Monthly Archives: August 2016

Security

Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution

This is an exploit against Samsung Security Manager that bypasses the patch in CVE-2015-3435 by exploiting the vulnerability against the client side. This exploit has been tested successfully against IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally, a traversal is used in the PUT request to upload the code just where we want it and gain Remote Code Execution as SYSTEM.

Full Disclosure

CVE-2016-6526 Possible Privilege Escalation in telecom of Samsung Mobile Phone

Posted by 0xr0ot on Aug 05

Description of the potential vulnerability:
Severity: Medium
Affected versions: L(5.0/5.1), M(6.0)
Reported on: May 11, 2016
Disclosure status: Privately disclosed.
A vulnerability in SpamCall Activity components of Telecom application can
make crash and reboot a device when the malformed serializable object is
passed.

Fix:
http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
SVE-2016-6242: Possible Privilege Escalation in telecom…

Full Disclosure

CVE-2016-6527 Possible Privilege Escalation in telecom of Samsung Mobile Phone

Posted by 0xr0ot on Aug 05

Hi,

Description of the potential vulnerability:
Severity: Medium
Affected versions: L(5.0/5.1), M(6.0)
Reported on: May 11, 2016
Disclosure status: Privately disclosed.
The vulnerability in SmartCall Activity components of Telecom application
can make crash and reboot a device when the malformed serializable object
is passed.

Fix:
http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
SVE-2016-6244: Possible Privilege Escalation in…

Full Disclosure

K2 (Joomla! Extension) < 2.7.1 – Reflected Cross Site Scripting

Posted by Manuel Mancera on Aug 05

================================================================
K2 Joomla! Extension < 2.7.1 – Reflected Cross Site Scripting
================================================================

Information
——————–
Name: K2 Joomla! Extension – Reflected Cross Site Scripting
Affected Software : K2
Affected Versions: < 2.7.1
Vendor Homepage : https://getk2.org/
http://extensions.joomla.org/extension/k2
Vulnerability Type :…

Full Disclosure

Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

Posted by Pedro Ribeiro on Aug 05

tl;dr

Lots of RCE, hardcoded credentials, stack buffer overflow and
information disclosure in the Nuuo NVRmini and other network video
recorders of the same vendor.
These vulnerabilities also affect the NETGEAR Surveillance app (which
can be installed on the NETGEAR ReadyNAS).

See the full advisory including PoC and exploits below, or at my github
(https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt).

Metasploit…

Full Disclosure

[SYSS-2016-063] VMware ESXi 6 – Improper Input Validation (CWE-20)

Posted by Matthias Deeg on Aug 05

Advisory ID: SYSS-2016-063
Product: VMware vSphere Hypervisor (ESXi)
Manufacturer: VMware, Inc.
Affected Version(s): VMware ESXi 6.0.0 build 3380124 (Update 1)
VMware vCenter Server 6.0 U2
Tested Version(s): VMware ESXi 6.0.0 build 3380124 (Update 1)
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2016-07-01
Solution Date: 2016-08-04
Public…

Full Disclosure

D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB

Posted by Benjamin Daniel Mussler on Aug 05

D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB
<http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html>

1. Affected Models/Versions
2. Summary
3. Technical Summary
4. Vulnerability Details
5. Exploitation / Proof of Concept
6. Timeline
7. See Also

########## 1. Affected Models/Versions ##########

The vulnerability was initially discovered on a **D-Link DNS-320 rev A**
device running **firmware version 2.05b8** (also known…