CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection

Posted by Timo Juhani Lindfors on May 03

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
——————————————————————–

Affected products
=================

At least Zabbix Agent 1:3.0.1-1+wheezy from
http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions
were not tested.

Background
==========

“Zabbix agent is deployed on a monitoring target to actively monitor
local resources and applications (hard…

CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)

Posted by Simon Lees on May 03

Hi
This is a disclosure of the following issue that was raised a week ago
on the distro’s mailing list. Both bugs on the gnome bugtracker are
currently private and should be made public now. The two attached
patches are based off the 2.9.3 libxml2 release.

A couple of weeks back while working on a related bug [CVE-2016-3627] I
discovered a specially created xml file is capable of triggering a stack
overflow before libxml2 can detect its a…

CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*

Posted by Hans Jerry Illikainen on May 03

Details
=======

An integer wrap may occur in PHP 7.x before version 7.0.6 when reading
zip files with the getFromIndex() and getFromName() methods of
ZipArchive, resulting in a heap overflow.

php-7.0.5/ext/zip/php_zip.c
,—-
| 2679 static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */
| 2680 {
| ….
| 2684 struct zip_stat sb;
| ….
| 2689 zend_long len = 0;
| ….
| 2692 zend_string *buffer;
| ….
| 2702…

CONFidence – May, 19-20th, Krakow – join the biggest hacker meeting in Poland!

Posted by Aleksandra Woźniak on May 03

CONFidence 2016 <http://2016.confidence.org.pl/en/> is coming soon. Underground
subjects, the best specialists and over 10 years of experience –
#haveCONFidence, we won’t let you down.

When and where?

May 19-20th, 2016, Forum Hotel, Krakow, Poland

Imagine mysterious, dark lobbies of an abandoned hotel and over 400
enthusiasts who share their secret knowledge on the most thrilling topics
in IT security.

Fell the unique vibe of…

Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream

Posted by Stefan Kanthak on May 03

Hi @ll

despite better knowledge and MULTIPLE bug/vulnerability reports
(see <https://bugzilla.mozilla.org/show_bug.cgi?id=811557>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=809373>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=579593>, …)
Mozilla continues to ship Firefox and Thunderbird for Windows with
a vulnerable executable installer.

Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. visit <…

New BlackArch Linux ISOs (2016.04.28) and Installer released

Posted by Black Arch on May 03

Dear list,

We’ve released the new BlackArch Linux ISOs along with the new
installer. They include more than 1400 tools and come with lots of
improvements. The armv6h and armv7h repositories are filled with about
1300 tools.

A short ChangeLog of the Live-ISOs:

– added new (improved) BlackArch Linux installer
– include linux kernel 4.5.1
– added new blackarch linux installer
– fixed an EFI boot issue
– fixed the well-known…

Observium Commercial – CSRF & Authenticated Code Execution

Posted by Dolev Farhi on May 03

# Exploit title: Observium Commercial – CSRF & Authenticated Code Execution
# Date: 28-04-2016
# Vendor homepage: http://observium.org/
# Software version: CE 0.16.7533
Authenticated remote code execution
Using either CSRF or by editing the whois binary field in the Observium webui under Settings-> System Path, an attacker
may also change the Path to either [whois, mtr, nmap] to any bash command, and by hitting the url:…