Posted by Berend-Jan Wever on Nov 02

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the second
entry in that series.

The below information is also available on my blog at
http://blog.skylined.nl/20161102001.html. There you can find a repro
that triggered this issue in addition to the information below.

Follow me on http://twitter.com/berendjanwever for daily browser bugs.

MSIE 11 MSHTML…

Posted by Berend-Jan Wever on Nov 01

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the first
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161101001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on twitter.com/berendjanwever for daily browser bugs.

MSIE 9 MSHTML CAttrArray…

Posted by Peter Lapp on Nov 01

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: PHP Object Injection
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-8580
Vulnerable Versions: <=5.3.1
Fixed Version: 5.3.2

Vulnerability Details
=====================

A PHP object injection vulnerability exists in multiple widget files
due to the unsafe use of the unserialize() function. The affected
files include flow_chart.php, gauge.php, honeypot.php,…

Posted by Peter Lapp on Nov 01

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: Stored XSS
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-8581
CVSS: 3.5
Vulnerable Versions: <=5.3.1
Fixed Version: 5.3.2

Vulnerability Details
=====================

A stored XSS vulnerability exists in the User-Agent header of the
login process. It’s possible to inject a script into that header that
then gets executed when mousing over the User-Agent field in…

Posted by Peter Lapp on Nov 01

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: SQL Injection
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-8582
Vulnerable Versions: <=5.3.1
Fixed Version: 5.3.2

Vulnerability Details
=====================

A SQL injection vulnerability exists in the value parameter of
/ossim/dashboard/sections/widgets/data/gauge.php on line 231. By
sending a serialized array with a SQL query in the type field, it’s
possible to…

Posted by Peter Lapp on Nov 01

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: Reflected XSS
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-8583
Vulnerable Versions: <=5.3.1
Fixed Version: 5.3.2

Vulnerability Details
=====================

Multiple GET parameters in the vulnerability scan scheduler of
OSSIM/USM before 5.3.2 are vulnerable to reflected XSS. The parameters
include jobname, timeout, sched_id, and targets[] in
/ossim/vulnmeter/sched.php….

Posted by Dawid Golunski on Nov 01

CVE-2016-6663 / OCVE-2016-5616
Vulnerability: MySQL / MariaDB / PerconaDB – Privilege Escalation /
Race Condition

Discovered by:
Dawid Golunski
@dawid_golunski

http://legalhackers.com

Affected versions:

MariaDB
< 5.5.52
< 10.1.18
< 10.0.28

MySQL
<= 5.5.51
<= 5.6.32
<= 5.7.14

Percona Server
< 5.5.51-38.2
< 5.6.32-78-1
< 5.7.14-8

Percona XtraDB Cluster
< 5.6.32-25.17
< 5.7.14-26.17
< 5.5.41-37.0

An…

Posted by Brandon Perry on Nov 01

I am having trouble reproducing this one on 3.3 and 3.2.4. As an unauthenticated user on a clean install of dotCMS, I
perform this request.

GET /categoriesServlet?start=0&count=10&sort=asc HTTP/1.1
Host: 10.211.55.37:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cookie:…

Posted by Vulnerability Lab on Nov 01

Topic: Researchers Claim Wickr Patched Flaws but Didn’t Pay Rewards

Source:
http://www.securityweek.com/researchers-claim-wickr-patched-flaws-didnt-pay-rewards

Wickr Inc Secret Messenger – Bug Bounty Program Vulnerabilities by
Design – Wickr Inc – When honesty disappears behind the VCP Mountain –
References:
https://www.vulnerability-db.com/?q=articles/2016/10/27/wickr-inc-when-honesty-disappears-behind-vcp-mountain

Connected Articles:…

Posted by MustLive on Nov 01

Hello list!

There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery
vulnerabilities in D-Link DIR-300.

————————-
Affected products:
————————-

Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All
previous versions also must be vulnerable.

———-
Details:
———-

Abuse of Functionality (WASC-42):

Admin’s login is persistent: admin. Which simplify BF and CSRF…