Full Disclosure
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 12 min 24 sec ago
remote code execution when open a project in android studio that google refused to fix(still 0day)
Posted by houjingyi on Dec 21
Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0When you open a project in android studio, if gradle-wrapper.properties set
distributionUrl=https\://
services.gradle.org/distributions/gradle-2.6-all.zip
<https://www.google.com/url?q=http://services.gradle.org/distributions/gradle-2.6-all.zip&sa=D&usg=AFQjCNHSuog_mDHXLFUDcfXdMkVSqzfLug>,
then android studio will download and extract gradle-2.6-all.zip, jar file
in...
SUPREMO Local privilege escalation
Posted by Adan Alvarez on Dec 21
Details=======
Subject: Local Privilege Escalation
Product: SUPREMO by Nanosystems S.r.l.
Vendor Homepage: https://www.supremocontrol.com/
Vendor Status: fixed version released
Vulnerable Version: 4.1.3.2348 (No other version was tested, but it is
believed for the older versions to be also vulnerable.)
Fixed Version: 4.2.0.2423
CVE Number: CVE-2020-25106
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25106
Authors: Victor...
Defense in depth -- the Microsoft way (part 68): where compatibility means vulnerability
Posted by Stefan Kanthak on Dec 18
Hi @ll,this post is a shortened version of
<https://skanthak.homepage.t-online.de/detour.html>
With Windows 2000 and Windows XP, Microsoft introduced the functions
SystemFunction035() alias RtlCheckSignatureInFile(),
SystemFunction036() alias RtlGenRandom(),
SystemFunction040() alias RtlEncryptMemory(), and
SystemFunction041() alias RtlDecryptMemory() in ADVAPI32.dll
Note: RtlCheckSignatureInFile() was never documented, it has the...
Rocket.Chat quietly patches XSS vulnerability
Posted by Moe Szyslak on Dec 18
Rocket.Chat has quietly fixed a stored XSS vulnerability in the followingcommits:
https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021c
https://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9
Exploitation of this vulnerability is very straightforward by manipulating
a message attachment to contain a XSS payload either in the type or the
body.
No release of Rocket.Chat...
CA20201215-01: Security Notice for CA Service Catalog
Posted by Kevin Kotas via Fulldisclosure on Dec 18
CA20201215-01: Security Notice for CA Service CatalogIssued: December 15, 2020
Last Updated: December 15, 2020
CA Technologies, a Broadcom Company, is alerting customers to a risk
with CA Service Catalog. A vulnerability can potentially exist in a
specific configuration that can allow a remote attacker to cause a
denial of service condition. CA published a solution and instructions
to resolve the vulnerability.
The vulnerability,...
Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18
Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP===============================================================================
Identifiers
-------------------------------------------------
CVE-2020-11718
Vendor
-------------------------------------------------
Balanc Shpk (https://bilanc.com)
Product
-------------------------------------------------
Programi Bilanc...
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key===============================================================================
Identifiers
-------------------------------------------------
CVE-2020-8995
Vendor
-------------------------------------------------
Balanc Shpk (https://bilanc.com)
Product
-------------------------------------------------
Programi Bilanc
Affected...
Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections [CVE-2020-11717]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18
Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections=============================================================================
Identifiers
-------------------------------------------------
CVE-2020-11717
Vendor
-------------------------------------------------
Balanc Shpk (https://bilanc.com)
Product
-------------------------------------------------
Programi Bilanc
Affected versions...
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-11719]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key===============================================================================
Identifiers
-------------------------------------------------
CVE-2020-11719
Vendor
-------------------------------------------------
Balanc Shpk (https://bilanc.com)
Product
-------------------------------------------------
Programi Bilanc
Affected...
Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password - CVE-2020-11720
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18
Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password===============================================================================
Identifiers
-------------------------------------------------
CVE-2020-11720
Vendor
-------------------------------------------------
Balanc Shpk (https://bilanc.com)
Product
-------------------------------------------------
Programi Bilanc
Affected versions...
SEC Consult SA-20201217-0 :: Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA)
Posted by SEC Consult Vulnerability Lab on Dec 17
SEC Consult Vulnerability Lab Security Advisory < 20201217-0 >=======================================================================
title: Multiple critical vulnerabilities
product: Trend Micro InterScan Web Security Virtual Appliance (IWSVA)
vulnerable version: < IWSVA 6.5 SP2 EN Patch 4 Build 1919
fixed version: IWSVA 6.5 SP2 EN Patch 4 Build 1919
CVE number: CVE-2020-8461, CVE-2020-8462,...
APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-4 Additional information forAPPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
macOS Big Sur 11.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211931.
AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)...
APPLE-SA-2020-12-14-9 macOS Server 5.11
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-9 macOS Server 5.11macOS Server 5.11 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211932.
Profile Manager
Available for: macOS Big Sur
Impact: Processing a maliciously crafted URL may lead to an open
redirect or cross site scripting
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation....
APPLE-SA-2020-12-14-8 Safari 14.0.2
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-8 Safari 14.0.2Safari 14.0.2 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212007.
WebRTC
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-15969: an anonymous researcher...
APPLE-SA-2020-12-14-7 tvOS 14.3
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-7 tvOS 14.3tvOS 14.3 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212005.
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27948: JunDong Xie of Ant Security...
APPLE-SA-2020-12-14-6 watchOS 6.3
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-6 watchOS 6.3watchOS 6.3 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212006.
Security
Available for: Apple Watch Series 1 and Apple Watch Series 2
Impact: Unauthorized code execution may lead to an authentication
policy violation
Description: This issue was addressed with improved checks.
CVE-2020-27951: Apple
Installation note:
Instructions on...
APPLE-SA-2020-12-14-5 watchOS 7.2
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-5 watchOS 7.2watchOS 7.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212009.
CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27948: JunDong Xie of Ant...
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001Catalina, Security Update 2020-007 Mojave
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212011.
AMD
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to execute...
APPLE-SA-2020-12-14-2 iOS 12.5
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-2 iOS 12.5iOS 12.5 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212004.
Security
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Unauthorized code execution may lead to an authentication
policy violation
Description: This issue was addressed with improved checks....
APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3
Posted by Apple Product Security via Fulldisclosure on Dec 15
APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3iOS 14.3 and iPadOS 14.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212003.
App Store
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An enterprise application installation prompt may display the
wrong domain
Description: A logic issue was addressed...