Posted by Imre RAD on Apr 17

Android backup agent arbitrary code execution
———————————————

The Android backup agent implementation was vulnerable to privilege
escalation and race condition. An attacker with adb shell access could
run arbitrary code as the system (1000) user (or any other valid
package). The attack is tested on Android OS 4.4.4.

The main problem is inside bindBackupAgent method in the
ActivityManagerService.
This method is…

Posted by Imre RAD on Apr 17

ADB backup archive path traversal file overwrite
————————————————

Using adb one can create a backup of his/her Android device and store it
on the PC. The backup archive is based on the tar file format.

By modifying tar headers to contain ../../ like patterns it is possible
to overwrite files owned by the system user on writeable partitions.

An example pathname in the tar header:…

Posted by Imre RAD on Apr 17

MTP path traversal vulnerability in Android 4.4
———————————————–

doSendObjectInfo() method of the MtpServer class implemented in
frameworks/av/media/mtp/MtpServer.cpp does not validate the name
parameter of the incoming MTP packet at all.

It is possible to upload files outside of the sdcard using a specially
crafted MTP request:

root () testpc:~/mtp-test# ./mtp-mysend sdf.txt …

Posted by Portcullis Advisories on Apr 17

Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet
CVE: CVE-2014-5370
Vendor: New Atlanta
Product: BlueDragon CFChart Servlet
Affected version: 7.1.1.17759
Fixed version: 7.1.1.18527
Reported by: Mike Westmacott
Details:

The CFChart servlet of BlueDragon (component com.naryx.tagfusion.cfm.cfchartServlet) is vulnerable to arbitrary file
retrieval due to a directory traversal vulnerability. In…

Posted by MustLive on Apr 16

Hello list!

There are SQL Injection, Cross-Site Scripting and Full Path Disclosure
vulnerabilities in Nodes Studio CMS. This is Russian commercial CMS, which I
found at one site of Russian terrorists and propagandists.

————————-
Affected vendors:
————————-

Nodes Studio.

————————-
Affected products:
————————-

Vulnerable are all versions of Nodes Studio CMS.

———-
Details:…

Posted by Hanno Böck on Apr 16

Hi,

Nice work.

I took the latest release and ran the fuzzer again (without all the
dictionary and special testcase stuff, may re-do that later).

Uncovered two more issues, one in the statement parser causing an
off-by-one read with the 2 byte input “.”:
https://www.sqlite.org/cgi/src/info/e018f4bf1f27f783

And one in the parser of the database binary format itself:
https://www.sqlite.org/cgi/src/info/f71053cf658b3260
(not sure if…

Posted by Denis Andzakovic on Apr 16

( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….

Posted by dxw Security on Apr 16

Details
================
Software: Citizen Space
Version: 1.1
Homepage: http://wordpress.org/plugins/citizen-space/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-citizen-space-allows-attackers-to-view-sensitive-information-of-the-attackers-choosing/
CVE: Awaiting assignment
CVSS: 6.4 (Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N)

Description
================
Reflected XSS in Citizen Space allows attackers to view sensitive…

Posted by dxw Security on Apr 16

Details
================
Software: WordPress Content Slide
Version: 1.4.2
Homepage: http://wordpress.org/plugins/content-slide/
Advisory report:
https://security.dxw.com/advisories/csrf-and-stored-xss-in-wordpress-content-slide-allow-an-attacker-to-have-full-admin-privileges/
CVE: Awaiting assignment
CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)

Description
================
CSRF and stored XSS in WordPress Content Slide allow an attacker to…

Posted by Uğur Cihan KOÇ on Apr 15

#Document Title:
============
Huawei SEQ Analyst – Multiple Reflected Cross Site Scripting (XSS)

#Release Date:
===========
15 Apr 2015

#CVE-ID:
=======
CVE-2015-2347

#Product & Service Introduction:
=======================
SEQ Analyst is a platform for business quality monitoring and management by
individual user and multiple vendors in a quasi-realtime and retraceable
manner
More Details & Manual ;…