Full Disclosure
Posted by Summer of Pwnage on Feb 28
————————————————————————
Cross-Site Request Forgery in Atahualpa WordPress Theme
————————————————————————
Spyros Gasteratos, July 2016
————————————————————————
Abstract
————————————————————————
A Cross Site Request Forgery vulnerability exists in the…
Posted by Securify B.V. on Feb 28
————————————————————————
Multiple persistent Cross-Site Scripting vulnerabilities in osTicket
————————————————————————
Han Sahin, July 2016
————————————————————————
Abstract
————————————————————————
Two persistent Cross-Site Scripting vulnerabilities have…
Posted by X41 D-Sec GmbH Advisories on Feb 28
X41 D-Sec GmbH Security Advisory: X41-2017-001
Multiple Vulnerabilities in X.org
=================================
Overview
——–
Vendor: X.org/Freedesktop.org
Vendor URL: https://www.x.org/wiki/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
Status: Public
Timing attack against MIT Cookie
================================
Vulnerability Type: Other
Affected Products: Xorg…
Posted by Nitesh Shilpkar on Feb 28
Amazon kindle for windows suffers from a DLL hijacking issue.
Mitre has issued CVE-2017-6189 for this issue.
The issue is vendor confirmed and Kindle 1.19 fixes this issue.
Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Create a malicious dll file and save it in your “Downloads” directory.
2. Download “Kindle Setup” and save it in your “Downloads” directory.
3. Execute “Kindle…
Posted by Felipe Soares de Souza on Feb 28
Title:
====
D-link wireless router DI-524 – Multiple Cross-Site Request Forgery (CSRF)
vulnerabilities
Credit:
======
Name: Felipe de Souza
Date:
=====
27-02-2017
Reference:
=====
CVE-2017-5633
Vendor:
======
D-Link is the global leader in connectivity for small, medium and large
enterprise business networking.
Product:
=======
D-Link DI-524 wireless router
Product link: https://dlink.com.br/produto/di-524150
Abstract:
=======…
Posted by NL Deloitte Zero Day (NL – Amsterdam) on Feb 27
Hi list,
We have found a Cross-site scripting vulnerability in SAP BusinessObjects Financial Consolidation.
[Description]
Cross-site scripting (XSS) vulnerability in the help component of SAP
BusinessObjects Financial Consolidation 10.0.0.1933 allows remote
attackers to inject arbitrary web script or HTML via a GET request.
——————————————
[Additional Information]
The help pages of SAP BusinessObjects Financial…
Posted by Jason Geffner on Feb 27
CVE-2016-9892 – Remote Code Execution as Root via ESET Endpoint Antivirus 6
—————————————————————————
Summary
=======
Name: Remote Code Execution as Root via ESET Endpoint Antivirus 6
CVE: CVE-2016-9892
Discoverers: Jason Geffner and Jan Bee
Vendor: ESET
Product: ESET Endpoint Antivirus 6 for macOS
Risk: Critical
Discovery Date: 2016-11-03
Publication Data: 2017-02-27
Fixed Version: 6.4.168.0…
Posted by Manuel Garcia Cardenas on Feb 27
=============================================
MGC ALERT 2017-002
– Original release date: February 21, 2017
– Last revised: February 28, 2017
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
WordPress Plugin Kama Click Counter 3.4.9 – Blind SQL Injection
II. BACKGROUND
————————-
Using this plugin you will have…
Posted by Indrajith AN on Feb 24
Title:
====
DIGISOL DG-HR1400 Wireless router – Cross-Site Request Forgery (CSRF)
vulnerability
Credit:
======
Name: Indrajith.A.N
Website: https://www.indrajithan.com
Company: PwC-SDC
Reference:
=========
CVE Details: CVE-2017-6127
Date:
====
23-02-2017
Vendor:
======
DIGISOL router is a product of Smartlink Network Systems Ltd. is one of
India’s leading networking company. It was established in the year 1993 to
prop the Indian…
Posted by Nguyen Anh Quynh on Feb 24
Greetings,
We are super happy to announce version 1.0 for Unicorn CPU Emulator
framework!
Full source code & precompiled binaries are now available at
http://www.unicorn-engine.org/Version-1.0
This release is the result of over 1 year of community-based development.
We fixed a lot of issues on all architectures, added some new APIs and
provide 3 more bindings in Haskell, MSVC & VB6 now. See the link above for
details on important…