Posted by MustLive on May 31

Hello list!

There is XML Injection vulnerability in multiple Hikvision IP cameras and
DVR. Earlier I wrote about Abuse of Functionality and Brute Force
vulnerabilities in multiple Hikvision IP cameras and DVR
(http://seclists.org/fulldisclosure/2015/Mar/161).

————————-
Affected vendors:
————————-

Hikvision
http://www.hikvision.com

————————-
Affected products:
————————-…

Posted by Zach C on May 31

Part 6 is live! We continue reversing the undocumented Netgear
firmware header by debugging the embedded HTTP server. We identify two
more fields, including an unknown checksum. A disassembly-to-python
reimplementation of the checksum algorithm is provided in this week’s
update to the example code.
Here’s a link:
http://shadow-file.blogspot.com/2015/05/abandoned-part-06.html

I forgot to include the link to part 5 in last week’s…

Posted by MustLive on May 31

Hello list!

I want to warn you about Cross-Site Scripting vulnerability in IBM Domino.
This is one from many vulnerabilities in Domino, which I’ve found at
03.05.2012. In previous years I wrote about multiple vulnerabilities in
Lotus Domino (http://securityvulns.ru/docs29277.html) and Lotus Notes
Traveler (http://securityvulns.ru/docs30224.html).

During 2012-2013 I informed IBM that have other holes in Domino (as this
XSS), besides…

Posted by vishnu raju on May 31

Hi List,
Greetings from Vishnu(@dH4Wk)

This is a responsible disclosure. Google brushed of this finding, as in
their point of view everything works as intended :-P..

*Summary*
Google’s OAuth is used by many third party vendors to authenticate their
users.

Condition for the bug to be exploited:
An active Google session

*Affected Parties*:
[1] Google users
[2] Third parties who use google OAuth

Affected Security Aspects
[1]…

Posted by NaxoneZ . on May 31

# Title: HTML Injection in dolibarr
# Author: Sergio Galán – @NaxoneZ
# Date: May 20,2015
# Vendor Homepage: *http://www.dolibarr.es/ <http://www.dolibarr.es/>*
# Vulnerable version: 3.5 / 3.6
# CVE: CVE-2015-3935

Dolibarr no properly escape untrusted data to prevent injection

[*] Page affected

– dolibarr-3.7.0/htdocs/societe/societe.php
– dolibarr-3.7.0/htdocs/societe/admin/societe.php

[*] Fields affected

– Bussiness Search…

Posted by Jose Antonio Rodriguez Garcia on May 31

Dear Full Disclosure community,

we are a group of security researchers doing our IT Security Master’s
Thesis at Universidad
Europea de Madrid.

As a part of the dissertation, we have discovered multiple vulnerability
issues on the following SOHO routers:

1. Observa Telecom AW4062
2. Comtrend WAP-5813n
3. Comtrend CT-5365
4. D-Link DSL-2750B
5. Belkin F5D7632-4
6. Sagem LiveBox Pro 2 SP
7. Amper Xavi 7968 and 7968+
8. Sagem Fast…

Posted by fG on May 31

Hi,

Most Mac models suffer from a critical vulnerability in the S3
suspend/resume cycle.
When they resume from a suspend cycle the BIOS flash protections are
removed and unlocked. This means the BIOS can be overwritten from userland
at that moment.
The Dark Jedi vulnerability achieved this by modifying the S3 boot script
but Apple’s implementation is even worse and the only requirement is to
put the computer to sleep.

Please refer to…

Posted by Gergely Eberhardt on May 31

Overwiew
——–
SEARCH-LAB performed an independent security assessment on four
different D-Link devices. The assessment has identified altogether 53
unique vulnerabilities in the latest firmware (dated 30-07-2014).
Several vulnerabilities can be abused by a remote attacker to execute
arbitrary code and gain full control over the devices. We list below
several of the problematic areas, where the most critical findings were
discovered:
-…

Posted by David Leo on May 31

Proof of concept:
http://www.deusen.co.uk/items/iwhere.9500182225526788/
It works on fully patched versions of iOS and OS X.
How it works:
Just keep trying to load the web page of target domain.

How We Got It:
Safari changes address bar to new URL,
BEFORE new content is loaded.

BestSec
http://www.deusen.co.uk/items/bestsec/
We like it. We read it.

Kind Regards,