Posted by Winni Neessen on Dec 01

XSS vulnerabilty in the tooltip plugin of Zurb Foundation 5.x
=============================================================

URL to this advisory: https://nop.li/foundation5tooltipxss

Vendor
======
http://zurb.com/

Product
=======
(Taken from http://foundation.zurb.com/sites/docs/v/5.5.3/)
Foundation is the most advanced, responsive front-end framework in the
world. The framework is mobile
friendly and ready for you to customize it any way you…

Posted by Kacper Szurek on Dec 01

# Exploit Title: WinPower V4.9.0.4 Privilege Escalation
# Date: 29-11-2016
# Software Link: http://www.ups-software-download.com/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# Category: local

1. Description

UPSmonitor runs as SYSTEM process.

We can communicate with monitor using RMI interface.

In manager app there’s an “Administrator” password check, but the password…

Posted by MustLive on Dec 01

Hello list!

After previous Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities, here are new ones. There are Cross-Site Request Forgery
vulnerabilities in D-Link DAP-1360 (Wi-Fi Access Point and Router).

————————-
Affected products:
————————-

Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be vulnerable.

D-Link should fix these…

Posted by Berend-Jan Wever on Dec 01

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
twenty-first entry in that series. Unfortunately I won’t be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161129001.html. There you…

Posted by Berend-Jan Wever on Dec 01

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
twenty-second entry in that series. Unfortunately I won’t be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

Due to the recent Firefox 0-day, I’ve selected a very old and not so
interesting bug for today, so you can…

Posted by FOXMOLE Advisories on Dec 01

=== FOXMOLE – Security Advisory 2016-05-02 ===

e107 Content Management System (CMS) – Multiple Issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Affected Versions
=================
e107 2.1.2 Bootstrap CMS

Issue Overview
==============
Vulnerability Type: Multiple Vulnerabilities
Technical Risk: medium
Likelihood of Exploitation: medium
Vendor: e107
Vendor URL: http://www.e107.org
Credits: FOXMOLE employee Tim Herres
Advisory URL:…

Posted by Berend-Jan Wever on Dec 01

As I am sure you are by now well aware, in November I decided to start
releasing details on all vulnerabilities I found in web-browsers that I
had not released before. As I was unable to publish all of them within a
single month, I will try to continue to publish all my old
vulnerabilities, including those not in web-browser, as long as I can
find some time to do so. If you find this information useful, you can
help me make some time available by…

Posted by Pierre-David Oriol – Northsec Conference on Dec 01

www.nsec.io – northsec.eventbrite.ca

NorthSec 2017, one of the biggest applied security event in Canada,
coming up in Montreal in May 2017:

May 16-17 – Professional Training Sessions – Syllabus Announced Soon
May 18-19 – Security Conference & Workshops
May 19-21 – The biggest 48H on-site CTF in North America, with 350+ attendees

* We are looking for great speakers to submit to our 2017 CFP at
http://www.nsec.io/cfp

Subjects covered range…

Posted by Rio Sherri on Dec 01

# Vulnerability Description:
# When the Eagle Speed software is installed a service with name ZDServ is
installed.
# The service itself has the right permissions which do not allow to
reconfigure the binary
# but the path the binary is writable by any authenticated user.
#
# C:Userslowpriv>sc qc zdserv
# [SC] QueryServiceConfig SUCCESS
#
# SERVICE_NAME: zdserv
# TYPE : 110 WIN32_OWN_PROCESS (interactive)
#…