Posted by bashis on Jan 03
Greetings,
Twice I tried to use the QNAP Web page (https://aid.qnap.com/event/_module/nas/safe_report/) for reporting
vulnerability, and twice I got mailer-daemon back.
So, I’ll post my vulnerabilities here instead (Was not meant to be 0-day… whatever).
Have a nice day (and happy new year)
/bashis
==================
1) [Heap overflow]
==================
Path: /home/httpd/cgi-bin/cgi.cgi
u = valid user [guest|admin]
1.1)
/* Remote */…
Posted by jlss on Jan 03
=====[ Tempest Security Intelligence – ADV-3/2016 CVE-2016-6283
]==============
Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
—————————————————————-
Author(s):
– Jodson Santos
– jodson.santos () tempest com br
Tempest Security Intelligence – Recife, Pernambuco – Brazil
=====[ Table of Contents
]=====================================================
1….
Posted by filipe on Jan 03
=====[ Tempest Security Intelligence – ADV-7/2016
]=============================
Unsafe DLL search path in Audacity 2.1.2
Author: Felipe Xavier Oliveira < engfilipeoliveira89 () gmail.com >
Tempest Security Intelligence – Recife, Pernambuco – Brazil
=====[ Table of Contents
]======================================================
1. Overview
2. Detailed description
3. Further attack scenarios
4. Timeline of…
Posted by Dawid Golunski on Jan 03
Zend Framework < 2.4.11 Remote Code Execution (CVE-2016-10034)
zend-mail < 2.7.2
Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Desc:
An independent research uncovered a critical vulnerability in zend-mail, a
Zend Framework’s component that could potentially be used by (unauthenticated)
remote attackers to achieve remote arbitrary code execution in the context
of the web server user and remotely compromise…
Posted by psy on Jan 03
Dear list,
I have released a new Captcha Intruder (CINtruder) code. It includes a
complete Web User Interface (GUI) and some advanced features for:
update, manage dictionaries, etc.
If you’re not already familiar with CINtruder, please read the
DESCRIPTION section below.
[ DOWNLOAD ]
You can download the new Captcha Intruder here:
git clone https://github.com/epsylon/cintruder…
SoftMaker Office 201x suffers from a local privilege escalation vulnerability due to an unprotected directory.
SQL injection vulnerability in the “aWeb Cart Watching System for Virtuemart” extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.
PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes.
Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of
PCSC-Lite might result in denial of service or potentially privilege
escalation.