IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.
Monthly Archives: July 2015
Debian Security Advisory 3298-1
Debian Linux Security Advisory 3298-1 – It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as “http(s)” or “file”. Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.
Red Hat Security Advisory 2015-1206-01
Red Hat Security Advisory 2015-1206-01 – OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage’s API. A flaw was found in the cinder upload-to-image functionality. When processing a malicious qcow2 header cinder could be tricked into reading an arbitrary file from the cinder host.
CVE-2015-0192
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
CVE-2015-1914
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass “permission checks” and obtain sensitive information via vectors related to the Java Virtual Machine.
CVE-2015-1916
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.
CVE-2015-3202
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount’s debugging feature.
CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0
Posted by Alessandro Zala on Jul 02
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: Xpert.Line
# Vendor: Soreco AG [1]
# CVE ID: CVE-2015-3442
# Subject: Authentication Bypass
# Risk: Critical
# Effect: Remotely exploitable
# Author: Alessandro Zala (alessandro.zala () csnc ch)
#…
Re: Google Chrome Address Spoofing (Request For Comment)
Posted by Big Whale on Jul 02
Found this POC: musalbas/address-spoofing-poc
| |
| | | | | | | |
| musalbas/address-spoofing-pocaddress-spoofing-poc – Chrome address spoofing vulnerability proof-of-concept for HTTPS.
(Original by David Leo.) |
| |
| View on github.com | Preview by Yahoo |
| |
| |
On Thursday, July 2, 2015 9:21 AM, Valentinas Bakaitis <v.bakaitis () gmail com> wrote:
Can you perform any actions on the page once the URL…
Microsoft Office – OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied
Posted by Kevin Beaumont on Jul 02
All,
OLE Packager is a feature introduced in Windows 3.1, which ran “up to”
Windows XP: https://en.wikipedia.org/wiki/Object_Linking_and_Embedding
It is still present in every version of Microsoft Office, on every Windows
OS.
It allows you to embed any file into Office documents. It is also very
dangerous and there is no way to disable it.
To test, open Word 2010/2013 and select Insert -> Object -> Create from
File, and drop…