Posted by Guang Gong on Mar 16

#############################################################################
#
# QIHU 360 SOFTWARE CO. LIMITED http://www.360safe.com/
#
#############################################################################
#
# CVE ID: CVE-2015-1525
# Product: Android
# Vendor: Google
# Subject: A local application could cause a denial-of-service to the
audio_policy app
# Effect: cause a denial of service
# Author: Guang Gong
# Date: March…

Posted by Nick Boyce on Mar 16

Damn – that’s disappointing :-/
I see you’re right – there’s a lot of activity:
https://groups.google.com/group/rowhammer-discuss/

This post:
http://blog.erratasec.com/2015/03/some-notes-on-dram-rowhammer.html
explains that ECC is only going to correct single bit fails, and
likely crash the machine on double-bit fails, but that multi-bit fails
(which the Google tool achieves) may evade the ECC and achieve the
goal….

Posted by NSO Research on Mar 16

Posted by Mohamed A. Baset on Mar 16

# Exploit Title: Metasploit Project initial User Creation CSRF
# Google Dork: N/A
# Date: 14-2-2015
# Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh)
# Vendor Homepage: http://www.metasploit.com/
# Software Link:
http://www.rapid7.com/products/metasploit/editions-and-features.jsp
# Version: Free/Pro < 4.11.1 (Update 2015021901)
# Tested on: All OS
# CVE : N/A

Vulnerability:
Cross Site Request Forgery – (CSRF)

Info:…

Posted by Onur Alanbel on Mar 16

Document Title:
============
Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution

Release Date:
===========
12 Mar 2015

Product & Service Introduction:
========================
Citrix NetScaler AppFirewall is a comprehensive application security solution that blocks known and unknown attacks
targeting web and web services applications.

Abstract Advisory Information:
=======================
BGA Security Team discovered an HTTP…

Posted by halfdog on Mar 16

Hello list,

I guess this must be common knowledge somehow already, but although hidden in plain sight, it did not make it do me
yet. So [1] is just a very quick, dirty and incomplete writeup of thoughts how to use dmesg to

* Get knowledge about e.g. kernel task structure address
* Bypass ALSR in forking applications
* Get logging information from outside a chroot jail
* Get additional network information from iptables LOG target

hd

[1]…

Posted by Stefan Kanthak on Mar 16

Hi @ll,

since some time Mozilla Firefox and Thunderbird for Windows come with
a “maintenance service” (running privileged under the SYSTEM account):
<https://support.mozilla.org/en-US/kb/what-mozilla-maintenance-service>

The maintenanceservice_installer.exe (which is extracted into the
resp. installation directory) is executed during the end of the
Firefox/Thunderbird installation when the user has not deselected
the “[x]…

Posted by Stefan Kanthak on Mar 16

Hi @ll,

since Microsoft won’t — despite (hopefully not only) my constant
nagging and quite some bug reports about unquoted command lines
for more than a dozen years now — fix the BRAINDEAD behaviour
of Windows’ CreateProcess*() functions to play try&error instead
of returning on error to their caller when interpreting their
lpCommandLine argument which lets the BLOODY BEGINNER’s error
known as CWE-428 <…

Posted by Stefan Kanthak on Mar 16

Hi @ll,

the exploit shown here should be well-known to every
Windows administrator, developer or QA engineer.

In Microsoft’s own terms it doesn’t qualify as security
vulnerability since UAC is a security feature, not a
security boundary.

Preconditions:

* a user running as “protected Administrator” on Windows 7
and newer with standard UAC settings.

JFTR: this is the default for “out-of-the-box” installations…