Posted by Tim on May 20

Isn’t this the public bug tracker?

https://bugzilla.xamarin.com/describecomponents.cgi?product=Android

Though, correct that case id doesn’t map to anything there.

-Tim Strazzere

Posted by ValdikSS on May 20

They don’t have public bugtracker. Case ID is 140518.

Posted by Tim on May 20

Thanks for posting this to FD, these didn’t even include it in their
release notes;

http://developer.xamarin.com/releases/android/xamarin.android_5/xamarin.android_5.1/

Was there a bug reported in bugzilla to link back too?

-Tim Strazzere

Posted by ValdikSS on May 20

I had no idea they have one. All communication with Xamarin was over email at hello () xamarin com

Posted by Christos Zoulas on May 20

— Subject: [FD] 0-day Denial of Service in IPsec-Tools

| Denial of Service in IPsec-Tools
| Vulnerability Report
| May 19, 2015
|
| Product: IPsec-Tools
| Version: 0.8.2
| Website: http://ipsec-tools.sourceforge.net/
| CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
|
| IPsec-Tools is vulnerable to a 0-day exploit that I made available yesterday. It is a null dereference crash in
racoon in gssapi.c. It requires HAVE_GSSAPI to be set, which is…

Posted by MustLive on May 19

Hello list!

There are vulnerabilities in Hikvision DS-7108HWI-SH.

These are XML Injection, Abuse of Functionality and Brute Force
vulnerabilities. All these vulnerabilities are present in other IP cameras
and DVR of Hikvision.

————————-
Affected vendors:
————————-

Hikvision
http://www.hikvision.com

————————-
Affected products:
————————-

Vulnerable are the next models with…

Posted by Javantea on May 19

Denial of Service in IPsec-Tools
Vulnerability Report
May 19, 2015

Product: IPsec-Tools
Version: 0.8.2
Website: http://ipsec-tools.sourceforge.net/
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

IPsec-Tools is vulnerable to a 0-day exploit that I made available yesterday. It is a null dereference crash in racoon
in gssapi.c. It requires HAVE_GSSAPI to be set, which is a configuration option. The impact is a denial of service
against the IKE…

Posted by vishnu raju on May 19

Greetings from vishnu (@dH4wk)

1. Vulnerable Product Version

– ZTE AC3633R (MTS Ultra Wifi Modem)

2. Vulnerability Information

(A) Authentication Bypass
Impact: Attacker gains administrative access
Remotely Exploitable: UNKNOWN
Locally Exploitable: YES

(B) Device crash which results in reboot
Impact: Denial of service, The crash may lead to RCE locally thus
attaining root privilege on the device
Remotely…

Posted by Jean-François Gingras on May 19

Maybe I missed something, but why is this a vulnerability? This behavior is
directly caused by NTFS. The way information is stored in the MFT and in a
INDEX_ALLOCATION (for large directories) will cause this problem to any
secure delete program.

IIRC, if your file is located in a large directory, the records (mainly the
FILENAME attribute) for this directory are not hold in a resident attribute
(INDEX_ROOT – 0x90) in the MFT, they are hold in a…

Posted by ValdikSS on May 19

Xamarin for Android prior to version 5.1 allows to replace internal DLL files inside the APK with files on SD card
which are not in a secure storage.
Malicious application without any special permissions could drop backdoored DLL files into

/storage/sdcard0/Android/data/app_id/files/.__override__/

and the victim application would use files from SD.
Not just the main application library could be hijacked, but also Xamarin’s System.dll and…