Full Disclosure
Posted by Rio Sherri on Sep 29
# Title : KeepNote 0.7.8 Remote Command Execution
# Date : 29/09/2016
# Author : R-73eN
# Twitter : https://twitter.com/r_73en
# Tested on : KeepNote 0.7.8 (Kali Linux , and Windows 7)
# Software : http://keepnote.org/index.shtml#download
# Vendor : ~
#
# DESCRIPTION:
#
# When the KeepNote imports a backup which is actuallt a tar.gz file
doesn’t checks for ” ../ ” characters
# which makes it possible to do a path traversal and…
Posted by Larry W. Cashdollar on Sep 28
Title: Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-16
Download Site: http://huge-it.com/joomla-catalog/
Vendor: huge-it.com
Vendor Notified: 2016-09-17
Vendor Contact: info () huge-it com
Description:
Huge-IT Product Catalog is made for demonstration, sale, advertisements for your products. Imagine a stand with a
variety of catalogs with a specific product category. To…
Posted by Larry W. Cashdollar on Sep 28
Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-15
Download Site: http://huge-it.com/joomla-video-gallery/
Vendor: www.huge-it.com, fixed v1.1.0
Vendor Notified: 2016-09-17
Vendor Contact: info () huge-it com
Description: A video slideshow gallery.
Vulnerability:
The following code does not prevent an unauthenticated user from injecting SQL into functions located…
Posted by Matteo Beccati on Sep 28
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2016-002
========================================================================
http://www.revive-adserver.com/security/revive-sa-2016-002
========================================================================
CVE-IDs: TBA
Date: 2016-09-28
Risk Level: Medium…
Posted by Rio Sherri on Sep 28
# Title : Symantec Messaging Gateway <= 10.6.1 Directory Traversal
# Date : 28/09/2016
# Author : R-73eN
# Tested on : Symantec Messaging Gateway 10.6.1 (Latest)
# Software :
https://www.symantec.com/products/threat-protection/messaging-gateway
# Vendor : Symantec
# CVE : CVE-2016-5312
# DESCRIPTION:
# A charting component in the Symantec Messaging Gateway control center
does not properly sanitize user input submitted for charting requests.
#…
Posted by Pierre Kim on Sep 28
## Advisory Information
Title: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor,
backdoor accounts, weak WPS, RCE …)
Advisory URL: https://pierrekim.github.io/advisories/2016-dlink-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Date published: 2016-09-28
Vendors contacted: Dlink
Release mode: Released
CVE: no current CVE
DWF: no current DWF
## Product Description…
Posted by Vulnerability Lab on Sep 28
Award 2016 “Glas of Reason” (Glas der Vernunft) for Edward Snowden
(10.000€) @snowden
–
Security Press Articles
http://www.mirror.co.uk/news/world-news/german-city-gives-nsa-whistleblower-8913033
http://www.bild.de/wa/ll/bild-de/unangemeldet-42925516.bild.html
http://www.stern.de/panorama/kasseler-buergerpreis-geht-an-edward-snowden-7073662.html
http://www.zdnet.de/88272377/glas-der-vernunft-kasseler-buerger-ehren-edward-snowden/…
Posted by Simon Rawet on Sep 27
Hi Fernando,
Do you have a timeline for this issue?
Additionally do you have any contact details for the w3tc team you could
share? All my attempts to contact them have fallen short.
Posted by Ricardo Iramar dos Santos on Sep 27
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I’ve contacted Microsoft and they say this is not a security issue so
I’m sharing it.
files as supposed to be.
In order to prove I’ve created a malicious html file with the content below.
<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if (“withCredentials” in xhr) {…
Posted by Mark Koek on Sep 27
Thanks for your explanation. It is a very good discovery to be sure.
Yet I still think that a ‘remote root’ is something different – Google
gives me this for example:
https://tools.cisco.com/security/center/viewAlert.x?alertId=4061 which
is a way to directly become root from the internet through a vulnerable
piece of server software listening on a socket. Connect, exploit, root.
In your case, another hurdle has to be cleared first…