Posted by Programa STIC on Jul 25

Fundación Dr. Manuel Sadosky – Programa STIC Advisory
www.fundacionsadosky.org.ar

Heap memory corruption in ASN.1 parsing code generated by Objective
Systems Inc. ASN1C compiler for C/C++

1. *Advisory Information*

Title: Heap memory corruption in ASN.1 parsing code generated by
Objective Systems Inc. ASN1C compiler for C/C++
Advisory ID: STIC-2016-0603
Advisory URL:…

Posted by Elar Lang on Jul 25

Title: Reflected XSS in LinkedIn
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: Reflected XSS
Vendor: LinkedIn (https://www.linkedin.com/)

# Background

LinkedIn had reflected XSS vulnerability. It was at the end of 2013. I
made fulldisclosure now (middle of 2016) to point out and bring
attention to one frequent finding in pen-test cases: Request URI from
a client (browser) is expected to be always in correct URL encoding on…

Posted by Hans Jerry Illikainen on Jul 25

PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in
its `bzread()’ function:

php-7.0.8/ext/bz2/bz2.c
,—-
| 364 static PHP_FUNCTION(bzread)
| 365 {
| …
| 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data));
| 383 ZSTR_VAL(data)[ZSTR_LEN(data)] = ”;
| 384
| 385 RETURN_NEW_STR(data);
| 386 }
`—-

php-7.0.8/ext/bz2/bz2.c
,—-
| 210 php_stream_ops php_stream_bz2io_ops…

Posted by Nightwatch Cybersecurity on Jul 25

[Original here:
https://wwws.nightwatchcybersecurity.com/2016/07/21/advisory-amazons-silk-browser-on-the-kindle-didnt-use-ssl-for-google-search/]

Overview

Amazon supplies the Silk Browser for their line of Kindle tablets. The
browser includes a selection of three search engines, of which Google
was setup without SSL. Furthermore, the browser prevented automatic
redirection to the SSL version of Google’s main site when visiting it
directly….

Posted by Larry W. Cashdollar on Jul 25

Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Fixed: v1.1.7
Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva
Date: 2016-07-14
Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
Vendor: huge-it.com
Vendor Notified: 2016-07-15, fixed 2016-07-23
Vendor Contact: info () huge-it com
Description: The plugin allows you to add multiple images to the gallery, create…

Posted by James McLean on Jul 25

Bellini/Supercook Wi-Fi Yumi SC200 – Multiple vulnerabilities

Reported By:
==================================
James McLean –
Primary: james dot mclean at gmail dot com
Secondary: labs at juicedigital dot net

Device Overview:
==================================

“The Bellini.SUPERCOOK Kitchen Master is much more than a multifunctional
kitchen machine. It has 13 functions so not only saves a huge amount of
time, it also incorporates the…

Posted by Gergely Eberhardt on Jul 25

Hitron CGNV4 modem/router multiple vulnerabilities
————————————————–

Platforms / Firmware confirmed affected:
– Hitron CGNV4, 4.3.9.9-SIP-UPC
– Product page: http://www.hitrontech.com/en/cable_detail.php?id=62

Vulnerabilities
—————
Insecure session management
The web interface uses insecure cookies, which can be brute-forced
easily (e.g cookie: userid=0). If admin login is successful, the IP
address of…