Full Disclosure
Posted by Portcullis Advisories on Nov 19
Vulnerability title: Multiple SQL Injections in Dolibarr ERP & CRM
CVE: CVE-2014-7137
Vendor: Dolibarr ERP & CRM
Product: Dolibarr ERP & CRM
Affected version: 3.5.3
Fixed version: 3.6.1
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could
allow an authenticated attacker to access information such as usernames and password hashes that…
Posted by Portcullis Advisories on Nov 19
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard
Glance for Linux
CVE: CVE-2014-2630
Vendor: Compaq/Hewlett Packard
Product: Glance for Linux
Affected version: 11.00 and subsequent
Fixed version: HPSBMU03086 rev.3
Reported by: Tim Brown
Details:
It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in
Compaq/HP’s…
Posted by Portcullis Advisories on Nov 19
Vulnerability title: Insufficient Input Validation By IO Slaves In KDE e.V. KDE
CVE: CVE-2014-8600
Vendor: KDE e.V.
Product: KDE
Affected version: kwebkitpart <= 1.3.4, kde-runtime <= 4.14.3, kio-extras <= 5.1.1
Fixed version: Contact distribution vendor
Reported by: T. Brown and D. Burton
Details:
Whilst investigating how KDE handles custom protocols, it was discovered that a number of the protocol handlers
(referred to as IO slaves)…
Posted by SCADA StrangeLove on Nov 19
Short FAQ
Q: Is it BadUSB?
A: Not exactly, but kind of. Can be applied to Android gadgets.
Q: Is it local or remote stuff?
A: Can be done remotely (web/sms) for 4G/3G modems
Q: Any threats to ICS?
A: Yes
Q: Huawei?
A: Not limited to…
Q: Who are our heroes?
A: Alexey Osipov, Timur Yunusov, Alex Zaitsev, Gleb Gritsai, Dmitry
Sklarov, Sergey Gordeychik
http://scadastrangelove.blogspot.com/2014/11/bootkit-via-sms.html#more
Posted by Portcullis Advisories on Nov 19
Vulnerability title: Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise
CVE: CVE-2014-2382
Vendor: Faronics
Product: Deep Freeze Standard and Enterprise
Affected version: Before and including v8.10
Fixed version: N/A
Reported by: Kyriakos Economou
Details:
The latest, and earlier, versions of Deep Freeze Standard/Enterprise allow a local attacker to execute code with Kernel
privileges, without the need of loading another…
Posted by Jann Horn on Nov 19
In Android <5.0, java.io.ObjectInputStream did not check whether the Object that
is being deserialized is actually serializable. That issue was fixed in Android
5.0 with this commit:
<https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2>
This means that when ObjectInputStream is used on untrusted inputs, an attacker
can cause an instance of any class with a non-private parameterless constructor
to…
Posted by Wesley Henrique on Nov 18
CNA primary
MITRE Corporation ( cve-assign [ \**NOSPAM\ ] mitre \NOSPAM\ org )
Software Vendors
http://moxi9.com/phpfox
Product: PhpFox
Version: ALL
Research
Wesley Henrique Leite ( wesleyhenrique [\NOSPAM**] gmail \NOSPAM// com )
[+] INFORMATION
Vendor Notified : 2014-10-22
Vendor Homepage : http://moxi9.com/phpfox
Response Vendor: fixed 2014-10-23 (to v4 Beta)
[+] DESCRIPTION
The system stores…
Posted by Steffen Bauch on Nov 18
CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload
1. Background
tcpdump is a powerful command-line packet analyzer. It allows the user
to intercept and display TCP/IP and other packets being transmitted or
received over a network to which the computer is attached.
2. Summary Information
It was found out that malformed network traffic (AOVD-based) can lead to
an abnormal behaviour if verbose output of tcpdump monitoring…
Posted by Steffen Bauch on Nov 18
CVE-2014-8768 tcpdump denial of service in verbose mode using malformed
Geonet payload
1. Background
tcpdump is a powerful command-line packet analyzer. It allows the user
to intercept and display TCP/IP and other packets being transmitted or
received over a network to which the computer is attached.
2. Summary Information
It was found out that malformed network traffic (Geonet-based) can lead
to an application crash (denial of service)…
Posted by Steffen Bauch on Nov 18
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed
OLSR payload
1. Background
tcpdump is a powerful command-line packet analyzer. It allows the user
to intercept and display TCP/IP and other packets being transmitted or
received over a network to which the computer is attached.
2. Summary Information
It was found out that malformed network traffic (OLSR-based) can lead to
an application crash (denial of service) if…