Posted by Pedro Ribeiro on Dec 03
Hi,
This is part 9 of the ManageOwnage series. For previous parts see [1].
Today we have yet another 0 day – an arbitrary file download
vulnerability that be exploited unauthenticated in NetFlow Analyzer
and authenticated in IT360.
I’m releasing this as a 0 day because ManageEngine have been making a
fool out of me for 105 days. I have asked them “are you releasing a
fix soon?” at least a couple of times every month to which they…
Posted by Devsec Security Departament on Dec 03
57 million web pages are affected by a security problem in wix.com
Proof of concept of a web page made in wix.com:
http://www.itsec.cl/
to see the source code can observe the following:
…
Find the SEO content of this site’s homepage via
http://www.itsec.cl/?_escaped_fragment_=
(That is where search engines like Google go to read your homepage’s
content.)
…
tried to access an existing section and added a third invalid…
Posted by dash on Dec 03
h4ppy hello!
Intr0:
we have decided to not drive to hamburg this year, instead bringing up our own
conference in g00d 0ld berlin.
hack4 aims on tech talks and tech stuff – no politix.
even though we are looking for talks it is completely fine to just bring your
box put it on the table and connect it to the inet. spending whole time
exploring and discussing with (new) friends about networks, languages,
applications and how to break…
Posted by Hanno Böck on Dec 03
less out of bounds read access – TFPA 002/2014
https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
An out of bounds read access in the UTF-8 decoding can be triggered
with a malformed file in the tool less. The access happens in the
function is_utf8_well_formed (charset.c, line 534) due to a truncated
multibyte character in the sample file. It affects the latest upstream
less version 470. The bug does not crash…
Posted by Joshua Wright on Dec 03
I put together a Drozer module to leverage this flaw:
https://github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py
Note that this flaw can be used for SMS premium message (short code) delivery, but does not bypass the Android 4.2 and
later verification dialog box prior to delivery. Normal SMS message delivery works fine without the SEND_SMS privilege.
-Josh
Posted by A. W. on Dec 03
[+] Yii framework CmsInput extension [1] improper XSS sanitation
[+] Discovered by: Jos Wetzels
[+] Affects: Yii framework CmsInput extension <= version 1.2
Yii framework’s CmsInput extension versions 1.2 and prior suffer from
an improper XSS sanitation implementation, which has now been resolved
in cooperation with the author [2], introducing XSS vulnerabilities in
web applications developed by third-party framework users [3].
CmsInput…
[SECURITY] [DSA 3084-1] openvpn security update
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress