Full Disclosure
Posted by Summer of Pwnage on Nov 10
————————————————————————
Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF
————————————————————————
Sipke Mellema, July 2016
————————————————————————
Abstract
————————————————————————
A persistent Cross-Site Scripting vulnerability was found…
Posted by Ronald Volgers on Nov 10
############# Computest security advisory CT-2016-1110 ###############
Summary: Unauthenticated remote command execution as root
Affected software: Observium
Reference URL: https://computest.nl/advisories/
CT-2016-1110_Observium.txt
Affected versions: Versions downloaded before 26-10-2016.
(First affected version is not known)
Credit: Ronald Volgers (rvolgers ()…
Posted by Kacper Szurek on Nov 10
# Exploit Title: e107 CMS 2.1.2 Privilege Escalation
# Date: 09-11-2016
# Software Link: http://e107.org/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# Category: webapps
1. Description
Datas from `$_POST[‘updated_data’]` inside `usersettings.php` are not
properly validated so we can set `user_admin`.
http://security.szurek.pl/e107-cms-211-privilege-escalation.html…
Posted by Curesec Research Team (CRT) on Nov 10
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: MyBB 1.8.6
Fixed in: 1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a
Credits Tim Coen of…
Posted by Ionut Popescu on Nov 10
Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free
shellcode for Windows. It is possible to call any Windows API function in a user-friendly way.
Shellcode Compiler takes as input a source file and it uses it’s own compiler to interpret the code and generate an
assembly file which is assembled with NASM (http://www.nasm.us/).
Shellcode compiler was released at DefCamp security…
Posted by Williams, Ken on Nov 10
CA20161109-01: Security Notice for CA Unified Infrastructure Management
Issued: November 09, 2016
CA Technologies Support is alerting customers to three vulnerabilities in
CA Unified Infrastructure Management (formerly CA Nimsoft). The first
vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs.
A remote attacker can potentially acquire a session ID and bypass
authentication or elevate privileges. The second…
Posted by Williams, Ken on Nov 10
CA20161109-02: Security Notice for CA Service Desk Manager
Issued: November 09, 2016
CA Technologies Support is alerting customers to a vulnerability in CA
Service Desk Manager (formerly CA Service Desk). A reflected cross site
scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM
parameter of the SDM web interface. A remote attacker, who can trick a
user into clicking on or visiting a specially crafted link, could…
Posted by eov eov on Nov 10
Features:
Process hiding
User hiding
Network hiding
LXC container
Anti-Debug
Anti-Forensics
Persistent (re)installation & Anti-Detection
Dynamic linker modifications
Backdoors
accept() backdoor (derived from Jynx2)
PAM backdoor
PAM auth logger
vlany-exclusive commands
Download: https://github.com/mempodippy/vlany
Posted by Berend-Jan Wever on Nov 10
Some additional information:
It was pointed out to me that I did not adequately explain that WININET
is widely used by Microsoft applications to handle HTTP requests,
*AND* probably be all third-party applications that use Windows APIs to
make HTTP requests. All these applications may be vulnerable to the
issue, though it may be hard to exploit in most (if not all).
According to Microsoft this issue affected MSIE and Edge and was fixed
through…
Posted by Berend-Jan Wever on Nov 10
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
eight entry in that series, although this particular vulnerability does
not just affect web-browsers, but all applications that use WININET to
make HTTP requests.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161110001.html. There you can find a repro
that triggered…