Full Disclosure
Posted by Elar Lang on Nov 01
Title: Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
Credit: Elar Lang / https://security.elarlang.eu
Vendor/Product: dotCMS (http://dotcms.com/)
Vulnerability: SQL injection
Vulnerable version: before 3.5; 3.3.1 and 3.3.2 (depends on CVE)
CVE: CVE-2016-8902, CVE-2016-8903, CVE-2016-8904, CVE-2016-8905,
CVE-2016-8906, CVE-2016-8907, CVE-2016-8908, CVE-2016-4040
# Multiple SQL injections in dotCMS framework.
## CVE-2016-8902 -…
Posted by Harry Sintonen on Oct 30
Update on the advisory: As pointed out by several people, the ERROR
macro did’t fail the operation in a desired way: Files were still
being created by tar. In order to really stop tar from doing silly
things, FATAL_ERROR macro needs to be used instead.
The patch has now been updated accordingly.
Updated Advisory:
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Updated Patch:…
Posted by FOXMOLE Advisories on Oct 28
=== FOXMOLE – Security Advisory 2016-07-20 ===
Lupusec XT1 Alarm System – Multiple Issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected Versions
=================
Lupusec XT1 fw 1.0.80
Issue Overview
==============
Vulnerability Type: Cross Site Scripting, Cross Site Request Forgery, Unencrypted Connection, Remote Administrative
Access, Denial of Service
Technical Risk: critical
Likelihood of Exploitation: medium
Vendor:…
Posted by Apple Product Security on Oct 28
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows
iTunes 12.5.2 for Windows is now available and addresses the
following:
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An input validation issue was addressed through improved
state management.
CVE-2016-4613: Chris Palmer
WebKit
Available for: Windows 7 and later
Impact: Processing…
Posted by Apple Product Security on Oct 28
APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1
iCloud for Windows v6.0.1 is now available and addresses the
following:
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An input validation issue was addressed through improved
state management.
CVE-2016-4613: Chris Palmer
WebKit
Available for: Windows 7 and later
Impact: Processing…
Posted by Apple Product Security on Oct 28
APPLE-SA-2016-10-27-1 Xcode 8.1
Xcode 8.1 is now available and addresses the following:
IDE Xcode Server
Available for: OS X El Capitan v10.11.5 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple issues existed in Node.js in Xcode Server.
These issues were addressed by updating to Node.js version 4.5.0.
CVE-2016-1669
CVE-2016-0705
CVE-2016-0797…
Posted by Vulnerability Lab on Oct 28
Topic: Wickr Inc – When honesty disappears behind the VCP Mountain
Title: Wickr Inc Secret Messenger – Bug Bounty Program broken by Design
#wickr #security #vulnerability #exploit
Posted by Harry Sintonen on Oct 26
—————- t2’16 special vulnerability release —————–
Vulnerability: POINTYFEATHER aka Tar extract pathname bypass
Credits: Harry Sintonen / FSC1V Cyber Security Services
Date: 2016-10-27
Impact: File overwrite in certain situations
Classifier: Full spectrum cyber
CVSS: 4.3.2
Threat level: Manatee
//NORDIC EYES ONLY//NOFORN//PUBLIC//EXPLOIT GLOBAL//…
Posted by Dawid Golunski on Oct 26
I added a simple PoC video for the CVE-2016-1240 vulnerability.
In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.
The video poc can be found at:
http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html
Posted by VMware Security Response Center on Oct 25
————————————————————————-
VMware Security Advisory
Advisory ID: VMSA-2016-0017
Severity: Moderate
Synopsis: VMware product updates address multiple information
disclosure issues
Issue date: 2016-10-25
Updated on: 2016-10-25 (Initial Advisory)
CVE number: CVE-2016-5328, CVE-2016-5329
1. Summary
VMware product updates address information disclosure issues in…