Posted by Paul Vixie on Apr 14

Michal Zalewski wrote:

thanks for this work, and this report.

if anyone has a pointy-haired-boss who wonders about the impact of this
disclosure, i offer:

http://queue.acm.org/detail.cfm?id=2721993

Posted by Michal Zalewski on Apr 14

SQLite is probably the most popular embedded database in use today; it
is also known for being very well-tested and robust.

Because of its versatility, SQLite sometimes finds use as the
mechanism behind SQL-style query APIs that are exposed between
privileged execution contexts and less-trusted code. One example of
this is the WebDB / WebSQL mechanism available in some browsers; in
this setting, vulnerabilities in the SQLite parser can open up…

Posted by Jouko Pynnonen on Apr 13

*Overview*
The 4/8/2015 security updates from Apple included a patch for a Safari
cross-domain vulnerability. An attacker could create web content which,
when viewed by a target user, bypasses some of the normal cross-domain
restrictions to access or modify HTTP cookies belonging to any website.

Most websites which allow user logins store their authentication
information (usually session keys) in cookies. Access to these cookies
would allow…

Posted by Rehan Ahmed on Apr 11

I. Overview
========================================================
OrangeHRM (Opensource 3.2.1, Professional & Enterprise 4.11) are prone to a multiple Blind SQL injection & XSS
vulnerabilities. These vulnerabilities allows an attacker to inject SQL commands to compromise the affected database
management system in HRM, perform operations on behalf of affected victim, redirect them to malicious sites, steal
their credentials, and…

Posted by Jeffrey Walton on Apr 10

https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

The Admin framework in Apple OS X contains a hidden backdoor API to
root privileges. It’s been there for several years (at least since
2011), I found it in October 2014 and it can be exploited to escalate
privileges to root from any user account in the system.

The intention was probably to serve the “System Preferences” app and
systemsetup…

Posted by Why Know on Apr 10

Fusion Engage is a commercial wordpress plugin sold by internet marketer (and known scammer) Precious Ngwu to.. I’m
actually not sure. Something to do with video embedding.

Anyway, it has a LFD. Here’s the relevant code..

function fe_get_sv_html(){
global $wpdb, $video_db, $ann_db;

print(file_get_contents($_POST[‘video’]));

wp_die();…

Posted by SEC Consult Vulnerability Lab on Apr 10

SEC Consult Vulnerability Lab Security Advisory < 20150410-0 >
=======================================================================
title: Unauthenticated Local File Disclosure
product: Multiple TP-LINK products (see Vulnerable / tested versions)
vulnerable version: Multiple (see Vulnerable / tested versions)
fixed version: see Solution
CVE number: CVE-2015-3035
impact: Critical…

Posted by An Onion on Apr 10

nsec3map is a DNS zone enumerator that makes use of DNSSEC NSEC or NSEC3
records. It allows to discover hosts quickly and with a minimal number
of DNS queries (usually just one query per resource record).

In NSEC mode, it can be configured to send “A” queries, which can be
useful in cases where the nameserver blocks the direct querying of NSEC
records.

In NSEC3 mode, the tool finds a domain name which is not covered
by any received…

Posted by Cristiano Maruti on Apr 09

===============================================================================
title: Network Solutions Webmail – A tale about
chained web vulnerabilities
case id: CM-2015-01
product: Network Solutions Webmail
vulnerability type: Multiple
severity: Low to High
found: 2015-01-16
by: Cristiano Maruti (@cmaruti)…

Posted by SEC Consult Vulnerability Lab on Apr 09

SEC Consult Vulnerability Lab Security Advisory < 20150409-0 >
=======================================================================
title: Multiple XSS & XSRF vulnerabilities
product: Comalatech Comala Workflows
vulnerable version: <= 4.6.1
fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for Confluence 4.3+
impact: High
homepage:…