Posted by Rio Sherri on Oct 05

#!/usr/bin/python -w

# Title : WinRar Settings Import Command Execution

# Date : 02/10/2015

# Author : R-73eN

# Tested on : Windows 7 Ultimate

# Vulnerable Versions : Winrar < 5.30 beta 4

# The vulnerability exists in the “Import Settings From File” function.

# Since Settings file of Winrar are saved as a registry file and WinRar
executes

# it in an automatic way without checking if it is writing to the Registry
keys

# used…

Posted by Antonio Sanso on Oct 05

tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability (and more general a user interface spoofing).
Apple released security updates for Safari 9<https://support.apple.com/kb/HT205265> on OS X and assigned CVE-2015-5764.
Accidentally this vulnerability was also present in iOS.

Instant demo
In Safari up to 8.0.8 :

* go to https://asanso.github.io/CVE-2015-5764/file0.html
* click “click me!”
* notice…

Posted by Specto on Oct 05

Document Title
================
Tripwire IP360 VnE Remote Administrative API Authentication
Bypass/Privilege Acquisition Vulnerability

Affected Products
===================
Vendor: Tripwire
Software/Appliance: IP360 VnE Vulnerability Manager
Affected (verified) versions: v7.2.2 -> v7.2.5

CVE
=====
CVE-2015-6237

CVSS
=======
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O/RC:C
Base Score: 10.0
Temporal Score: 9.5

Rating
=========
Critical…

Posted by Uni Sec on Oct 05

Could you be a little more clear with the process for number 5, the account hijack and contact import? Isn’t
intercepting the 5-digit code sufficient to gain account takeover?
-J

<snip>

Posted by Haifei Li on Oct 05

This is a copied version of my blog post, original version
http://justhaifei1.blogspot.com/2015/10/watch-your-downloads-risk-of-auto.html.Probably it’s commonly known that when
you try to download something on your modern browser e.g. Google Chrome or Microsoft Edge, the file will be downloaded
automatically to your local system with just a simple clicking – no need for additional confirmations. With default
settings, the file will be…

Posted by Qualys Security Advisory on Oct 05

(Sorry for the “CVE-2015-ABCD” place-holders in the report, but
OpenSMTPD’s developers were ready with the patches before MITRE was
ready with the CVE-IDs.)

Qualys Security Advisory

OpenSMTPD Audit Report

========================================================================
Contents
========================================================================

Summary
Approach
Local Vulnerabilities
Remote Vulnerabilities…

Posted by xistence on Oct 05

Exploit Title: ManageEngine ServiceDesk Plus <= 9.1 build 9110 – Path
Traversal
Product: ManageEngine ServiceDesk Plus
Vulnerable Versions: 9.1 build 9110 and previous versions
Tested Version: 9.1 build 9110 (Windows)
Advisory Publication: 03/10/2015
Vulnerability Type: Unauthenticated Path Traversal
Credit: xistence <xistence[at]0x90.nl>

Product Description
——————-

ServiceDesk Plus is an ITIL ready IT help desk software…