web UI - Open Redirect
Affected Software : Fireware XTM Web UI
Affected Versions: < 11.10.7
Vendor Homepage : http://www.watchguard.com/
Vulnerability Type : Open Redirect
Severity : Low
CVE: n/a

Product
--------------------...

MeshCMS 3.6 – Multiple vulnerabilities

6 April, 2016 - 10:29

Posted by xiong piaox on Apr 06

Exploit Title: MeshCMS 3.6 – Multiple vulnerabilities

Date: 2016-04-03

Exploit Author: piaox xiong(xiongyaofu351 () pingan com cn)

Vendor Homepage: http://www.cromoteca.com/en/meshcms/

Software Link: http://www.cromoteca.com/en/meshcms/download/

Version: 3.6

Tested on: Windows OS

#############

Application Description:

MeshCMS is an online editing system written in Java. It provides a set of
features usually included in a CMS, but it...

Re: [SE-2012-01] Broken security fix in IBM Java 7/8

5 April, 2016 - 15:25

Posted by Security Explorations on Apr 05

Hello All,

I should have included the following information in my original post:
1) Issue 67 was assigned CVE-2013-3009 [1],
2) it originally affected IBM Java from versions 1.4 to 7 [2],
3) CVE-ID corresponding to a broken patch will likely not reflect the
original issue. This was the case for IBM's Issue 49 (CVE-2012-4823)
and two of its broken fixes (CVE-2013-3012 and CVE-2013-5458).
4) Incomplete patch for Issue 67 may affect...

Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability

5 April, 2016 - 06:23

Posted by Vulnerability Lab on Apr 05

Document Title:
===============
Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass
Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1814

Release Date:
=============
2016-04-05

Vulnerability Laboratory ID (VL-ID):
====================================
1814

Common Vulnerability Scoring System:
====================================
6.1

Product & Service...

Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit

4 April, 2016 - 14:16

Posted by exploits4coins.com 2 on Apr 04

## Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit ##

This particular vulnerability makes it possible to force a Stratum Mining
Pool to accept "invalid" shares by the thousands for each mining pool
round. It is possible to make pure money from this vulnerability. The
exploit is real but affects only a fraction of Stratum Mining Pools. Let's
dig into the technical side of this vulnerability.

##### What is stratum mining...

Tradukka affected by Cross-Site Scripting

4 April, 2016 - 14:16

Posted by Francisco Javier Santiago Vázquez on Apr 04

I. VULNERABILITY
-------------------------
Vulnerability Cross-Site Scripting (XSS)

II. PROOF OF CONCEPT
-------------------------
URL: http://tradukka.com/translate/en/es/
State: Fix & Patch
Vector: '><img src=x onerror=alert("XSS");>

III. SYSTEMS AFFECTED
-------------------------
The vulnerability affects the Translator Tradukka: http://tradukka.com

IV. CREDITS
-------------------------
These vulnerabilities have...

Reprint your I$ACA CPE's using Burp Suite! ( the no refund addition ! )

4 April, 2016 - 14:16

Posted by robert mccurdy on Apr 04

Reprint your I$ACA CPE's using Burp Suite! ( the 'no refund' addition ! )

* log into I$ACA.ORG
* goto http://www.i$aca.org/Education/Online-Learning/Pages/archived-webinars.aspx
* start a video to get some cookies etc...
* get all the ID#'s you like to get cert for and use them in the url below in burp history
* replace the ID in the url with the ID of the one you want cert for.

POST...

CVE-2016-2191: optipng: invalid write

4 April, 2016 - 14:16

Posted by Hans Jerry Illikainen on Apr 04

An invalid write may occur in optipng before version 0.7.6 while
processing bitmap images due to `crt_row' being (inc|dec)remented
without any boundary checking when encountering delta escapes.

optipng-0.7.5/src/pngxtern/pngxrbmp.c:
,----
| 210 static size_t
| 211 bmp_read_rows(png_bytepp begin_row, png_bytepp end_row, size_t row_size,
| 212 unsigned int compression, FILE *stream)
| 213 {
| ...
| 272 crt_row = begin_row;...

ManageEngine Password Manager Pro Multiple Vulnerabilities

4 April, 2016 - 14:16

Posted by Sebastian Perez on Apr 04

[Systems Affected]
Product : ManageEngine Password Manager Pro
Company : ZOHO Corp.
Build Number : 8.1 to 8.3 and probably earlier versions
Affected Versions : 8102 to 8302 and probably earlier versions

[Product Description]
Password Manager Pro is a secure vault for storing and managing
shared sensitive information such as passwords, documents and digital
identities of enterprises.

[Vulnerabilities]
Multiple vulnerabilities...

Pulse CMS Multiple Vulnerabilities

4 April, 2016 - 14:16

Posted by xiong piaox on Apr 04

Pulse CMS Multiple Vulnerabilities

1、Description

Exploit Title: Multiple Vulnerabilities in pulse 0.7.0 final

Date: 4-01-2016

Vendor Homepage:
http://pulse.torweg.org/site/Pulsar/en_US.CMS.displayCMS.13./pulse---the-java-web-application-framework

Vendor: pulse

Software: Content Management System

Version: version: pulse 0.7.0 final (build r2074)

2、Product Summary

================

An open source portal solution in Java. pulse delivers...

