Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

CVE-2014-7178 – Remote Command Execution in Enalean Tuleap

Leave a comment

Posted by Portcullis Advisories on Oct 28

Vulnerability title: Tuleap <= 7.4.99.5 Remote Command Execution in Enalean Tuleap
CVE: CVE-2014-7178
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz

Details:

Tuleap does not validate the syntax of the requests submitted to SVN handler pages in order to validate weather request
passed to passthru() function are introducing any extra parameters that would be executed in the…

Full Disclosure

CVE-2014-7177 – External XML Entity Injection in Enalean Tuleap

Leave a comment

Posted by Portcullis Advisories on Oct 28

Vulnerability title: Tuleap <= 7.2 External XML Entity Injection in Enalean Tuleap
CVE: CVE-2014-7177
Vendor: Enalean
Product: Tuleap
Affected version: 7.2 and earlier
Fixed version: 7.4.99.5
Reported by: Jerzy Kramarz

Details:

A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user.
Successful attack could allow an authenticated attacker to access local system files. The following…

Full Disclosure

CVE-2014-7176 – Authenticated Blind SQL Injection in Enalean Tuleap

Leave a comment

Posted by Portcullis Advisories on Oct 28

Vulnerability title: Tuleap <= 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap
CVE: CVE-2014-7176
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz

Details:

SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could
allow an authenticated attacker to access information such as usernames and password hashes…

Full Disclosure

CVE-2014-4974 – Kernel Memory Leak in ESET Multiple Windows Products

Leave a comment

Posted by Portcullis Advisories on Oct 28

Vulnerability title: Kernel Memory Leak in ESET Multiple Windows Products
CVE: CVE-2014-4974
Vendor: ESET
Product: Multiple Windows Products
Affected version: 5.0 – 7.0
Fixed version: Build 1212
Reported by: Kyriakos Economou

Details:

The latest, and earlier versions, of ESET Smart Security and ESET Endpoint Security products for Windows XP OS allow
any local user to leak privileged information from kernel memory by exploiting a vulnerability…

Full Disclosure

Google Youtube – Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)

Leave a comment

Posted by Vulnerability Lab on Oct 27

Document Title:
===============
Google Youtube – Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1352

Google Security ID: [9-5942000004564]

View: https://www.youtube.com/watch?v=656LM9zGLxc

Article:
http://vulnerability-db.com/magazine/articles/2014/10/25/google-youtube-persistent-cross-site-vulnerability-demonstration-video

Full Disclosure

Folder Plus v2.5.1 iOS – Persistent Item Vulnerability

Leave a comment

Posted by Vulnerability Lab on Oct 27

Document Title:
===============
Folder Plus v2.5.1 iOS – Persistent Item Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1348

Release Date:
=============
2014-10-24

Vulnerability Laboratory ID (VL-ID):
====================================
1348

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…

Full Disclosure

Apple iOS v8.0.2 – Silent Contact Denial of Service Vulnerability

Leave a comment

Posted by Vulnerability Lab on Oct 27

Document Title:
===============
Apple iOS v8.0.2 – Silent Contact Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1324

Video: http://www.vulnerability-lab.com/get_content.php?id=1333

Article:
http://vulnerability-db.com/magazine/articles/2014/10/22/apple-ios-v802-silent-contact-0day-vulnerability-denial-service

Release Date:
=============
2014-10-23

Vulnerability…

Full Disclosure

WebDisk+ v2.1 iOS – Code Execution Vulnerability

Leave a comment

Posted by Vulnerability Lab on Oct 27

Document Title:
===============
WebDisk+ v2.1 iOS – Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1349

Release Date:
=============
2014-10-23

Vulnerability Laboratory ID (VL-ID):
====================================
1349

Common Vulnerability Scoring System:
====================================
9.1

Product & Service Introduction:
===============================…

Full Disclosure

iFileExplorer v6.51 iOS – File Include Web Vulnerability

Leave a comment

Posted by Vulnerability Lab on Oct 27

Document Title:
===============
iFileExplorer v6.51 iOS – File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1345

Release Date:
=============
2014-10-22

Vulnerability Laboratory ID (VL-ID):
====================================
1345

Common Vulnerability Scoring System:
====================================
5.4

Product & Service Introduction:…

Full Disclosure

vulnerabilities in libbfd (CVE-2014-beats-me)

Leave a comment

Posted by Michal Zalewski on Oct 26

Yo,

Many shell users, and certainly a lot of the people working in
computer forensics or other fields of information security, have a
habit of running /usr/bin/strings on binary files originating from the
Internet. Their understanding is that the tool simply scans the file
for runs of printable characters and dumps them to stdout – something
that is very unlikely to put you at any risk.

It is much less known that the Linux version of strings is…