Posted by Vulnerability Lab on Jun 05

Document Title:
===============
1 Click Extract Audio v2.3.6 – Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1506

Video: http://www.vulnerability-lab.com/get_content.php?id=1507

Release Date:
=============
2015-06-05

Vulnerability Laboratory ID (VL-ID):
====================================
1506

Common Vulnerability Scoring System:
====================================
6.1…

Posted by Vulnerability Lab on Jun 05

Document Title:
===============
1 Click Audio Converter v2.3.6 – Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1504

http://www.vulnerability-lab.com/get_content.php?id=1505

View Video: https://www.youtube.com/watch?v=Ad0wHlHz0KU

Release Date:
=============
2015-06-04

Vulnerability Laboratory ID (VL-ID):
====================================
1504

Common Vulnerability…

Posted by Vulnerability Lab on Jun 05

Document Title:
===============
1 Click Audio Converter v2.3.6 – Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1504

http://www.vulnerability-lab.com/get_content.php?id=1505

View Video: https://www.youtube.com/watch?v=Ad0wHlHz0KU

Release Date:
=============
2015-06-04

Vulnerability Laboratory ID (VL-ID):
====================================
1504

Common Vulnerability…

Posted by Zach C on Jun 04

Part 7 is up! We further refine the undocumented firmware header for
the Netgear R6200 SOHO router. A couple of additional checksum and
size fields are added as well as a packed version string field.

http://shadow-file.blogspot.com/2015/06/abandoned-part-07.html

Only 5 bytes in the 58 byte header remain unidentified, which is
sufficient for the web interface to happily accept our custom firmware
image.

Of course we haven’t started…

Posted by The Security Factory on Jun 04

Beckhoff IPC diagnostics < 1.8 : Authentication bypass
======================================================

CVE number: CVE-2015-4051
Permalink: http://www.thesecurityfactory.be/permalink/beckhoff-authentication-bypass.html
Vendor advisory: http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf

— Info —

Beckhoff IPC diagnostics is support software that is preinstalled on all Beckhoff Industrial PCís (and PLCís) that…

Posted by reek35 on Jun 04

##############################################################
# #
# TANIUM ALL VERSIONS ARBITRARY FILE OVERWRITE #
# #
# TANIUM allows lowest privileged users on #
# Linux and Mac systems to overwrite any file #
# of their choosing in 15 seconds. #
#…

Posted by Pedro Ribeiro on Jun 03

Hi,

tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE.
SysAid have informed me they all have been fixed in 15.2, but no
re-test was performed.

Full advisory below, and a copy can be obtained at [1].
5 Metasploit modules have been released and currently awaiting merge
in the moderation queue [2].

Regards,
Pedro

[1]: https://raw.githubusercontent.com/pedrib/PoC/master/generic/sysaid-14.4-multiple-vulns.txt
[2]:…

Posted by Jeffrey Walton on Jun 02

Another simple one is:

<a href=”http://www.evil.com&quot; target=”_blank” title=”http://good.com&quot;
style=”color: rgb(0, 102, 204);”>Login <strong>HERE</strong></a>

The browsers will hide “evil.com”, and display “good.com” as a tool
tip when you hover the mouse.

The browser makers will tell you the user is not supposed to make
security decisions based on…

Posted by Michal Zalewski on Jun 02

Sure, but that’s pretty obvious.

/mz

Posted by David Leo on Jun 02

Great blog, Michal!

If you change “http://1.2.3.4/&quot; in your Safari code:
some URL in the real world(for example, dailymail.co.uk).
Your code won’t work(page of target domain is simply loaded).

The trick here is: “keep trying to load”.

Kind Regards,

__________
BestSec
http://www.deusen.co.uk/items/bestsec/
We like it. We read it.