MeshCMS Command Execution Vulnerability

4 April, 2016 - 14:16

Posted by xiong piaox on Apr 04

#############

Exploit Title: MeshCMS 3.6 – Command Execution Vulnerability

Date: 2016-04-03

Exploit Author: piaox xiong

Vendor Homepage: http://www.cromoteca.com/en/meshcms/

Software Link: http://www.cromoteca.com/en/meshcms/download/

Version: 3.6

Tested on: Windows OS

#############

Application Description:

MeshCMS is an online editing system written in Java. It provides a set of
features usually included in a CMS, but it uses a more...

SQL Injection Vulnerability in DotCms v3.3

4 April, 2016 - 14:16

Posted by xiong piaox on Apr 04

Hello,please Add the following to the security mailing-lists.

1、Description

Exploit Title: SQL Injection Vulnerability in DotCms v3.3

Date: 3-28-2016

Vendor Homepage: http://dotcms.com/

Vendor: dotcms

Software: Content Management System

Version: v3.3

CVE:CVE-2016-3688

2、Product Summary

================

*dotcms*
<http://blog.dreamcss.com/content-management-system/dotcms-open-source-java-cms/>
is
a fully featured open source...

Multiple vulnerabilities found in Quanta LTE routers (backdoor, backdoor accounts, RCE, weak WPS ...)

4 April, 2016 - 14:16

Posted by Pierre Kim on Apr 04

## Advisory Information

Title: Multiple vulnerabilities found in Quanta LTE routers (backdoor,
backdoor accounts, RCE, weak WPS ...)
Advisory URL: https://pierrekim.github.io/advisories/2016-quanta-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2016-04-04-quanta-lte-routers-vulnerabilities.html
Date published: 2016-04-04
Vendors contacted: Quanta
Release mode: Released
CVE: no current CVE
DWF: no current DWF

## Product Description

Quanta...

Daily Edition theme for WordPress

4 April, 2016 - 14:16

Posted by MustLive on Apr 04

Hello!

Recently I wrote you about Daily Edition theme for WordPress. Earlier I
wrote about FPD vulnerability, but mentioned second one (AFU). The two
vulnerabilities from all, which I disclosed in 2011 in TimThumb.

Concerning this advisory about Daily Edition at security mailing lists:
https://packetstormsecurity.com/files/130720/WordPress-Daily-Edition-1.6.2-File-Upload.html
http://seclists.org/fulldisclosure/2015/Mar/35

Wang Jing disclosed...

Unauthenticated CSRF reboot flaw in ARRIS (Motorola) SURFboard modems

4 April, 2016 - 14:16

Posted by David Longenecker on Apr 04

ARRIS (formerly Motorola) SURFboard 6141 broadband cable modems, with the
latest firmware deployed by Time Warner Cable, have a LAN-side web UI with
a fixed IP address, that does not require authentication, and a cross site
request forgery vulnerability through which it is possible to reboot the
modem with one click.

It is also possible to factory reset the modem with a simple
unauthenticated URL. This causes a longer outage while the modem...

APPLE-SA-2016-03-31-1 iBooks Author 2.4.1

4 April, 2016 - 14:15

Posted by Apple Product Security on Apr 04

APPLE-SA-2016-03-31-1 iBooks Author 2.4.1

iBooks Author 2.4.1 is now available and addresses the following:

iBooks Author
Available for: OS X Yosemite v10.10 or later
Impact: Parsing a maliciously crafted iBooks Author file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook Author parsing. This issue was addressed through improved
parsing.
CVE-ID
CVE-2016-1789 : Behrouz...

Daily Edition theme for WordPress

4 April, 2016 - 12:50

Posted by MustLive on Apr 04

Hello!

In October I wrote you about vulnerability in the plugin for WordPress,
which was 100% repeat of my vulnerability, which I disclosed in 2010. And
here is another case, now with theme for WordPress.

Concerning this advisory about Daily Edition at security mailing lists:
https://packetstormsecurity.com/files/130753/WordPress-Daily-Edition-Theme-1.6.2-Path-Disclosure.html
http://seclists.org/fulldisclosure/2015/Mar/57

Wang Jing disclosed...

DotCMS injection Vulnerability

4 April, 2016 - 12:50

Posted by p0x2015 on Apr 04

Hello,please Add the following to the security mailing-lists.

1??Description

Exploit Title: SQL Injection Vulnerability in DotCms v3.3

Date: 3-28-2016

Vendor Homepage: http://dotcms.com/

Vendor: dotcms

Software: Content Management System

Version: v3.3

CVE:CVE-2016-3688

2??Product Summary

================

dotcms is a fully featured open source enterprise grade J2EE/Java based web content management system for
building/managing...