Full Disclosure
Posted by Berend-Jan Wever on Dec 16
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 33rd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161215001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind of…
Posted by Dawid Golunski on Dec 15
Vulnerability:
Nagios Core < 4.2.4 Root Privilege Escalation
CVE-2016-9566
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Severity: High
Nagios Core daemon in versions below 4.2.4 was found to perform unsafe
operations when handling the log file. This could be exploited by
malicious local attackers to escalate their privileges from ‘nagios’
system user,
or from a user belonging to ‘nagios’…
Posted by Dawid Golunski on Dec 15
Vulnerability:
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution
CVE-2016-9565
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Severity: High
Nagios Core comes with a PHP/CGI front-end which allows to view status
of the monitored hosts.
This front-end contained a Command Injection vulnerability in a RSS feed reader
class that loads (via insecure clear-text HTTP or HTTPS accepting…
Posted by Vishal Mishra on Dec 15
XenForo 1.5.x Remote Code Execution Vulnerability
1. ADVISORY INFORMATION
=======================
Product: XenForo
Vendor URL: xenforo.com
Type: Code Injection [CWE-94]
Date found: 2016-12-09
Date published: 2016-12-15
CVSSv3 Score: 9.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C)
CVE: –
2. CREDITS
==========
This vulnerability was discovered and researched by indepent security
expert…
Posted by Berend-Jan Wever on Dec 15
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 32nd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161214001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind of…
Posted by dxw Security on Dec 14
Details
================
Software: MailChimp for WordPress
Version: 3.1.5,4.0.10
Homepage: http://wordpress.org/plugins/mailchimp-for-wp/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-mailchimp-for-wordpress-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
Reflected XSS in MailChimp for WordPress could…
Posted by Apple Product Security on Dec 14
APPLE-SA-2016-12-13-8 Transporter 1.9.2
Transporter 1.9.2 is now available and addresses the following:
iTMSTransporter
Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit),
Windows 7 and later (32 bit), and Red Hat Enterprise Linux (64 bit)
Impact: Parsing maliciously crafted EPUB may lead to disclosure of
user information
Description: An information disclosure issue existed in the parsing
of EPUB. This issue was addressed…
Posted by Apple Product Security on Dec 14
APPLE-SA-2016-12-13-7 Additional information for
APPLE-SA-2016-12-12-2 watchOS 3.1.1
watchOS 3.1.1 addresses the following:
Accounts
Available for: All Apple Watch models
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Audio
Available for: All Apple Watch models
Impact: Processing a…
Posted by Apple Product Security on Dec 14
APPLE-SA-2016-12-13-6 Additional information for
APPLE-SA-2016-12-12-3 tvOS 10.1
tvOS 10.1 addresses the following:
Audio
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab)…
Posted by Apple Product Security on Dec 14
APPLE-SA-2016-12-13-5 Additional information for
APPLE-SA-2016-12-12-1 iOS 10.2
iOS 10.2 addresses the following:
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634:…