Full Disclosure
Posted by NaxoneZ . on May 31
# Title: HTML Injection in dolibarr
# Author: Sergio Galán – @NaxoneZ
# Date: May 20,2015
# Vendor Homepage: *http://www.dolibarr.es/ <http://www.dolibarr.es/>*
# Vulnerable version: 3.5 / 3.6
# CVE: CVE-2015-3935
Dolibarr no properly escape untrusted data to prevent injection
[*] Page affected
– dolibarr-3.7.0/htdocs/societe/societe.php
– dolibarr-3.7.0/htdocs/societe/admin/societe.php
[*] Fields affected
– Bussiness Search…
Posted by Jose Antonio Rodriguez Garcia on May 31
Dear Full Disclosure community,
we are a group of security researchers doing our IT Security Master’s
Thesis at Universidad
Europea de Madrid.
As a part of the dissertation, we have discovered multiple vulnerability
issues on the following SOHO routers:
1. Observa Telecom AW4062
2. Comtrend WAP-5813n
3. Comtrend CT-5365
4. D-Link DSL-2750B
5. Belkin F5D7632-4
6. Sagem LiveBox Pro 2 SP
7. Amper Xavi 7968 and 7968+
8. Sagem Fast…
Posted by Gergely Eberhardt on May 31
Overwiew
——–
SEARCH-LAB performed an independent security assessment on four
different D-Link devices. The assessment has identified altogether 53
unique vulnerabilities in the latest firmware (dated 30-07-2014).
Several vulnerabilities can be abused by a remote attacker to execute
arbitrary code and gain full control over the devices. We list below
several of the problematic areas, where the most critical findings were
discovered:
-…
Posted by fG on May 31
Hi,
Most Mac models suffer from a critical vulnerability in the S3
suspend/resume cycle.
When they resume from a suspend cycle the BIOS flash protections are
removed and unlocked. This means the BIOS can be overwritten from userland
at that moment.
The Dark Jedi vulnerability achieved this by modifying the S3 boot script
but Apple’s implementation is even worse and the only requirement is to
put the computer to sleep.
Please refer to…
Posted by David Leo on May 31
Proof of concept:
http://www.deusen.co.uk/items/iwhere.9500182225526788/
It works on fully patched versions of iOS and OS X.
How it works:
Just keep trying to load the web page of target domain.
How We Got It:
Safari changes address bar to new URL,
BEFORE new content is loaded.
BestSec
http://www.deusen.co.uk/items/bestsec/
We like it. We read it.
Kind Regards,
Posted by Jann Horn on May 29
Summary:
Flash by design allows local SWF files to read arbitrary local files, but
prevents communication with remote servers. By smuggling data through a timing
side-channel, this can be circumvented, allowing local SWF files to exfiltrate
the contents of arbitrary local files to the internet.
Some more details:
Flash runs normal local SWF files under local-with-file-system restrictions,
which are documented at
<…
Posted by Glaudson Ocampos on May 28
SECURITYLABS INTELLIGENT RESEARCH – SECURITY ADVISORY
http://www.securitylabs.com.br/
ADVISORY/0115 – SOPHOS WAF (WEBSERVER PROTECTION) DOES NOT ANALYZE JSON DATA
PRIORITY: MEDIUM
TYPE: WAF Bypass
1 – About SecurityLabs Intelligent Research
———————————————–
SecurityLabs Intelligent Researh is a team specialized in projects of
penetration test(Pentests),
security audits and cryptanalysis.
It has a group of…
Posted by psy on May 28
Hi list,
I am glad to present a new release of this tool.
“UFONet is a tool designed to launch DDoS attacks against a target,
using ‘Open Redirect’ vectors on third party web applications, like botnet.”
Main options are:
* Auto-update
* Clean code (only needs python-pycurl)
* Documentation with examples
* Web/GUI Interface
* Proxy to connect to ‘zombies’ (ex: tor)
* Change HTTP…
Posted by Onapsis Research Labs on May 27
Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information
Disclosure via SQL IMPORT FROM statement
1. Impact on Business
=====================
Under certain conditions some SAP HANA Database commands could be
abused by a remote authenticated attacker to access information which
is restricted.
This could be used to gain access to confidential information.
Risk Level: Medium
2. Advisory Information
=======================
– Public…
Posted by Onapsis Research Labs on May 27
Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection
Vulnerability
1. Impact on Business
=====================
Under certain conditions the SAP HANA XS engine is vulnerable to
arbitrary log
injection, allowing remote authenticated attackers to write arbitrary
information in log files.
This could be used to corrupt log files or add fake content misleading
an administrator.
Risk Level: Medium
2. Advisory Information…