Security News

Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936]

Full Disclosure - 15 September, 2016 - 14:34

Posted by Nightwatch Cybersecurity on Sep 15

Original at:
https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmission-of-data-in-android-applications-developed-with-adobe-air-cve-2016-6936/

Summary

Android applications developed with Adobe AIR send data back to Adobe
servers without HTTPS while running. This can allow an attacker to
compromise the privacy of the applications’ users. This has been fixed
in Adobe AIR SDK release v23.0.0.257.

Details

Adobe AIR is a...

Multiple vulnerabilities in ASUS RT-N10

Full Disclosure - 15 September, 2016 - 14:34

Posted by MustLive on Sep 15

Hello list!

There are multiple vulnerabilities in ASUS Wireless Router RT-N10. There are
Code Execution, Cross-Site Scripting and URL Redirector Abuse
vulnerabilities.

-------------------------
Affected products:
-------------------------

Vulnerable are the next models: ASUS RT-N10, RT-N10E, RT-N10LX and RT-N10U
with different versions of firmware. I checked in RT-N10 with firmware
version 1.9.2.7.

Asus ignored vulnerabilities in RT-G32,...

Keypatch v2.0 is out!

Full Disclosure - 15 September, 2016 - 14:34

Posted by Nguyen Anh Quynh on Sep 15

Greetings,
(cc: Thanh Nguyen, VNSecurity)

We are excited to release Keypatch 2.0, a better assembler for IDA Pro!

This new version of Keypatch brings some important features, as follows.

- Fix some issues with ARM architecture (including Thumb mode)
- Better support for Python 2.6 & older IDA versions (confirmed to work on
IDA 6.4)
- Save original instructions (before patching) in IDA comments.
- NOP padding also works when new instruction...

Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )

Full Disclosure - 15 September, 2016 - 14:34

Posted by Mark Koek on Sep 15

Well, 'remote root'... The PoC asks for a working MySQL user name and
password.

And I don't really get how that account can re-set the logfile location
without SUPER privileges?

Am I wrong in thinking that this is really "just" a MySQL admin -> root
privilege escalation? Don't get me wrong, still a very nice exploit, but...

Mark

Re: Brute force every Samsung repair customer's info with ease

Full Disclosure - 15 September, 2016 - 14:34

Posted by Justa Person on Sep 15

Either Samsung reads this list or they just have great timing. Just shy of
three weeks later they responded asking for more information. Hope they
close it soon.

Security Advisory -- Multiple Vulnerabilities - MuM Map Edit

Full Disclosure - 15 September, 2016 - 14:34

Posted by Paul Baade on Sep 15

# Security Advisory -- Multiple Vulnerabilities - MuM Map Edit

## Product

Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH
Product: MapEdit
Affected software version: 3.2.6.0

MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and
regional governmental infrastructures to provide geodata to the population. It consists of a
silverlight client and a C#.NET backend. The...

Re: Brute force every Samsung repair customer's info with ease

Full Disclosure - 15 September, 2016 - 14:34

Posted by Justa Person on Sep 15

Sure..Was having one heck of a time figuring out the proper number to enter
into the web form for my own repair and got to thinking about how terrible
it seemed to disclose all that info based on just a ticket number and
telephone number..And that I had tried a LOT of combinations from the info
they had given me unsuccessfully without any lockout or anything. Putting
those together I was able to do about 500 guesses/minute with that ugly
code....

Re: Brute force every Samsung repair customer's info with ease

Full Disclosure - 15 September, 2016 - 14:34

Posted by Nick on Sep 15

You wish to give anymore info on how u came cross this? Please.

Ta

APPLE-SA-2016-09-14-1 iOS 10.0.1

Full Disclosure - 15 September, 2016 - 14:30

Posted by Apple Product Security on Sep 15

APPLE-SA-2016-09-14-1 iOS 10.0.1

iOS 10.0.1 is now available and addresses the following:

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4655: Citizen Lab and Lookout

iOS 10.0.1 also includes the security content of iOS 10....

