Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 5 min 19 sec ago

Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]

15 December, 2016 - 09:21

Posted by Dawid Golunski on Dec 15

Vulnerability:
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution

CVE-2016-9565

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Severity: High

Nagios Core comes with a PHP/CGI front-end which allows to view status
of the monitored hosts.
This front-end contained a Command Injection vulnerability in a RSS feed reader
class that loads (via insecure clear-text HTTP or HTTPS accepting...

CVE-2013-3143: MSIE 9 IEFRAME CMarkup..Remove­Pointer­Pos use-after-free

15 December, 2016 - 09:20

Posted by Berend-Jan Wever on Dec 15

Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 32nd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161214001.html. There you can find a repro
that triggered this issue in addition to the information below.

If you find these releases useful, and would like to help me make time
to continue releasing this kind of...

Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can (WordPress plugin)

14 December, 2016 - 04:51

Posted by dxw Security on Dec 14

Details
================
Software: MailChimp for WordPress
Version: 3.1.5,4.0.10
Homepage: http://wordpress.org/plugins/mailchimp-for-wp/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-mailchimp-for-wordpress-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description
================
Reflected XSS in MailChimp for WordPress could...

APPLE-SA-2016-12-13-8 Transporter 1.9.2

14 December, 2016 - 04:51

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-8 Transporter 1.9.2

Transporter 1.9.2 is now available and addresses the following:

iTMSTransporter
Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit),
Windows 7 and later (32 bit), and Red Hat Enterprise Linux (64 bit)
Impact: Parsing maliciously crafted EPUB may lead to disclosure of
user information
Description: An information disclosure issue existed in the parsing
of EPUB. This issue was addressed...

APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1

14 December, 2016 - 04:51

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-7 Additional information for
APPLE-SA-2016-12-12-2 watchOS 3.1.1

watchOS 3.1.1 addresses the following:

Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro

Audio
Available for: All Apple Watch models
Impact: Processing a...

APPLE-SA-2016-12-13-6 Additional information for APPLE-SA-2016-12-12-3 tvOS 10.1

14 December, 2016 - 04:51

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-6 Additional information for
APPLE-SA-2016-12-12-3 tvOS 10.1

tvOS 10.1 addresses the following:

Audio
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab)...

APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2

14 December, 2016 - 04:51

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-5 Additional information for
APPLE-SA-2016-12-12-1 iOS 10.2

iOS 10.2 addresses the following:

Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634:...

APPLE-SA-2016-12-13-4 iCloud for Windows v6.1

14 December, 2016 - 04:51

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-4 iCloud for Windows v6.1

iCloud for Windows v6.1 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple

WebKit
Available for: Windows 7 and...

APPLE-SA-2016-12-13-3 iTunes 12.5.4

14 December, 2016 - 04:50

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-3 iTunes 12.5.4

iTunes 12.5.4 is now available and addresses the following:

WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple

WebKit
Impact: Processing maliciously crafted web content may result in the
disclosure of process...

APPLE-SA-2016-12-13-2 Safari 10.0.2

14 December, 2016 - 04:50

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-2 Safari 10.0.2

Safari 10.0.2 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-7650: Erling Ellingsen...

APPLE-SA-2016-12-13-1 macOS 10.12.2

14 December, 2016 - 04:50

Posted by Apple Product Security on Dec 14

APPLE-SA-2016-12-13-1 macOS 10.12.2

macOS 10.12.2 is now available and addresses the following:

apache_mod_php
Available for: macOS Sierra 10.12.1
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: Multiple issues existed in PHP before 5.6.26. These were
addressed by updating PHP to version 5.6.26.
CVE-2016-7411
CVE-2016-7412
CVE-2016-7413
CVE-2016-7414
CVE-2016-7416
CVE-2016-7417...

MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free

14 December, 2016 - 04:50

Posted by Berend-Jan Wever on Dec 14

Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirty-first entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161213001.html. There you can find a repro
that triggered this issue in addition to the information below.

If you find these releases useful, and would like to help me make time
to continue releasing this kind...

Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability

14 December, 2016 - 04:49

Posted by hyp3rlinx on Dec 14

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTION-VULNERABILITY.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.adobe.com

Product(s):
=============================
Adobe Animate
15.2.1.95 and earlier versions

Adobe Animate (formerly Adobe Flash Professional, Macromedia Flash, and
FutureSplash Animator) is a multimedia...

SQL injection in Joomla extension DT Register

13 December, 2016 - 04:52

Posted by Elar Lang on Dec 13

Title: SQL injection in Joomla extension DT Register
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: SQL injection
Vulnerable version: before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5)
CVE: pending
Full Disclosure URL:
https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html
Vendor: DTH Development
* Vendor URL: http://www.dthdevelopment.com/
Product: DT Register "Calendar & Event Registration"...

APPLE-SA-2016-12-12-3 tvOS 10.1

12 December, 2016 - 16:27

Posted by Apple Product Security on Dec 12

APPLE-SA-2016-12-12-3 tvOS 10.1

tvOS 10.1 is now available and addresses the following:

Profiles
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)

Installation...

APPLE-SA-2016-12-12-2 watchOS 3.1.1

12 December, 2016 - 16:27

Posted by Apple Product Security on Dec 12

APPLE-SA-2016-12-12-2 watchOS 3.1.1

watchOS 3.1.1 is now available and addresses the following:

Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro

Profiles
Available for: All Apple Watch models
Impact: Opening a maliciously crafted...

APPLE-SA-2016-12-12-1 iOS 10.2

12 December, 2016 - 16:27

Posted by Apple Product Security on Dec 12

APPLE-SA-2016-12-12-1 iOS 10.2

iOS 10.2 is now available and addresses the following:

Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634: Davut Hari

Accessibility...

CVE-2013-3111: MSIE 9 IEFRAME CSelectionInteractButtonBehavior::_UpdateButtonLocation use-after-free

12 December, 2016 - 16:27

Posted by Berend-Jan Wever on Dec 12

Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirtieth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161212001.html. There you can find a repro
that triggered this issue in addition to the information below.

If you find these releases useful, and would like to help me make time
to continue releasing this kind of...

Apple iOS/tvOS/watchOS Remote memory corruption through certificate file

12 December, 2016 - 14:58

Posted by [CXSEC] on Dec 12

Apple iOS/tvOS/watchOS Remote memory corruption through certificate file
Source: https://cxsecurity.com/issue/WLB-2016110046

------------------------------------------------------------
--------------------------
0. Short description
Special crafted certificate file may lead to memory corruption of several
processes and the vector attack may be through Mobile Safari or Mail app.
Attacker may control the overflow through the certificate length in...

Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability

11 December, 2016 - 03:55

Posted by Summer of Pwnage on Dec 11

------------------------------------------------------------------------
Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP
Object injection vulnerability
------------------------------------------------------------------------
Remco Vermeulen, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A PHP Object injection...