Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 7 min 9 sec ago

Re: end of useable crypto in browsers?

14 April, 2016 - 08:55

Posted by Árpád Magosányi on Apr 14

No doubt keygen have its problems. But there should be a bit more reason
for entirely removing a technology which is needed than "it is not
mature enough yet".
One reason that the whole symmetric crypto technology could not mature
because getting key deployment right is not a straightforward task
(fscked up trust relationship did not help either, but that is an issue
which we can work around. With smart key management. Oh, wait...) ....

Re: end of useable crypto in browsers?

14 April, 2016 - 08:55

Posted by Sebastian on Apr 14

Hey,

to put it simply: No.

The real problem is that no one is using it. Yes, it is pretty secure,
but its too much trouble for most users (try to log in from your phone)
and also a baseless PITA for most server operators. It's also not good
for business (you need to be able to restore the certificate easily,
have multiple devices, all your servers need https ...). To make matters
worse many browser don't even bother supporting it...

Re: end of useable crypto in browsers?

14 April, 2016 - 08:55

Posted by Seth Arnold on Apr 14

The only TLS client certificate authentication I see on a regular basis
is for CertFP use for IRC nickserv authentication and OpenVPN. Trying to
use a browser to perform either of these actions would be awkward at best.

What application or service do you know of that uses TLS client
authentication that requires browser integration? If you can demonstrate
users who will be affected they may be more amenable to your claims. (I
suspect the browser...

DAVOSET v.1.2.8

14 April, 2016 - 08:55

Posted by MustLive on Apr 14

Hello participants of Mailing List.

After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I've made next update of the software. At 26th of March DAVOSET v.1.2.8 was
released - DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

GitHub:...

Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability

14 April, 2016 - 07:33

Posted by Vulnerability Lab on Apr 14

Document Title:
===============
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1821

Release Date:
=============
2016-04-14

Vulnerability Laboratory ID (VL-ID):
====================================
1821

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...

Webline CMS (2016Q2) - SQL Injection Vulnerability

13 April, 2016 - 05:21

Posted by Vulnerability Lab on Apr 13

Document Title:
===============
Webline CMS (2016Q2) - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1823

Release Date:
=============
2016-04-13

Vulnerability Laboratory ID (VL-ID):
====================================
1823

Common Vulnerability Scoring System:
====================================
7.4

Product & Service Introduction:
===============================...

[SE-2012-01] Yet another broken security fix in IBM Java 7/8

12 April, 2016 - 14:45

Posted by Security Explorations on Apr 12

Hello All,

We discovered that yet another fix for a security vulnerability in IBM
Java (Issue 70 [1] assigned CVE-2013-5456) we reported to the company
in 2013 hasn't been fixed properly.

Again, the actual root cause of the issue hasn't been addressed at all.
There were no security checks introduced anywhere in the code. The patch
primarily addressed the scenario illustrated by a Proof of Concept code.
It didn't take into account...

.NET Framework 4.6 allows side loading of Windows API Set DLL

12 April, 2016 - 13:09

Posted by Securify B.V. on Apr 12

------------------------------------------------------------------------
.NET Framework 4.6 allows side loading of Windows API Set DLL
------------------------------------------------------------------------
Yorick Koster, February 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A DLL side loading vulnerability was found in the .NET...

Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability

12 April, 2016 - 07:14

Posted by Vulnerability Lab on Apr 12

Document Title:
===============
Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1822

Release Date:
=============
2016-04-12

Vulnerability Laboratory ID (VL-ID):
====================================
1822

Common Vulnerability Scoring System:
====================================
8.9

Product & Service Introduction:...

end of useable crypto in browsers?

9 April, 2016 - 13:22

Posted by Árpád Magosányi on Apr 09

Hi,

This is not a security vulnerability in itself, "just" a trend
undermining the trust architecture of the whole internet :)

I think it is very important, and wonder why I don't see any discussion
of it. If this is not the right forum to discuss it, please direct me to
the right place.

The problem is:

Browser developers are dropping support for X509 key generation.
Yes, <keygen> have its problems. But window.crypto -...

