Category Archives: Full Disclosure

Full Disclosure

Clickheat 1.13+ Unauthenticated RCE

May 19, 2015 007admin

Posted by Calum Hutton on May 19

Clickheat 1.13+ Unauthenticated RCE
———————————–

The Clickheat developers have been informed, but have not responded to my email. The code has not been updated recently
and the project seems to be in an abandoned state.

I have discovered a vulnerability in Clickheat 1.13 onwards that would allow an attacker to execute arbitrary commands
on the remote webserver, in the context of the user running the webserver, without…

Full Disclosure

Milw0rm Clone Script v1.0 – (time based) SQLi

May 19, 2015 007admin

Posted by john smith on May 19

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
| Exploit Title: Milw0rm Clone Script v1.0 – (time based)…

Full Disclosure

SQLi in FeedWordPress WordPress plugin

May 19, 2015 007admin

Posted by Adrián M . F . on May 19

======================================================
SQLi in FeedWordPress WordPress plugin
======================================================
vendor: https://wordpress.org/plugins/feedwordpress/
active installs: 70,000+
vulnerable version: 2015.0426
fixed version: 2015.0514
CVE: CVE-2015-4018

Vulnerability
===============

(1) Authenticated SQLi [CWE-89]
——————————-

* CODE:
feedwordpresssyndicationpage.class.php:89…

Full Disclosure

SEC Consult SA-20150519-0 :: Critical buffer overflow vulnerability in KCodes NetUSB (VU#177092, CVE-2015-3036)

May 19, 2015 007admin

Posted by SEC Consult Vulnerability Lab on May 19

SEC Consult Vulnerability Lab Security Advisory < 20150519-0 >
=======================================================================
title: Kernel Stack Buffer Overflow
product: KCodes NetUSB
vulnerable version: see Vulnerable / tested versions
fixed version: see Solution
CVE number: CVE-2015-3036, VU#177092
impact: Critical
homepage: http://www.kcodes.com/…

Full Disclosure

[Samba 3.0.37] EnumPrinters memory corruption

May 18, 2015 007admin

Posted by Gabriele Avosani on May 18

Hello, i discovered a bug in EnumPrinters.
It seems that it allocates many mega of memory, corrupting memory and
taking control of a memcpy in parse_prs.c:398

It leads to memory corruption, fatal (and fast) exhaustion of resources
and, probably, remote code execution.

I attach a file that can be used as a proof of concept.

Gabriele Avosani

(looking for remote work as programmer, if in need, email me at
g.avosani () gmail com (PHP, Perl,…

Full Disclosure

KL-001-2015-002 : Piriform CCleaner Wiped Filename Recovery

May 18, 2015 007admin

Posted by KoreLogic Disclosures on May 18

KL-001-2015-002 : Piriform CCleaner Wiped Filename Recovery

Title: Piriform CCleaner Wiped Filename Recovery
Advisory ID: KL-001-2015-002
Publication Date: 2015.05.18
Publication URL:
https://www.korelogic.com/Resources/Advisories/KL-001-2015-002.txt

1. Vulnerability Details

Affected Vendor: Piriform
Affected Product: CCleaner
Affected Version: 3.26.0.1988 – 5.02.5101
Platform: Microsoft Windows 7 x64 Service Pack 1…

Full Disclosure