Full Disclosure
Posted by Mark Koek on Sep 27
Thanks for your explanation. It is a very good discovery to be sure.
Yet I still think that a ‘remote root’ is something different – Google
gives me this for example:
https://tools.cisco.com/security/center/viewAlert.x?alertId=4061 which
is a way to directly become root from the internet through a vulnerable
piece of server software listening on a socket. Connect, exploit, root.
In your case, another hurdle has to be cleared first…
Posted by Mark Koek on Sep 27
I think the term is ‘remote privilege escalation’ (as opposed to local
privilege escalation). As a headline I’d suggest ‘remote privilege
escalation from any mysql user to root’.
Mark
Posted by Tien Phan on Sep 27
Hi,
There are a dll planting vuln in skype installer. This vuln had been
reported to Microsoft but they decided not fix this.
Here is the vulnerability details:
——
Skype installer in Windows is open to DLL hijacking.
Skype looks for a specific DLL by dynamically going through a set of
predefined directories. One of the directory being scanned is the
installation directory, and this is exactly what is abused in this
vulnerability….
Posted by Fernando A. Lagos Berardi on Sep 27
Hi Simon,
I have found this vulnerability 1 year ago (july 2015). I’ve tried to
contact them many times but no answers.
cheers,
Fernando
2016-09-22 5:28 GMT-03:00 Simon Rawet <sr () outpost24 com>:
Posted by Francisco Amato on Sep 27
After a long sprint we are proud to present Faraday v2.1:
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that…
Posted by Travis Lee on Sep 27
Vulnerability Note VU#667480
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/667480
Overview:
AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly
earlier, reportedly contains multiple vulnerabilities, including
undocumented privileged accounts, authentication bypass, and information
exposure.
Description:
AVer Information EH6108H+ hybrid DVR is an IP security…
Posted by Dawid Golunski on Sep 27
Hi Mark,
Thanks for the feedback.
I’ll answer your questions and throw in a few other comments on here
using the occasion that will
hopefully clarify some of the other misconceptions I’ve seen around or
be otherwise useful to someone.
As for SUPER priv requirement.
The short answer is: yes, you are wrong in thinking that (but good
that you question it at least 🙂
SUPER privilege is not required as mentioned in my advisory in the…
Posted by Daniel Ashton on Sep 27
**********************************
******* 0x7E0 hack4@berlin *******
**********************************
-> Preamble:
Dear audience,
the 3rd row of hack4 the two days security conference in berlin
asks yours kindly to send in papers and workshops for the crowd.
-> Where is the con?
As every year hack4 is in Berlin.
-> When is the con?
29th and 30th of december
-> Who should attend?
As you are reading fd, you.
-> What is…
Posted by cfpbrussels2017 on Sep 27
` . R E C O N * B R U S S E L S .
. . C F P ‘ .
‘ https://recon.cx
. 27 – 29 January 2017 . .
. ‘ Brussels, Belgium .
.
-6)) +
† ….
Posted by Vulnerability Lab on Sep 23
Document Title:
===============
3GP Player 4.7.0 – DLL Hijacking Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1955
Release Date:
=============
2016-09-23
Vulnerability Laboratory ID (VL-ID):
====================================
1955
Common Vulnerability Scoring System:
====================================
5.6
Product & Service Introduction:
===============================…