APPLE-SA-2016-09-13-3 watchOS 3

Full Disclosure - 15 September, 2016 - 14:29

Posted by Apple Product Security on Sep 15

APPLE-SA-2016-09-13-3 watchOS 3

watchOS 3 is now available and addresses the following:

GeoServices
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermès
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719 : Razvan Deaconescu, Mihai Chiroiu (University...

APPLE-SA-2016-09-13-2 Xcode 8

Full Disclosure - 15 September, 2016 - 14:29

Posted by Apple Product Security on Sep 15

APPLE-SA-2016-09-13-2 Xcode 8

Xcode 8 is now available and addresses the following:

otool
Available for: OS X El Capitan 10.11.5 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4704 : Shrek_wzw of Qihoo 360 Nirvan Team
CVE-2016-4705 : riusksk of Tencent Security Platform...

APPLE-SA-2016-09-13-1 iOS 10

Full Disclosure - 15 September, 2016 - 14:29

Posted by Apple Product Security on Sep 15

APPLE-SA-2016-09-13-1 iOS 10

iOS 10 is now available and addresses the following:

Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for...

Bugtraq: [SECURITY] [DSA 3666-1] mysql-5.5 security update

Security Focus Vulnerabilities - 15 September, 2016 - 12:00
[SECURITY] [DSA 3666-1] mysql-5.5 security update

Deep down the certificate pinning rabbit hole of "Tor Browser Exposed"

Daily Dave - 15 September, 2016 - 11:36

Posted by Ryan Duff on Sep 15

Hey everyone,

I spent a decent portion of my day looking into the claim by the Tor-Fork
developer that you could get cross-platform RCE on Tor Browser if you're
able to both MitM a connection and forge a single TLS certificate for
addons.mozilla.org. This is well within the capability of any decently
resourced nation-state. Definitely read @movrcx's write-up first to see his
claim. It's here:...

Re: The difference between block-based fuzzing and AFL

Daily Dave - 15 September, 2016 - 11:28

Posted by Michal Zalewski on Sep 15

I don't look at the it this way.

To put it bluntly, the overriding principle behind AFL is that it
intentionally takes away choice and forces you to simplify problems
instead of complicating the test suite.

Quite often, that's the right thing to do, even if it *feels*
insulting or wrong to a pro. There are fuzzing frameworks that are
incredibly flexible and expressive, allowing you to create complex
protocol specs, fiddle with dozens...

ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities

Bug Traq - 15 September, 2016 - 11:14

Posted by EMC Product Security Response Center on Sep 15

EMC Identifier: ESA-2016-094
CVE Identifier: CVE-2016-0923, CVE-2016-0924

Affected Products:
• RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5
• RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.9

Unaffected Products:
• RSA BSAFE Micro Edition Suite (MES) 4.1.5
• RSA BSAFE Micro Edition Suite (MES) 4.0.9
• RSA BSAFE SSL-C all versions

Summary:
RSA announces...

Cisco EPC 3925 Multiple Vulnerabilities

Bug Traq - 15 September, 2016 - 04:54

Posted by msg on Sep 15

# Title: Cisco EPC 3925 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco EPC3925 (EuroDocsis 3.0 2-PORT Voice Gateway)
# Date: 15.09.2016
# Author: Patryk Bogdan

========

Vulnerability list:
1. HTTP Response Injection via 'Lang' Cookie
2. DoS via 'Lang' Cookie
3. DoS in Wireless Client List via 'h_sortWireless'
4. (Un)authorized modem restart (Channel Selection)
5. CSRF
6....

Bugtraq: [security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass

Security Focus Vulnerabilities - 15 September, 2016 - 04:35
[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass

Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936]

Bug Traq - 15 September, 2016 - 02:33

Posted by research on Sep 15

Original at:
https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmission-of-data-in-android-applications-developed-with-adobe-air-cve-2016-6936/

Summary

Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can
allow an attacker to compromise the privacy of the applications’ users. This has been fixed in Adobe AIR SDK release
v23.0.0.257.

Details

Adobe AIR is...

Bugtraq: [security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure

Security Focus Vulnerabilities - 15 September, 2016 - 02:20
[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure
Syndicate content