Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 2 min 2 sec ago

Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1

20 April, 2016 - 15:07

Posted by research () rv3lab org on Apr 20

###################################################

01. ### Advisory Information ###

Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly
Webshare) v1.3.1
Date published: 2016-15-04
Date of last update: 2014-03-04
Vendors contacted: Oliver (formerly Webshare) v1.3.1
Discovered by: Rv3Laboratory [Research Team]
Severity: Medium

02. ### Vulnerability Information ###

CVE reference: CVE-2014-2710
VU#279207
OVI-2016-7982
CVSS v2 Base...

[ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability

20 April, 2016 - 15:07

Posted by ERPScan inc on Apr 20

Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-005]
Risk: Medium
Advisory URL:...

[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability

20 April, 2016 - 15:07

Posted by ERPScan inc on Apr 20

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2234918
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-004]
Risk: Medium
Advisory URL:...

Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege

20 April, 2016 - 15:07

Posted by Stefan Kanthak on Apr 20

Hi @ll,

the executable installers of G-Data's "security" products for
Windows, available from <https://www.gdata.de/downloads>, allow
escalation of privilege!

The downloadable executables are self-extractors containing the
real executable installer as resource: they create the subdirectory
%TEMP%\{guidguid-guid-guid-guid-guidguidguid}
using another resource containing the hardcoded value of this GUID,
extract the real...

Announcing NorthSec 2016 - Montreal, May 19-22

16 April, 2016 - 08:32

Posted by Pierre-David / NorthSec Conference on Apr 16

www.nsec.io - northsec.eventbrite.ca

NorthSec 2016, one of the biggest applied security event in Canada, coming up in Montreal May 17-22, with 2 days of
intense training sessions, followed by a 2-day technical conference and the largest 48h on-site CTF.

-------- Training Sessions --------
There are still a few seats available in our Training Sessions
https://www.nsec.io/training-sessions/

* Modern Object-Oriented Malware Reverse Engineering...

Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability

16 April, 2016 - 08:32

Posted by Sandro Poppi on Apr 16

Abstract
--------
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting
Vulnerability
Affected Version: MSHTML.DLL 11.0.9600.18231 and probably below on
Windows 7 SP1
Vendor Homepage: http://www.microsoft.com
Severity: high
Status: fixed
CVE-ID: CVE-2016-0160

Description
-----------
Microsoft Internet Explorer 11 ships with MSHTML.DLL referencing various
DLLs which are not present on a Windows 7 SP1 installation, Windows 10
is not...

[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues

16 April, 2016 - 08:32

Posted by ERPScan inc on Apr 16

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-003]
Risk: Hight
Advisory URL:...

[ERPSCAN-16-002] SAP HANA - log injection and no size restriction

15 April, 2016 - 09:26

Posted by ERPScan inc on Apr 15

Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP HANA
Advisory ID: [ERPSCAN-16-002]
Risk: Hight
Advisory URL:...

[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability

15 April, 2016 - 09:26

Posted by ERPScan inc on Apr 15

Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-001]
Risk: Hight
Advisory URL:...

PfSense Community Edition Multiple Vulnerabilities

15 April, 2016 - 09:25

Posted by Francesco Oddo on Apr 15

( , ) (,
. '.' ) ('. ',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_=''"''=....

Re: end of useable crypto in browsers?

15 April, 2016 - 09:25

Posted by Tony Arcieri on Apr 15

On Sat, Apr 9, 2016 at 2:34 AM, Árpád Magosányi <mag () magwas rulez org>
wrote:

Using X.509 client certificates with browsers has a *huge* problem: they
don't follow the same-origin policy, and <keygen> was not designed for this
in mind. Without following SOP, browsers wind up doing a terrible thing:
prompting the user to select which TLS client cert/key to use with a
particular web site. This is bad for both UX and...

Re: end of useable crypto in browsers?

15 April, 2016 - 09:25

Posted by Sebastian on Apr 15

Am 2016-04-14 16:19, schrieb Reindl Harald:

I don't. But even if you roll your own CA, you'll have a hard time
avoiding someone with a wildcard CA (updater, every other page you open,
...). Also, to use <keygen> you need to have a secure connection
beforehand (or use http, which would make every MITM happy). Now it is
possible to work around this, too, but then you may as well use fully
encrypted channel.

The actual point...

Re: end of useable crypto in browsers?

15 April, 2016 - 09:25

Posted by Reindl Harald on Apr 15

Am 14.04.2016 um 00:54 schrieb Sebastian:

how do you come to the conclusion that you need any 3rd party CA for a
client certificate which you accept on your server?

AST-2016-005: TCP denial of service in PJProject

14 April, 2016 - 17:23

Posted by Asterisk Security Team on Apr 14

Asterisk Project Security Advisory - AST-2016-005

Product Asterisk
Summary TCP denial of service in PJProject
Nature of Advisory Crash/Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Critical...

AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk

14 April, 2016 - 17:23

Posted by Asterisk Security Team on Apr 14

Asterisk Project Security Advisory - AST-2016-004

Product Asterisk
Summary Long Contact URIs in REGISTER requests can crash
Asterisk
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions...

Call for Papers for 4th Balkan Computer Congress – BalCCon2k16

14 April, 2016 - 08:56

Posted by Milos Krasojevic on Apr 14

Call for Papers for 4th Balkan Computer Congress – BalCCon2k16

09|10|11 September 2016, Novi Sad, Vojvodina, Serbia, Europe, Earth,
Milky Way

The BalCCon2k16 staff are now soliciting papers to be presented at our
BalCCon2k16 Congress to be held 09 - 11th September in Novi Sad, Serbia.
The CfP in open until 1st July 2016.

https://balccon.org

The Event

Balkan Computer Congress is an annual three days gathering of the
international hacker...

Re: end of useable crypto in browsers?

14 April, 2016 - 08:56

Posted by Sebastian on Apr 14

Hey,

That's true. But the keygen element is flawed by the known-broken CA
system(*) and you can't build a secure house on a broken foundation. You
could check whether the certificate for your site is issued by your CA,
but if the can issue certificates they could simply attack your browsers
updater. Our only hope for truly secure communication are tools like pgp
combined with anonymity through for example TOR or freenet (not the...

Re: end of useable crypto in browsers?

14 April, 2016 - 08:55

Posted by Árpád Magosányi on Apr 14

No doubt keygen have its problems. But there should be a bit more reason
for entirely removing a technology which is needed than "it is not
mature enough yet".
One reason that the whole symmetric crypto technology could not mature
because getting key deployment right is not a straightforward task
(fscked up trust relationship did not help either, but that is an issue
which we can work around. With smart key management. Oh, wait...) ....

Re: end of useable crypto in browsers?

14 April, 2016 - 08:55

Posted by Sebastian on Apr 14

Hey,

to put it simply: No.

The real problem is that no one is using it. Yes, it is pretty secure,
but its too much trouble for most users (try to log in from your phone)
and also a baseless PITA for most server operators. It's also not good
for business (you need to be able to restore the certificate easily,
have multiple devices, all your servers need https ...). To make matters
worse many browser don't even bother supporting it...

Re: end of useable crypto in browsers?

14 April, 2016 - 08:55

Posted by Seth Arnold on Apr 14

The only TLS client certificate authentication I see on a regular basis
is for CertFP use for IRC nickserv authentication and OpenVPN. Trying to
use a browser to perform either of these actions would be awkward at best.

What application or service do you know of that uses TLS client
authentication that requires browser integration? If you can demonstrate
users who will be affected they may be more amenable to your claims. (I
suspect the browser...