Full Disclosure
Posted by Agazzini Maurizio on Nov 25
Security Advisory @ Mediaservice.net Srl
(#05, 23/11/2016) Data Security Division
Title: Red Hat JBoss EAP deserialization of untrusted data
Application: JBoss EAP 5.2.X and prior versions
Description: The application server deserializes untrusted data via
the JMX Invoker Servlet. This can lead to a DoS via
resource exhaustion and potentially remote code…
Posted by Francisco Amato on Nov 25
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to…
Posted by Dawid Golunski on Nov 25
Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition
CVE-2016-7098
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Severity: Medium
GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode,
is affected by a Race Condition vulnerability that might allow remote attackers
to bypass intended wget access list restrictions specified with -A parameter.
This might allow attackers to place…
Posted by Curesec Research Team (CRT) on Nov 25
Content Table
1. Introduction
2. The Firmware
3. The Android Application
4. The Problems
5. Conclusion
6. Appendix
6.1. Excursion Dalvik
6.2 Control script
1. Introduction
The HS-110 is a Smart Plug meaning it is capable of being controlled with
commands via a network. TP-Link released a mobile application called “Kasa for
Mobile” for Android and iOS devices to control the Smart Plug. The
possibilities range from simple tasks like…
Posted by Berend-Jan Wever on Nov 25
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
eighteenth entry in that series. Unfortunately I won’t be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161124001.html. There you…
Posted by Berend-Jan Wever on Nov 25
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
nineteenth entry in that series. Unfortunately I won’t be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161125001.html. There you…
Posted by Summer of Pwnage on Nov 23
————————————————————————
Stored Cross-Site Scripting in Gallery – Image Gallery WordPress Plugin
————————————————————————
Sipke Mellema, July 2016
————————————————————————
Abstract
————————————————————————
A persistent Cross-Site Scripting vulnerability was…
Posted by CORE Advisories Team on Nov 22
1. Advisory Information
Title: TP-LINK TDDP Multiple Vulnerabilities
Advisory ID: CORE-2016-0007
Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities
Date published: 2016-11-21
Date of last update: 2016-11-18
Vendors contacted: TP-Link
Release mode: User release
2. Vulnerability Information
Class: Missing Authentication for Critical Function [CWE-306], Buffer Copy without Checking Size of Input…
Posted by ERPScan inc on Nov 22
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bug: XXE
Sent: 09.03.2016
Reported: 10.03.2016
Vendor response: 10.03.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2296909
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-034] SAP NetWeaver AS JAVA – XXE vulnerability in
BC-BMT-BPM-DSK component
Advisory…
Posted by Magnus Stubman on Nov 22
CVE-2016-7434 ntpd remote pre-auth Denial of Service
+———————————————————————————————-+
Affected: ntp-4.2.7p22, up to but not including ntp-4.2.8p9,
and ntp-4.3.0 up to, but not including ntp-4.3.94
Credit: Magnus Klaaborg Stubman (@magnusstubman)
Bug report: http://bugs.ntp.org/show_bug.cgi?id=3082
The vulnerability allow unauthenticated users to crash ntpd with
a single…