Full Disclosure
Posted by Berend-Jan Wever on Nov 04
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the third
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161104001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on http://twitter.com/berendjanwever for daily browser bugs.
MSIE 9 MSHTML…
Posted by KoreLogic Disclosures on Nov 04
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution
Title: Sophos Web Appliance Remote Code Execution
Advisory ID: KL-001-2016-009
Publication Date: 2016.11.03
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-009.txt
1. Vulnerability Details
Affected Vendor: Sophos
Affected Product: Web Apppliance
Affected Version: v4.2.1.3
Platform: Embedded Linux
CWE Classification: CWE-78:…
Posted by KoreLogic Disclosures on Nov 04
KL-001-2016-008 : Sophos Web Appliance Privilege Escalation
Title: Sophos Web Appliance Privilege Escalation
Advisory ID: KL-001-2016-008
Publication Date: 2016.11.03
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-008.txt
1. Vulnerability Details
Affected Vendor: Sophos
Affected Product: Web Apppliance
Affected Version: v4.2.1.3
Platform: Embedded Linux
CWE Classification: CWE-522:…
Posted by redrain root on Nov 04
I can’t find any bugtracker in lynx ,so i will disclose by this mail and
sent to the author dickey () invisible-island net.
redrain (rootredrain () gmail com)
Date:2016-11-03
Version: 2.8.8pre.4、2.8.9dev.8 and earlier
Platform: Linux and Windows
Vendor: http://lynx.browser.org/
Vendor Notified: 2016-11-03
VULNERABILITY
————————-
Lynx doesn’t parse the authority component of the URL correctly when the
host
name part…
Posted by Leo Famulari on Nov 04
FYI, as far as I can tell, this bug is present in 2.8.9dev.9 as well.
Posted by Thomas Dickey on Nov 04
thanks (I’ll put together a fix)
Posted by Berend-Jan Wever on Nov 04
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the third
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161103001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on http://twitter.com/berendjanwever for daily browser bugs.
MSIE 10 MSHTML…
Posted by aj on Nov 02
Hey folks,
Spark (sparkjava.com) is a mildly hyped Java micro web framework that
also provides functionality to serve static files. Unfortunately,
there’s no protection against directory traversal attacks and I haven’t
been able to contact anyone related to the project (after trying 4
people over 2 weeks). As this bug is not that awesome, and fairly
trivial to find, please help yourself to some semi-shitty 0-day.
If configured, Spark…
Posted by Obfuscator on Nov 02
Disclose 10 * cve in Exponent CMS
[CVE-2016-7780]
fix: https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31
[CVE-2016-7781]
fix: In the line 169 of framework/modules/blog/controllers/blogController.php , $this->params[‘author’] has been
escaped.
https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db
[CVE-2016-7782]
fix:…
Posted by Berend-Jan Wever on Nov 02
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the second
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161102001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on http://twitter.com/berendjanwever for daily browser bugs.
MSIE 11 MSHTML…