Full Disclosure
Posted by Hanno Böck on May 12
While fuzzing SQLite I discovered two read heap overflow errors. One is
in the database file parser, one in the sql command parser. Both issues
are present in SQLite 3.8.9 and are fixed in SQLite 3.8.10.1. These
bugs can be seen with either valgrind or address sanitizer.
Passing the command “.” will cause a one byte heap overflow in…
Posted by Skander Iversen on May 11
Dear colleagues,
I would like to announce the following CFP.
Please kindly consider submitting to this conference.
This year’s RAID will take in marvelous Kyoto, Japan.
—————————————–
RAID 2015
Kyoto, Japan, November 2-4, 2015
http://www.raid2015.org/
Call for Papers
—————
The 18th International Symposium on Research in Attacks, Intrusions and
Defenses
(RAID 2015) aims at bringing together leading…
Posted by honeypot on May 11
G-Homa WLan Power Plug Multiple Problems
i found multiple problems with the g-home ower plug.
1) Default User/Password in the Admin WebServer (admin/admin).
2) Communication with controlling server without authentication.
TCP-Binary without encryption.
3) App (Android adn IPhone) communicate with the controll server
via http.
4) Non configurable chinese ntp server contacted.
5) According to the documentation i found it would be possible…
Posted by Zach C on May 10
Hello,
I’m posting a multipart reversing and exploitation series entitled “Broken,
Abandoned, and Forgotten Code.” It explores the discovery, reverse
engineering, and exploitation of an unauthenticated firmware update
capability in the UPnP stack of Netgear SOHO routers.
This isn’t your typical “OMG command injection SOHO Routers are so
insecure!!!1!” project. We all know they are; that’s been covered ad…
Posted by John Page on May 10
Read arbitrary server files:
Affected Vendor:
www.sqlbuddy.com
Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org
Source:
http://hyp3rlinx.altervista.org/advisories/AS-SQLBUDDY0508.txt
Product:
sqlbuddy version 1.3.3 SQL Buddy is an open source web based MySQL
administration application.
Advisory Information:
==============================
sqlbuddy suffers from directory traversal whereby a user can move about
directories an…
Posted by Alfred Baroti on May 09
Hi,
When you send email containing
http://example.com/example.html#<img/src/onerror=alert(123)>
to a user using mailbird you will receive a great XSS 🙂
Enjoy.
PS
I din’t contact mailbird team. ( who cares ?)
Posted by Nitin Venkatesh on May 09
## Details
# Title: Unsanitized parameters in WordPress Roomcloud plugin v1.1(rev
@1115307) allows Cross-site Scripting
# Submitter: Nitin Venkatesh <venkatesh [dot] nitin [at] gmail [dot] com>
# Product: WordPress Roomcloud plugin
# Product URL: https://wordpress.org/plugins/roomcloud
# Vulnerability Type: Cross-site Scripting [CWE-79]
# Affected Versions: Tested on v1.1 (revision @1115307)
# Fixed Version: v1.1 (revision @1117499)
# Link…
Posted by Onur Yilmaz on May 09
Information
——————–
Advisory by Netsparker.
Name: DOM XSS Vulnerability in Twenty Fifteen WordPress Theme
Affected Software : WordPress
Affected Versions: 4.2.1 and probably below
Vendor Homepage : https://wordpress.org/ and
https://wordpress.org/themes/twentyfifteen/
Vulnerability Type : DOM based Cross-site Scripting
Severity : Important
CVE-ID: CVE-2015-3429
Netsparker Advisory Reference : NS-15-007
Description…
Posted by Balint Varga-Perke on May 09
Silent Signal Security Advisory
===============================
Title: Symantec Critical System Protection Remote Code Execution
CVE: CVE-2014-3440
CVSSv2: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Status: Public
Date: 2015-05-05
## Software description
According to the vendor Symantec Critical System Protection provides
policy-based behavior control and detection for server and desktop
computers. Symantec Critical System Protection includes management…
Posted by MustLive on May 09
Hello participants of Mailing List.
After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I’ve made next update of the software. DAVOSET v.1.2.4 was released – DDoS
attacks via other sites execution tool (http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET…