Full Disclosure
Posted by KoreLogic Disclosures on Jan 29
KL-001-2015-001 : Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2015-001
Publication Date: 2015.01.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-001.txt
1. Vulnerability Details
Affected Vendor: Microsoft
Affected Product: TCP/IP Protocol Driver
Affected Version:…
Posted by Paul B. Henson on Jan 29
This CVE claims CAS has a vulnerability that “allows remote attackers to
bypass LDAP authentication via crafted wildcards”. My understanding of
an “authentication bypass” vulnerability is one that actually bypasses
authentication, accessing a resource without having to authenticate, as
enumerated at http://cwe.mitre.org/data/definitions/592.html
The actual vulnerability here is that if you are using the LDAP
authenticator…
Posted by MustLive on Jan 29
Hello list!
There are Information Leakage and Insufficient Authorization vulnerabilities
in HP LaserJet. Vulnerabilities are in control panel of HP network MFP and
printers. Earlier I informed HP about it.
You can read articles in BBC
(http://seclists.org/fulldisclosure/2014/Dec/98) and Global Voices
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2014-December/009067.html)
about my attacks on network printers of…
Posted by Asterisk Security Team on Jan 28
Asterisk Project Security Advisory – AST-2015-002
Product Asterisk
Summary Mitigation for libcURL HTTP request injection
vulnerability
Nature of Advisory HTTP request injection
Susceptibility Remote Authenticated Sessions…
Posted by Asterisk Security Team on Jan 28
Asterisk Project Security Advisory – AST-2015-001
Product Asterisk
Summary File descriptor leak when incompatible codecs are
offered
Nature of Advisory Resource exhaustion
Susceptibility Remote Authenticated Sessions…
Posted by Timo Goosen on Jan 28
“Do you trust glibc? OK, perhaps that snide remark is overstating things
a bit, but secure software only happens when all the pieces have 100%
correct behavior.”
KernelTrap.org, November 26, 2001
Theo De Raadt http://en.wikiquote.org/wiki/Talk:Theo_de_Raadt
Posted by Paolo Perego on Jan 28
Vulnerability title: WordPress Geo Mashup plugin XSS
Author: Paolo Perego
CVE: CVE-2015-1383
Affected versions: <= 1.8.2
Fixed version: 1.8.3 (January, 11 2015)
Product link: https://wordpress.org/plugins/geo-mashup/
Description
Geo Mashup is a wordpress plugin designed to let you save location
information with posts, pages, and other WordPress objects. These
information can then be presented on interactive maps in many ways.
Plugin versions…
Posted by Pedro Ribeiro on Jan 28
Hi,
This is part 12 of the ManageOwnage series. For previous parts, see [1].
This time we have an arbitrary file download, directory content
disclosure and blind SQL injection vulnerabilities in ManageEngine
OpManager, Applications Manager and IT360.
I’ve pushed two new Metasploit modules into the framework that exploit
the file download and the content disclosure [2], these should
hopefully be accepted soon.
The full advisory text is…
Posted by Steffen Rösemann on Jan 28
Advisory: Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE)
Advisory ID: SROEADV-2015-05
Author: Steffen Rösemann
Affected Software: CMS Saurus v. 4.7 (CE, released: 12.08.2014)
Vendor URL: http://www.saurus.info
Vendor Status: patched
CVE-ID: –
==========================
Vulnerability Description:
==========================
The administrative backend of the Content Management System Saurus CMS v.
4.7 (Community edition, released:…
Posted by Qualys Security Advisory on Jan 28
Qualys Security Advisory CVE-2015-0235
GHOST: glibc gethostbyname buffer overflow
–[ Contents ]—————————————————————-
1 – Summary
2 – Analysis
3 – Mitigating factors
4 – Case studies
5 – Exploitation
6 – Acknowledgments
–[ 1 – Summary ]————————————————————-
During a code audit performed internally at Qualys, we discovered a
buffer overflow in the…