Express Zip <= 2.40 Path Traversal

8 April, 2016 - 23:53

Posted by Rio Sherri on Apr 08

#!/usr/bin/python -w
# Title : Express Zip <= 2.40 Path Traversal
# Date : 07/04/2016
# Author : R-73eN
# Tested on : Windows Xp / Windows 7 Ultimate
# Software Link : http://www.nchsoftware.com/zip/
# Download Link: http://www.nchsoftware.com/zip/zipplus.exe
# Vulnerable Versions : Express Zip <= 2.40
# Express Zip doesn't validates " ..\ " which makes possible
# to do a path traversal attack which can be converted easily to...

Blind SQL injections in CivicRM

8 April, 2016 - 23:48

Posted by Simon Waters (Surevine) on Apr 08

CivicRM extends common CMS platforms (WordPress, Drupal) with a module to manage Civic campaigns, tracking donors,
amounts, and campaign CRM type activity.

I tested the WordPress integration of CivicRM 4.7b3 which was found to have blind SQL Injections that allow
authenticated users to download arbitrary database content.

The first was in the columns[0][data] parameter when querying a contact relationship in the AJAX query....

[CVE-2016-3971]DotCMS xss vulnerability

8 April, 2016 - 23:48

Posted by xiong piaox on Apr 08

Advisory: DotCMS xss vulnerability

Author: Piaox From Pingan Product Safety Group

Email: xiongyaofu351 () pingan com cn

Affected Version: dotCMS 3.5 Beta(the latest version)

Vulnerability Description

lucene_search.jsp

26 String query = request.getParameter("query");

27 if(!UtilMethods.isSet(query)){

28 query = "";

29 }

164 <div><strong><%= LanguageUtil.get(pageContext,...

[CVE-2016-3972]DotCMS Directory traversal vulnerability

8 April, 2016 - 23:48

Posted by xiong piaox on Apr 08

Advisory: DotCMS Directory traversal vulnerability

Author: Piaox From Pingan Product Safety Group

Email: xiongyaofu351 () pingan com cn

Affected Version: dotCMS 3.5 Beta(the latest version)

==========================

Vulnerability Description

Recetly, I found a Directory traversal vulnerability in ‘DotCMS'
program, DotCMS is widely used in many companies.

Vulnerable file is:...

WP Multiple Meta Box v1.0 - SQL Injection Vulnerability

8 April, 2016 - 06:47

Posted by Vulnerability Lab on Apr 08

Document Title:
===============
WP Multiple Meta Box v1.0 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1818

Release Date:
=============
2016-04-08

Vulnerability Laboratory ID (VL-ID):
====================================
1818

Common Vulnerability Scoring System:
====================================
5.8

Product & Service Introduction:...

AccelSite Content Manager v1.0 - SQL Injection Vulnerability

8 April, 2016 - 06:45

Posted by Vulnerability Lab on Apr 08

Document Title:
===============
AccelSite Content Manager v1.0 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1817

Release Date:
=============
2016-04-07

Vulnerability Laboratory ID (VL-ID):
====================================
1817

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:...

Monsta Box WebFTP 1.8.2 and below arbitrary file read and path traversal vulnerabilities

7 April, 2016 - 08:00

Posted by Imre RAD on Apr 07

Application
-----------
"MONSTA Box is a lightweight open-source file manager you can install on
your website or server * to easily manage your files through any browser."
(Description from the official website http://www.monstahq.com/)

Vulnerability
-------------
The Monsta Box WebFTP application supports file templates when creating
new files. The template parameter is part of the HTTP request so it is a
user input and it was not...

Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability

7 April, 2016 - 03:27

Posted by Vulnerability Lab on Apr 07

Document Title:
===============
Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1813

Release Date:
=============
2016-04-05

Vulnerability Laboratory ID (VL-ID):
====================================
1813

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability

7 April, 2016 - 03:24

Posted by Vulnerability Lab on Apr 07

Document Title:
===============
Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1811

Release Date:
=============
2016-04-05

Vulnerability Laboratory ID (VL-ID):
====================================
1811

Common Vulnerability Scoring System:
====================================
7.1

Product & Service Introduction:...

Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities

7 April, 2016 - 03:21

Posted by Vulnerability Lab on Apr 07

Document Title:
===============
Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web
Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1816

Release Date:
=============
2016-04-06

Vulnerability Laboratory ID (VL-ID):
====================================
1816

Common Vulnerability Scoring System:
====================================
7.4

Product & Service...