Full Disclosure
Posted by SEC Consult Vulnerability Lab on Oct 15
SEC Consult Vulnerability Lab Security Advisory < 20141015-0 >
=======================================================================
title: Potential Cross-Site Scripting
product: ADF Faces
vulnerable version: 12.1.2.0
fixed version: versions with CPU Oct-2014 patch applied
impact: low
homepage: http://www.oracle.com/adf
found: 2014-05-01
by: W….
Posted by Vulnerability Lab on Oct 14
Document Title:
===============
Paypal Inc MultiOrderShipping API – Filter Bypass & Persistent XML Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1129
PayPal Security UID: TM13a2uL
Release Date:
=============
2014-10-14
Vulnerability Laboratory ID (VL-ID):
====================================
1129
Common Vulnerability Scoring System:
====================================
4.1…
Posted by Vulnerability Lab on Oct 14
Document Title:
===============
Indeed Job Search 2.5 iOS API – Multiple Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1303
Release Date:
=============
2014-10-13
Vulnerability Laboratory ID (VL-ID):
====================================
1303
Common Vulnerability Scoring System:
====================================
3.6
Product & Service Introduction:…
Posted by Vulnerability Lab on Oct 14
Document Title:
===============
PayPal Inc BB #98 MOS – Persistent Settings Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=983
Release Date:
=============
2014-10-13
Vulnerability Laboratory ID (VL-ID):
====================================
983
Common Vulnerability Scoring System:
====================================
4.1
Product & Service Introduction:…
Posted by Security Explorations on Oct 14
Hello All,
Oracle Oct 2014 CPU addresses 22 security issues affecting Java VM
implementation embedded in Oracle Database software.
We have published details of the fixed issues and a description of
some privilege elevation techniques abusing a complete Java security
sandbox bypass condition for gaining DBA role in an environment of
Oracle Database software.
All relevant materials accompanied with Proof of Concept codes can
be found at our…
Posted by Michal Zalewski on Oct 14
First of all, CVE-2014-1580 (MSFA 2014-78) is a bug that caused
Firefox prior to version 33 (released today) to leak bits of
uninitialized memory when rendering certain types of truncated images
onto <canvas>.
Mozilla’s advisory is here:
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html
Bug is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1063733
PoC is here:
http://lcamtuf.coredump.cx/ffgif2/
Secondly, MSRC case…
Posted by Vitor Ventura on Oct 14
———- Mensagem encaminhada ———-
De: “Vitor Ventura” <ventura.vitor () gmail com>
Data: 14/10/2014 12:32
Assunto: Re: [FD] CSP Bypass on Android prior to 4.4
Para: “E Boogie” <evanjjohns () gmail com>
Cc:
Hello,
My testing was done on BQ aquaris 5 HD with android 4.2.1 using chrome.
It wasn’t vulnerable.
Regards
VV
Em 14/10/2014 00:12, “E Boogie” <evanjjohns () gmail com>…
Posted by oststrom (public) on Oct 14
Hash: SHA1
CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via
xmlrpc API (post-auth)
============================================================================
====================
Overview
——–
date : 10/12/2014
cvss : 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P) base
cwe : 79
vendor : vBulletin Solutions
product : vBulletin 4
versions affected : latest 4.x and 5.x (to date);…
Posted by Florian Weimer on Oct 14
* Dirk-Willem van Gulik:
More precisely, anything based on the historic BIND stub resolver code
(which is a lot) will escape certain characters while converting from
wire format to the textual representation, including “(“, *and* also
has a check (res_hnok) which refuses PTR records which do not follow
the rather strict syntactic requirements for host names.
Lack of quoting in a DNS API at this point means that essentially
arbitrary…
Posted by Dirk-Willem van Gulik on Oct 14
The production versions of NSD accepts this fine ‘as is’ (FreeBSD-9.3); bind requires a bit of careful escaping.
On te wire one then sees the raw ‘binary’ — which can indeed be very raw:
000001d0 XX XX XX XX 31 28 29 20 7b 20 3a 3b 7d 3b 20 65 () { :;}; e|
000001e0 63 68 6f 20 63 76 65 2d 32 30 31 34 2d 36 32 37 |cho cve-2014-627|
000001f0 31 2c 20 63 76 65 2d 32 30 31 34 30 37 31 36 39 |1, cve-201407169|
00000200 2c…