Category Archives: Full Disclosure

Full Disclosure

Re: Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe

Posted by fulldisclosure on Mar 07

Hi,

does this actually result in any vulnerability? If not, I feel like this
is the wrong place for posting “bug reports”. If this leads to security
issues, some sort of PoC would be interesting.

You also might consider to publish a *generic* advisory for your
innosetup related findings. I do not see any additional information for
the specific targets. It seems to be the very same finding for each
advisory.

This feels more like a…

[Tool] Docker Scan: Security analysis tools for Docker Images and Docker Registries

Posted by cr0hn on Mar 07

Dear colleagues,

Please, let me to introduce Docker Scan -> https://github.com/cr0hn/docke=
rscan

Docker Scan is a Docker security analysis tools for Docker Images and Doc=
ker Registries.

-=3D =46or registries =3D-

— Delete: Delete remote image / tag
— Info: Show info from remote registry
— Push: Push and image (like Docker client)
— Upload: Upload random a file

-=3D Docker Images =3D-

— Analyze: Looking for sensitive information…

WordPress audio playlist functionality is affected by Cross-Site Scripting

Posted by Summer of Pwnage on Mar 06

————————————————————————
WordPress audio playlist functionality is affected by Cross-Site
Scripting
————————————————————————
Yorick Koster, July 2016

————————————————————————
Abstract
————————————————————————
Two Cross-Site Scripting vulnerabilities exists…

Cross-Site Request Forgery in WordPress Press This function allows DoS

Posted by Summer of Pwnage on Mar 06

————————————————————————
Cross-Site Request Forgery in WordPress Press This function allows DoS
————————————————————————
Sipke Mellema, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Request Forgery (CSRF) vulnerability…

OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445)

Posted by Wolfgang on Mar 06

During my research about update mechanisms of open-source software I
discovered vulnerabilities in OpenElec.

== [ OVERVIEW ] ==

System affected: OpenElec
CVE: CVE-2017-6445
Vulnerable component: auto-update feature
Software-Version: 6.0.3, 7.0.1
User-Interaction: Reboot required
Impact: Remote Code Execution with root permission

== [ PRODUCT DESCRIPTION ] ==

According to its website “Open Embedded Linux…

CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility

Posted by Aromal Raj on Mar 06

Document Title:
===============
CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility

Vendor:
=======
Appneta (https://www.appneta.com/)

Product and Versions Affected:
==============================
Tcpreplay 4.1.2 and possibly prior.

Fixed Version:
==============
4.2.0 Beta 1

Product Description:
====================
Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under
Cygwin) operating systems…

CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility

Posted by Aromal Raj on Mar 06

Document Title:
===============
CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap
Etterfilter utility

Vendor:
=======
Ettercap (http://ettercap.github.io/ettercap/)

Product and Versions Affected:
==============================
Etterfilter 0.8.2 and possibly prior.

Vulnerability Type:
===================
Denial-of-Service

CVE Reference:
==============
CVE-2017-6430

Vulnerability Details:
======================
Etterfilter…

Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe

Posted by Stefan Kanthak on Mar 06

Hi @ll,

InnoSetup is BROKEN, it creates DEFECTIVE “portable executable”
image files, for example innosetup-5.5.9.exe itself.

JFTR: unfortunately Windows’ module loader covers these bugs and
loads such defective PE image files.

DEFECTS:
~~~~~~~~

1. all (8) IMAGE_IMPORT_DESCRIPTOR entries in the IMPORT directory
are INVALID: their Characteristics/OriginalFirstThunk fields
contain 0 instead of the RVA of the import…

0-Day: Dahua backdoor Generation 2 and 3

Posted by bashis on Mar 05

[STX]

I’m speechless, and almost don’t know what I should write… I (hardly) can’t believe what I have just found.

I have just discovered (to what I strongly believe is backdoor) in Dahua DVR/NVR/IPC and possible all their clones.

Since I am convinced this is a backdoor, I have my own policy to NOT notify the vendor before the community.
(I simply don’t want to listen on their poor excuses, their tryings to keep me silent…