Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 12 min 24 sec ago

remote code execution when open a project in android studio that google refused to fix(still 0day)

21 December, 2020 - 18:44

Posted by houjingyi on Dec 21

Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0

When you open a project in android studio, if gradle-wrapper.properties set
distributionUrl=https\://
services.gradle.org/distributions/gradle-2.6-all.zip
<https://www.google.com/url?q=http://services.gradle.org/distributions/gradle-2.6-all.zip&sa=D&usg=AFQjCNHSuog_mDHXLFUDcfXdMkVSqzfLug>,
then android studio will download and extract gradle-2.6-all.zip, jar file
in...

SUPREMO Local privilege escalation

21 December, 2020 - 18:42

Posted by Adan Alvarez on Dec 21

Details
=======

Subject: Local Privilege Escalation
Product: SUPREMO by Nanosystems S.r.l.
Vendor Homepage: https://www.supremocontrol.com/
Vendor Status: fixed version released
Vulnerable Version: 4.1.3.2348 (No other version was tested, but it is
believed for the older versions to be also vulnerable.)
Fixed Version: 4.2.0.2423
CVE Number: CVE-2020-25106
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25106
Authors: Victor...

Defense in depth -- the Microsoft way (part 68): where compatibility means vulnerability

18 December, 2020 - 12:07

Posted by Stefan Kanthak on Dec 18

Hi @ll,

this post is a shortened version of
<https://skanthak.homepage.t-online.de/detour.html>

With Windows 2000 and Windows XP, Microsoft introduced the functions
SystemFunction035() alias RtlCheckSignatureInFile(),
SystemFunction036() alias RtlGenRandom(),
SystemFunction040() alias RtlEncryptMemory(), and
SystemFunction041() alias RtlDecryptMemory() in ADVAPI32.dll

Note: RtlCheckSignatureInFile() was never documented, it has the...

Rocket.Chat quietly patches XSS vulnerability

18 December, 2020 - 12:06

Posted by Moe Szyslak on Dec 18

Rocket.Chat has quietly fixed a stored XSS vulnerability in the following
commits:

https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021c
https://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9

Exploitation of this vulnerability is very straightforward by manipulating
a message attachment to contain a XSS payload either in the type or the
body.

No release of Rocket.Chat...

CA20201215-01: Security Notice for CA Service Catalog

18 December, 2020 - 12:06

Posted by Kevin Kotas via Fulldisclosure on Dec 18

CA20201215-01: Security Notice for CA Service Catalog

Issued: December 15, 2020
Last Updated: December 15, 2020

CA Technologies, a Broadcom Company, is alerting customers to a risk
with CA Service Catalog. A vulnerability can potentially exist in a
specific configuration that can allow a remote attacker to cause a
denial of service condition. CA published a solution and instructions
to resolve the vulnerability.

The vulnerability,...

Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718]

18 December, 2020 - 12:05

Posted by Georg Ph E Heise via Fulldisclosure on Dec 18

Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP

===============================================================================

Identifiers

-------------------------------------------------

CVE-2020-11718

Vendor

-------------------------------------------------

Balanc Shpk (https://bilanc.com)

Product

-------------------------------------------------

Programi Bilanc...

Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995]

18 December, 2020 - 12:05

Posted by Georg Ph E Heise via Fulldisclosure on Dec 18

Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key

===============================================================================

Identifiers

-------------------------------------------------

CVE-2020-8995

Vendor

-------------------------------------------------

Balanc Shpk (https://bilanc.com)

Product

-------------------------------------------------

Programi Bilanc

Affected...

Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections [CVE-2020-11717]

18 December, 2020 - 12:05

Posted by Georg Ph E Heise via Fulldisclosure on Dec 18

Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections

=============================================================================

Identifiers

-------------------------------------------------

CVE-2020-11717

Vendor

-------------------------------------------------

Balanc Shpk (https://bilanc.com)

Product

-------------------------------------------------

Programi Bilanc

Affected versions...

Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-11719]

18 December, 2020 - 12:05

Posted by Georg Ph E Heise via Fulldisclosure on Dec 18

Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key

===============================================================================

Identifiers

-------------------------------------------------

CVE-2020-11719

Vendor

-------------------------------------------------

Balanc Shpk (https://bilanc.com)

Product

-------------------------------------------------

Programi Bilanc

Affected...

Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password - CVE-2020-11720

18 December, 2020 - 12:05

Posted by Georg Ph E Heise via Fulldisclosure on Dec 18

Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password

===============================================================================

Identifiers

-------------------------------------------------

CVE-2020-11720

Vendor

-------------------------------------------------

Balanc Shpk (https://bilanc.com)

Product

-------------------------------------------------

Programi Bilanc

Affected versions...

SEC Consult SA-20201217-0 :: Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA)

17 December, 2020 - 06:44

Posted by SEC Consult Vulnerability Lab on Dec 17

SEC Consult Vulnerability Lab Security Advisory < 20201217-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Trend Micro InterScan Web Security Virtual Appliance (IWSVA)
vulnerable version: < IWSVA 6.5 SP2 EN Patch 4 Build 1919
fixed version: IWSVA 6.5 SP2 EN Patch 4 Build 1919
CVE number: CVE-2020-8461, CVE-2020-8462,...

APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-4 Additional information for
APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1

macOS Big Sur 11.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211931.

AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)...

APPLE-SA-2020-12-14-9 macOS Server 5.11

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-9 macOS Server 5.11

macOS Server 5.11 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211932.

Profile Manager
Available for: macOS Big Sur
Impact: Processing a maliciously crafted URL may lead to an open
redirect or cross site scripting
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation....

APPLE-SA-2020-12-14-8 Safari 14.0.2

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-8 Safari 14.0.2

Safari 14.0.2 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212007.

WebRTC
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-15969: an anonymous researcher...

APPLE-SA-2020-12-14-7 tvOS 14.3

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-7 tvOS 14.3

tvOS 14.3 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212005.

CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27948: JunDong Xie of Ant Security...

APPLE-SA-2020-12-14-6 watchOS 6.3

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-6 watchOS 6.3

watchOS 6.3 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212006.

Security
Available for: Apple Watch Series 1 and Apple Watch Series 2
Impact: Unauthorized code execution may lead to an authentication
policy violation
Description: This issue was addressed with improved checks.
CVE-2020-27951: Apple

Installation note:

Instructions on...

APPLE-SA-2020-12-14-5 watchOS 7.2

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-5 watchOS 7.2

watchOS 7.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212009.

CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27948: JunDong Xie of Ant...

APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001
Catalina, Security Update 2020-007 Mojave

macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212011.

AMD
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to execute...

APPLE-SA-2020-12-14-2 iOS 12.5

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-2 iOS 12.5

iOS 12.5 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212004.

Security
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Unauthorized code execution may lead to an authentication
policy violation
Description: This issue was addressed with improved checks....

APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3

15 December, 2020 - 12:32

Posted by Apple Product Security via Fulldisclosure on Dec 15

APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3

iOS 14.3 and iPadOS 14.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212003.

App Store
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An enterprise application installation prompt may display the
wrong domain
Description: A logic issue was addressed...