Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 11 min 44 sec ago

Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21

1 December, 2016 - 13:09

Posted by Pierre-David Oriol - Northsec Conference on Dec 01

www.nsec.io - northsec.eventbrite.ca

NorthSec 2017, one of the biggest applied security event in Canada,
coming up in Montreal in May 2017:

May 16-17 - Professional Training Sessions - Syllabus Announced Soon
May 18-19 - Security Conference & Workshops
May 19-21 - The biggest 48H on-site CTF in North America, with 350+ attendees

* We are looking for great speakers to submit to our 2017 CFP at
http://www.nsec.io/cfp

Subjects covered range...

CVE-2015-6168: MS Edge CMarkup::EnsureDeleteCFState use-after-free details

1 December, 2016 - 13:09

Posted by Berend-Jan Wever on Dec 01

As I am sure you are by now well aware, in November I decided to start
releasing details on all vulnerabilities I found in web-browsers that I
had not released before. As I was unable to publish all of them within a
single month, I will try to continue to publish all my old
vulnerabilities, including those not in web-browser, as long as I can
find some time to do so. If you find this information useful, you can
help me make some time available by...

[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues

1 December, 2016 - 13:09

Posted by FOXMOLE Advisories on Dec 01

=== FOXMOLE - Security Advisory 2016-05-02 ===

e107 Content Management System (CMS) - Multiple Issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Affected Versions
=================
e107 2.1.2 Bootstrap CMS

Issue Overview
==============
Vulnerability Type: Multiple Vulnerabilities
Technical Risk: medium
Likelihood of Exploitation: medium
Vendor: e107
Vendor URL: http://www.e107.org
Credits: FOXMOLE employee Tim Herres
Advisory URL:...

Opera foreignObject textNode::removeChild use-after-free details

1 December, 2016 - 13:09

Posted by Berend-Jan Wever on Dec 01

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twenty-second entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

Due to the recent Firefox 0-day, I've selected a very old and not so
interesting bug for today, so you can...

Google Chrome Accessibility blink::Node corruption details

1 December, 2016 - 13:09

Posted by Berend-Jan Wever on Dec 01

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twenty-first entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161129001.html. There you...

Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on Activate via local Buffer Overflow Vulnerability (Wifi Network)

1 December, 2016 - 09:32

Posted by Vulnerability Lab on Dec 01

Title: Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on
Activate via local Buffer Overflow Vulnerability (Wifi Network)

URL: https://www.youtube.com/watch?v=yygvBJBFy4s

Ref: https://www.vulnerability-lab.com/get_content.php?id=2018

Note: Using the rotate function and night shift to merge the mask,
allows as well to bypass the protection for iOS v10.1.1 like in the
video demonstrated.

Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin

29 November, 2016 - 03:08

Posted by Summer of Pwnage on Nov 29

------------------------------------------------------------------------
Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160724-0027...

Re: Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability

28 November, 2016 - 15:35

Posted by Simon Waters (Surevine) on Nov 28

XSS in DHCP name has been reported on the Full Disclosure mailing list for other models of TP-Link Router before.

Seems to be generic to many TP-Link models.

My model has a regular line wrap to the DHCP hostname field, so you need to insert a comment into HTML or JS every N
characters into any exploit code, but it is fully exploitable, and you can write arbitrary JS in that space with a
little effort.

The attacker would have to inject...

CFP - BloomCON 0x02 - March 24-25, 2017 Bloomsburg, PA

28 November, 2016 - 15:34

Posted by Philip Polstra on Nov 28

The second BloomCON Forensics and Security conference will be held March
24-25, 2017 in Bloomsburg, PA (USA).

We are now officially accepting presentation and workshop submissions. We
will hosting multiple speaking and workshop tracks.

We are looking for talks of 25 or 50 minutes in length and 2-hr or 4-hr
workshops.

If you have something you would like to share please send the following to:
drphil () bloomcon com

* your name or...

[ndhXV] Call For Paper - 15th anniversary - 24-25 June 2017

28 November, 2016 - 15:27

Posted by Freeman on Nov 28

If you have some l33t skillz, just follow the link :
https://submit.hackerzvoice.net

For the lazy ones, just keep scrolling

CALL FOR PAPERS - #ndhXV - 15th anniversary - 24-25 June 2017

IN A NUTSHELL

Conference format : 45min, including 5 to 10min of Q&A
Submission : https://submit.hackerzvoice.net
Deadline : April 5th, 2017
Announcement : April 20th, 2017
Beer,...

