Posted by Stefan Kanthak on Dec 15

Hi @ll,

some Windows commands/programs fail when (one of) their
command line argument(s) is/are enclosed in quotes; for
example:

%SystemRoot%System32FontView.Exe “<pathname>.TTF”
%SystemRoot%System32FONTVIEW.Exe /P “<filename>.TTF”
%SystemRoot%System32RunDLL32.Exe %SystemRoot%System32SetupAPI.Dll,InstallHinfSection <section> <flags>
“<pathname>.INF”

The failure messages shown…

Posted by omarbv on Dec 15

Hello,

Maybe you are interested in take a look to the talks given in the last
RootedCON edition, now are avalaible in Youtube 🙂

https://www.youtube.com/playlist?list=PLUOjNfYgonUvwqY2EOzeJlHgZEsQc_Hvh

Br,

—
RootedCON – www.rootedcon.es
@omarbv

Posted by Eric Windisch on Dec 15

Docker 1.3.3 has been released to address several vulnerabilities and is immediately available for all supported
platforms: https://docs.docker.com/installation/ <https://docs.docker.com/installation/>

This release addresses vulnerabilities which could be exploited by a malicious Dockerfile, image, or registry to
compromise a Docker host, modify images, or spoof official repository images. Note that today we also saw the release
of…

Posted by A. W. on Dec 15

[+] Humhub insecure password validation and reset design
[+] Discovered by: Jos Wetzels
[+] Affects: Humhub <= 0.10.0-rc.1

Humhub [1] versions 0.10.0-rc.1 and prior suffer from several design
flaws, which have now been resolved in cooperation with the vendor
[2], in the implementation of its password reset and validation
functionality.

1. Insecure password validation

The validatePassword() function located in…

Posted by Kousuke Ebihara on Dec 11

I disclosed the following advisory about a XSS vulnerability of
RedCloth (Textile library for Ruby).
http://co3k.org/blog/redcloth-unfixed-xss-en

You shouldn’t use RedCloth to parse user inputted contents and output
the parsed string (except that you allow your
user to write arbitrary JavaScript code on your site) because it
contains unfixed XSS vulnerability for 9 years,
and it be also disclosed for 2 years.

Unfortunately, we may not…

Posted by Brandon Perry on Dec 11

BMC TrackIt! 11.3 Unauthenticated Local User Password Change
Trial available here: http://www.trackit.com

A Metasploit pull request has been made here:
https://github.com/rapid7/metasploit-framework/pull/4359

BMC TrackIt! 11.3 when installed with TrackItWeb! allows an unauthenticated
user to change any local user’s password, such as Administrator. If the
ability to log in remotely via SMB is enabled on the server, this can yield
an…

Posted by Asterisk Security Team on Dec 10

Asterisk Project Security Advisory – AST-2014-019

Product Asterisk
Summary Remote Crash Vulnerability in WebSocket Server
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate…

Posted by Portcullis Advisories on Dec 10

Vulnerability title: Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys]
CVE: CVE-2014-7136
Vendor: K7 Computing
Product: Multiple Products [K7FWFilt.sys]
Affected version: Earlier and including 11.0.1.5
Fixed version: 14.0.1.16
Reported by: Kyriakos Economou
Details:

Latest, and possibly earlier versions of K7FWFilt.sys kernel mode driver, also named as the ‘K7Firewall Packet Driver’,
suffers from a heap overflow…

Posted by Portcullis Advisories on Dec 10

Vulnerability title: Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys]
CVE: CVE-2014-8956
Vendor: K7 Computing
Product: Multiple Products [K7Sentry.sys]
Affected version: 12.8.0.110
Fixed version: 12.8.0.119
Reported by: Kyriakos Economou
Details:

Latest, and possibly earlier versions of K7Sentry.sys kernel mode driver, also named as the ‘K7AV Sentry DeviceDriver’,
suffers from a Out-of-bounds Write condition that…

Posted by Portcullis Advisories on Dec 10

Vulnerability title: Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys]
CVE: CVE-2014-8608
Vendor: K7 Computing
Product: Multiple Products [K7Sentry.sys]
Affected version: 12.8.0.104
Fixed version: 12.8.0.119
Reported by: Kyriakos Economou
Details:

Latest and possibly earlier versions of K7Sentry.sys kernel mode driver, also named as the ‘K7AV Sentry Device Driver’,
allows any local user to crash the system by…