Fix for CVE-2017-5495
Monthly Archives: February 2017
POSNIC Unauthenticated Remote Code Execution
POSNIC versions prior to 1.03 suffer from a code execution vulnerability when set up to trust data from a compromised mysql instance.
secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server
Posted by Tobias Glemser on Feb 01
secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server
Affected Products
MailStore Server Version 10.0.1.12148 was tested
according to the vendor:
– MailStore 9.2 to 10.0.1 is affected by the Reflected XSS Vulnerability
– Mailstore 9.0 to 10.0.1 is affected by the Open Redirect Vulnerability
References
https://www.secuvera.de/advisories/secuvera-SA-2017-02.txt
CWE-79…
Kaspersky Lab Receives a Series of Best-in-Class AV-TEST Awards
Kaspersky Lab has received a series of “best in class” awards from independent IT security institute, AV-TEST, for its corporate and consumer solutions.
secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server
Posted by Tobias Glemser on Feb 01
secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server
Affected Products
MailStore Server Version 10.0.1.12148 was tested
according to the vendor:
– MailStore 9.2 to 10.0.1 is affected by the Reflected XSS Vulnerability
– Mailstore 9.0 to 10.0.1 is affected by the Open Redirect Vulnerability
References
https://www.secuvera.de/advisories/secuvera-SA-2017-02.txt
CWE-79…
Cross-Site Scripting vulnerability in Bitrix Site Manager
Posted by MustLive on Feb 01
Hello list!
There is Cross-Site Scripting vulnerability in Bitrix Site Manager.
————————-
Affected products:
————————-
Vulnerable was the last version of Bitrix Site Manager at 12.06.2015, when I
found this vulnerability on web site of Russian terrorists. At that time I
wrote at Facebook about hack by Ukrainian Cyber Forces of that site
http://on.fb.me/1H05ccm and published results of our work with it.
You…
QNAP NVR/NAS Heap / Stack / Heap Feng Shui overflow, and "Heack Combo" to pwn
Posted by bashis on Feb 01
[STX]
Subject: QNAP NVR/NAS Heap / Stack / Heap Feng Shui overflow, and “Heack Combo” to pwn
Researcher: bashis <mcw noemail eu> (January 2017)
Release date: February 1, 2017
Device Model: QNAP VioStor NVR, QNAP NAS, Fujitsu Celvin NAS (May be additional re-branded)
Attack Vector: Remote
Attack Models:
1. Classic Heap Overflows
2. Classic Stack Overflow
3. Heap Feng Shui Overflow
4. “Heack Combo” (Heap / Stack…
Viscosity for Windows 1.6.7 Privilege Escalation
Posted by Kacper Szurek on Feb 01
# Exploit Title: Viscosity for Windows 1.6.7 Privilege Escalation
# Date: 31.01.2017
# Software Link: https://www.sparklabs.com/
# Exploit Author: Kacper Szurek
# Contact: https://twitter.com/KacperSzurek
# Website: https://security.szurek.pl/
# Category: local
1. Description
It is possible to execute openvpn with custom dll as SYSTEM using
ViscosityService because path is not correctly validated….
Vulnerability Open Redirect LogicBoard CMS
Posted by Estación Informática on Feb 01
*Description:*
URL: mysite.com/forum/away.php?s=
Affected Component: /forum/away.php?s=
*Vulnerability Type:*
Vulnerability Open Redirect https://cwe.mitre.org/data/definitions/601.html
*Vendor of Product: *
LogicBoard CMS
*Version: *
3.0, 4.0, 4.1
*Attack Type: *
Remote
*Impact:*
A web application accepts a user-controlled input that specifies a link to
an external site, and uses that link in a Redirect. This simplifies
phishing attacks….
Popular PlayStation and Xbox Gaming Forums Hacked; 2.5 Million Users' Data Leaked
Do you own an account on one of the two hugely popular PlayStation and Xbox gaming forums?
Your details may have been exposed, as it has been revealed that the two popular video gaming forums, “XBOX360 ISO” and “PSP ISO,” has been hacked, exposing email addresses, account passwords and IP addresses of 2.5 Million gamers globally.
The attackers hacked and breached both “XBOX360 ISO” and “PSP