CVE-2016-0063: MSIE 8-11 MSHTML DOMImplementation type confusion details

28 November, 2016 - 15:26

Posted by Berend-Jan Wever on Nov 28

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twentieth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161128001.html. There you...

SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic

28 November, 2016 - 07:24

Posted by SEC Consult Vulnerability Lab on Nov 28

SEC Consult Vulnerability Lab Security Advisory < 20161128-0 >
=======================================================================
title: Denial of service & heap-based buffer overflow
product: Guidance Software EnCase Forensic Imager & EnCase Forensic
vulnerable version: EnCase Forensic Imager<= 7.10
EnCase Forensic (tested with version 7.08.00.137)
fixed version: -...

Apple iOS 10.1 - Multiple Access Permission Vulnerabilities

28 November, 2016 - 06:17

Posted by Vulnerability Lab on Nov 28

Document Title:
===============
Apple iOS 10.1 - Multiple Access Permission Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2012

Apple Security ID: 648680301

Video1: https://www.youtube.com/watch?v=fY2Obtxk_Dg
Video2: https://www.youtube.com/watch?v=46CHjQxkKxk

Release Date:
=============
2016-11-17

Vulnerability Laboratory ID (VL-ID):
====================================
2012...

Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability

28 November, 2016 - 06:14

Posted by Vulnerability Lab on Nov 28

Document Title:
===============
Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1990

Release Date:
=============
2016-11-28

Vulnerability Laboratory ID (VL-ID):
====================================
1990

Common Vulnerability Scoring System:
====================================
3.5

Abstract Advisory Information:...

Burden TMA v2.1.1 - (Task) Persistent Web Vulnerability

28 November, 2016 - 06:13

Posted by Vulnerability Lab on Nov 28

Document Title:
===============
Burden TMA v2.1.1 - (Task) Persistent Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1998

Release Date:
=============
2016-11-26

Vulnerability Laboratory ID (VL-ID):
====================================
1998

Common Vulnerability Scoring System:
====================================
3

Product & Service Introduction:...

Schoolhos CMS v2.29 - userberita SQL injection Vulnerability

28 November, 2016 - 06:11

Posted by Vulnerability Lab on Nov 28

Document Title:
===============
Schoolhos CMS v2.29 - userberita SQL injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1932

Release Date:
=============
2016-11-22

Vulnerability Laboratory ID (VL-ID):
====================================
1932

Common Vulnerability Scoring System:
====================================
6.8

Product & Service Introduction:...

UCanCode multiple vulnerabilities

25 November, 2016 - 05:26

Posted by Carlo Di Dato on Nov 25

http://shinnai.altervista.org/exploits/SH-0025-20161123.html

---------------------------------------------------------------------
UCanCode multiple vulnerabilities

Url: http://www.hmi-software.com/
http://www.ucancode.net/index.htm
http://www.ucancode.net/bbs/zhuce/login.htm

Description: Form vendor's web page "UCanCode Software is a Market
Leading provider of HMI & SCADA, CAD, UML, GIS, Vector Graphics...

NEW VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability

25 November, 2016 - 05:26

Posted by VMware Security Response Center on Nov 25

??-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------
- -
VMware Security Advisory

Advisory ID: VMSA-2016-0021
Severity: Moderate
Synopsis: VMware product updates address partial information disclosure
vulnerability
Issue date: 2016-11-22
Updated on: 2016-11-22 (Initial Advisory)
CVE number: CVE-2016-5334

1. Summary...

NEW VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities

25 November, 2016 - 05:25

Posted by VMware Security Response Center on Nov 25

​​-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------
- ---
VMware Security Advisory

Advisory ID: VMSA-2016-0022
Severity: Important
Synopsis: VMware product updates address information disclosure
vulnerabilities
Issue date: 2016-11-22
Updated on: 2016-11-22 (Initial Advisory)
CVE number: CVE-2016-7458, CVE-2016-7459,...

[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)

25 November, 2016 - 05:23

Posted by Matthias Deeg on Nov 25

Advisory ID: SYSS-2016-107
Product: EASY HOME Alarmanlagen-Set
Manufacturer: monolith GmbH
Affected Version(s): Model No. MAS-S01-09
Tested Version(s): Model No. MAS-S01-09
Vulnerability Type: Cryptographic Issues (CWE-310)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2016-10-05
Solution Date: -
Public Disclosure: 2016-11-23
CVE Reference: Not yet assigned
Author of Advisory: Gerhard Klostermeier (SySS GmbH)...