Full Disclosure
Posted by Mauro Gentile on Mar 23
A few days ago me (@sneak_) and @_ikki gave a talk at the great Troopers
2015 conference about CVE-2011-2461.
2011??! Yes, you read it right: we love to analyze seasoned bugs.
This bug is still exploitable in modern web browsers, with the latest
Adobe Flash plug-in.
In the case you are interested in client-side security, then we suggest
you to take a look at:
http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
OR…
Posted by tom () fadedcode net on Mar 22
Subject: Cisco UCSM username and password hashes sent via SYSLOG
Impact: Information Disclosure / Privilege Elevation
Vendor: Cisco
Product: Cisco Unified Computing System Manager (UCSM)
Notified: 2014.10.31
Fixed: 2015.03.06 ( 2.2(3e) )
Author: Tom Sellers ( tom at fadedcode.net )
Date: 2015.03.21
Description:
============
Cisco Unified Computing System Manager (UCSM) versions 1.3 through 2.2 sends local (UCSM) username and…
Posted by Steffen Rösemann on Mar 22
Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in
openEMR v.4.2.0
Advisory ID: SROEADV-2015-08
Author: Steffen Rösemann
Affected Software: openEMR v.4.2.0 (Release-date: 28th Dec 2014)
Vendor URL: http://www.open-emr.org
Vendor Status: patched
CVE-ID: to be assigned after release of advisory via OSS list
==========================
Vulnerability Description:
==========================
Electronic health records and medical…
Posted by Bastian on Mar 22
html version with images available here: https://hsmr.cc/palinopsia
# The Palinopsia Bug
## Is your VirtualBox reading your E-Mail? Reconstruction of
FrameBuffers from VRAM
This document describes a method of reading and displaying previously
used framebuffers from a variety of popular graphics cards. In all 4
tested laptops the content of the VRAM was not erased upon reboot.
It is also possible to show that the content of the host VRAM can be…
Posted by halfdog on Mar 22
Hello List,
I’ve improved the code and made most of the source-code parameters
also configurable via the command line.
I’ve also added the row-hammer assembly code itself.
The problem:
* The page fixation code is tested and seems to be 100% reliable and
quite fast.
* The row-hammer code is completely untested as I have no 64-bit
hardware affected by rowhammer. Hence the statistics optimization code
is incomplete.
WARNING: THE CODE…
Posted by Kevin Schaller on Mar 22
XML External Entity (XXE) Injection Vulnerability in Apache Batik (Java
SVG Toolkit)
====================================================================================
Researcher: Kevin Schaller <kschaller () ernw de>
Description
===========
Batik is a Java-based toolkit for applications or applets that want to
use images in the
Scalable Vector Graphics (SVG) format for various purposes, such as
display, generation or
manipulation. [1]…
Posted by Taoguang Chen on Mar 20
#Use After Free Vulnerability in unserialize()
Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date: 2015.2.3
– Release Date: 2015.3.20
Affected Versions
————
Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23
Affected is PHP 5.4 < 5.4.39
Affected is PHP 5 <= 5.3.29
Affected is PHP 4 <= 4.4.9
Credits
————
This vulnerability was disclosed by Taoguang Chen.
Description
————
“`…
Posted by Taoguang Chen on Mar 20
#Use After Free Vulnerability in unserialize() with DateInterval
Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date:
2015.2.28 – Release Date: 2015.3.20
Affected Versions
————
Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23
Affected is PHP 5.4 < 5.4.39
Affected is PHP 5.3 <= 5.3.29
Credits
————
This vulnerability was disclosed by Taoguang Chen.
Description
————
“`
static int…
Posted by Taoguang Chen on Mar 20
# Type Confusion Vulnerability in SoapClient
Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date: 2015.3.1
– Release Date: 2015.3.20
Affected Versions
————
Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23
Affected is PHP 5.4 < 5.4.39
Affected is PHP 5.3 <= 5.3.29
Credits
————
This vulnerability was disclosed by Taoguang Chen.
Description
————
“`
PHP_METHOD(SoapClient,…
Posted by Taoguang Chen on Mar 20
# Type Confusion Infoleak Vulnerabilities in SoapClient
Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date: 2015.3.1
– Release Date: 2015.3.20
Affected Versions
————
Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23
Affected is PHP 5.4 < 5.4.39
Affected is PHP 5.3 <= 5.3.29
Credits
————
This vulnerability was disclosed by Taoguang Chen.
Description
————
“`
PHP_METHOD(SoapClient,…