Full Disclosure
Posted by Kyle Neideck on Mar 05
Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13
Kyle Neideck, February 2017
Product
——-
Deluge is a BitTorrent client available from http://deluge-torrent.org.
Fix
—
Fixed in the (public) source code, but not in binary releases yet. See
http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9
and…
Posted by Michael Benich on Mar 05
Summary: Persistent cross-site scripting (XSS) in the web interface of Epson’s TMNet WebConfig Ver 1.00 application
allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter.
————————————————————————
Vendor: EPSON
————————————————————————
Software Link:…
Posted by Milos Krasojevic on Mar 05
Call for Papers for 5th Balkan Computer Congress – BalCCon2k17
15|16|17 September 2017, Novi Sad, Vojvodina, Serbia, Europe, Earth,
Milky Way
The BalCCon2k17 staff are now soliciting papers to be presented at our
BalCCon2k17 Congress to be held 15 – 17th September in Novi Sad, Serbia.
The CfP in open until 1st July 2017.
The Event
Balkan Computer Congress is an annual three days gathering of the
international hacker…
Posted by Stefan Kanthak on Mar 05
Hi @ll,
although puTTY finally offers MSI packages as primary installers on
<http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html>,
they still provide an executable installer putty-0.68-installer.exe
(see <http://seclists.org/fulldisclosure/2016/Mar/12>), still
created with InnoSetup.
putty-0.68-installer.exe is but a DEFECTIVE “portable executable”
image (see DUMPBIN output below)!
JFTR: unfortunately…
Posted by Larry W. Cashdollar on Mar 02
Title: Remote file upload vulnerability in WordPress Plugin Mobile App Native 3.0
Vulnerability Date: 2017-02-27
Download: https://wordpress.org/plugins/zen-mobile-app-native/
Vendor: https://profiles.wordpress.org/zendkmobileapp/
Notified: 2017-02-27
Description: Mobile App WordPress plugin lets you turn your website into a full-featured mobile application in minutes
using Mobile App Builder.
Vulnerability: The code in file…
Posted by Black Arch on Mar 02
Dear list,
We’ve released the new BlackArch Linux ISOs along with many
improvements. They include more than 1700 tools now. The armv6h,
armv7h and aarch64 repositories are filled with about 1600 tools.
A short ChangeLog of the Live-ISOs:
– add more than 50 new tools
– update blackarch installer to version 0.3.3
– fix several tools (dependencies, installs, …)
– include linux kernel 4.9.11
– updated all system packages
-…
Posted by SEC Consult Vulnerability Lab on Mar 01
SEC Consult Vulnerability Lab Security Advisory < 20170301-0 >
=======================================================================
title: XML External Entity Injection (XXE),
Reflected Cross Site Scripting
product: Aruba AirWave
vulnerable version: <=8.2.3
fixed version: 8.2.3.1
CVE number: CVE-2016-8526, CVE-2016-8527
impact: high
homepage:…
Posted by Sven Blumenstein on Feb 28
Veritas NetBackup and NetBackup appliance – Multiple Vulnerabilities
——————————————————————–
Introduction
============
Multiple critical vulnerabilities were identified in Veritas NetBackup
and NetBackup appliance. The vulnerabilities were discovered during a
black box security assessment and therefore the vulnerability list
should not be considered exhaustive.
Affected Software and Versions…
Posted by Karn Ganeshen on Feb 28
Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code
Execution (DLL Hijacking Vulnerability)
*Confirmed on*
pgAdmin4 v1.1: Current version packaged with PostgreSQL v9.6.1.1 (Windows
x86 Current version)
*Checked on*
Windows 7 SP1 + python 2.7.13 (current version)
Note – This is a vulnerability in python, which gets manifested via
pgAdmin4. Other applications and softwares that use python, may as well be
vulnerable.
*Download*…
Posted by Jack Cha on Feb 28
Ref: http://seclists.org/fulldisclosure/2017/Feb/62
Hello,
My name is Jack Cha and I am a product security engineer at Teradici. I have reproduced with the steps as provided and
I am working with the dev team to address it. Please know that Teradici has been working to address it promptly.
I have exchanged couple of emails with Harrison as per below, confirming that it would be much more difficult to
exploit the same weakness in MC 2.3.0 and…