Full Disclosure
Posted by hyp3rlinx on Dec 06
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-POWERSHELL-XML-EXTERNAL-ENTITY.txt
[+] ISR: ApparitionSec
Vendor:
=================
www.microsoft.com
Product:
===========
PowerShell
PowerShell (including Windows PowerShell and PowerShell Core) is a task
automation and configuration management framework
from Microsoft, consisting of a command-line…
Posted by Nightwatch Cybersecurity Research on Dec 05
[Also posted online:
https://wwws.nightwatchcybersecurity.com/2016/12/05/cve-2016-5341/]
Summary
Assisted GPS/GNSS data provided by Qualcomm for compatible receivers
is often being served over HTTP without SSL. Additionally many of
these files do not provide a digital signature to ensure that data was
not tampered in transit. This can allow a network-level attacker to
mount a MITM attack and modify the data while in transit. While HTTPS
and…
Posted by 31c0n on Dec 05
==CALL FOR PRESENTATIONS ARE NOW OPEN===
Be one of the very first presenters in the 31c0n series. The
inaugural event will be held from 23-24 Feb 2017 in Auckland, New Zealand.
If you think you have something to add to our speaker line up, let us know.
We’re all about giving attendees an experience like no other so will only
accept talks of the highest calibre – if you think you fit the bill, put
your best submission forward ASAP.
We accept…
Posted by hyp3rlinx on Dec 05
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-AZMAN-XXE-FILE-EXFILTRATION.txt
[+] ISR: ApparitionSec
Vendor:
==================
www.microsoft.com
Product:
==============================
Microsoft Authorization Manager
v6.1.7601
The Authorization Manager allows you to set role-based permissions for
Authorization Manager-enabled applications.
You…
Posted by hyp3rlinx on Dec 05
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EXCEL-STARTER-XXE-REMOTE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec
Vendor:
=================
www.microsoft.com
Product:
============================
Microsoft Excel Starter 2010
EXCELC.EXE / “OFFICEVIRT.EXE”
This is a bundled Excel “starter” version that comes…
Posted by hyp3rlinx on Dec 05
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTER-XXE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec
Vendor:
==================
www.microsoft.com
Product:
==================================
Windows Media Center “ehshell.exe”
version 6.1.7600
Vulnerability Type:
====================
XML External Entity
CVE Reference:…
Posted by Eissing Stefan on Dec 05
Security Advisory – Apache Software Foundation
Apache HTTPD WebServer / httpd.apache.org
Server memory can be exhausted and service denied when HTTP/2 is used
CVE-2016-8740
The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply limitations
on request headers correctly when experimental module for the HTTP/2
protocol is used to access a resource.
The net result is that a the server…
Posted by Berend-Jan Wever on Dec 05
Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful, you can help me make some time available by donating
bitcoin to 183yyxa9s1s1f7JBpPHPmzQ346y91Rx5DX.
This is the twenty-fifth entry in the…
Posted by hyp3rlinx on Dec 05
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EVENT-VIEWER-XXE-FILE-EXFILTRATION.txt
[+] ISR: ApparitionSec
Vendor:
=================
www.microsoft.com
Product:
========================
Microsoft Event Viewer
Version: 1.0
The Windows Event Viewer shows a log of application and system messages –
errors, information messages, and warnings….
Posted by hyp3rlinx on Dec 05
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt
[+] ISR: ApparitionSec
Vendor:
=================
www.microsoft.com
Product:
==========================
Windows System Information
MSINFO32.exe v6.1.7601
Windows MSINFO32.EXE Displays a comprehensive view of your hardware, system
components, and software environment….