Posted by Larry W. Cashdollar on Nov 20

Hello All,

These are really great advisories, my only wish is that they were copied to the security lists in their entirety. This
way we aren’t relying on a single point of failure (your website) when looking for the data in the future.

Thanks!
Larry

Posted by Anti Räis on Nov 20

K2 RCE via CSRF or WCI
######################

Information
===========

Name: K2 Joomla! Extension 2.5.0 – 2.7.1
Software: K2
Platform: Joomla 3.6.2
Homepage: https://getk2.org/, http://extensions.joomla.org/extension/k2
Vulnerability: RCE, arbitrary file upload, missing CSRF protection
Prerequisites: victim has to be authenticated user with administrator role
CVE: pending

Credit: Anti Räis
HTML version:…

Posted by Summer of Pwnage on Nov 19

————————————————————————
Stored Cross-Site Scripting in WP Canvas – Shortcodes WordPress Plugin
————————————————————————
Yorick Koster, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in…

Posted by Summer of Pwnage on Nov 19

————————————————————————
Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF
————————————————————————
Sipke Mellema, July 2016

————————————————————————
Abstract
————————————————————————
A persistent Cross-Site Scripting vulnerability was found…

Posted by Summer of Pwnage on Nov 19

————————————————————————
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
————————————————————————
Antonis Manaras, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the…

Posted by Summer of Pwnage on Nov 19

————————————————————————
Cross-Site Scripting in Check Email WordPress Plugin
————————————————————————
Antonis Manaras, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the Check Email…

Posted by Berend-Jan Wever on Nov 18

L.S.

Over the past decade, heap sprays have become almost synonymous with
exploits in web-browsers. After having developed my first practical
implementation of a heap spray about ten years ago, I found that the
amount of memory needed in some cases was too much for a realistic
attack scenario. I needed a new kind of heap spray that did not allocate
as much RAM as traditional heap sprays do. So, I developed a heap spray
that uses significantly…

Posted by Berend-Jan Wever on Nov 18

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
fourteenth entry in that series. Unfortunately I won’t be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161118002.html.

Follow me…

Posted by Vulnerability Lab on Nov 18

Document Title:
===============
Huawei Flybox B660 3G/4G Router – Auth Bypass Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2010

Huawei ID: 558969357627813

Release Date:
=============
2016-11-18

Vulnerability Laboratory ID (VL-ID):
====================================
2010

Common Vulnerability Scoring System:
====================================
7.4

Product & Service…

Posted by Stefan Kanthak on Nov 18

Hi @ll,

in response to <http://seclists.org/fulldisclosure/2016/Jan/24>
EmsiSoft fixed some of the DLL hijacking vulnerabilities in some
of their executable installers and unpackers.

EmsisoftEmergencyKit.exe still has beginner’s errors which allow
escalation of privilege for EVERY local user:

0. while the self-extracting WinRAR archive EmsisoftEmergencyKit.exe
doesn’t load DLLs from its “application directory” any…