Full Disclosure
Posted by Brandon Perry on Sep 19
This is a segfault in the Oracle Outside In File ID library version 8.5.3.
http://www.oracle.com/technetwork/middleware/content-management/downloads/oit-dl-otn-097435.html
==22240== Memcheck, a memory error detector
==22240== Copyright (C) 2002-2015, and GNU GPL’d, by Julian Seward et al.
==22240== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22240== Command: ./fisimple…
Posted by Karn Ganeshen on Sep 15
*Universal multifunctional Electric Power Quality Meter BINOM3 – Multiple
Vulnerabilities*
*About*
The meters are designed for autonomous operation in automated systems:
• SCADA systems
• Data aquisition and transmission systems
• Automated data and measurement systems for revenue and technical power
metering
• Power quality monitoring and control systems
• Automated process control systems, Management information system
+++++…
Posted by Curesec Research Team (CRT) on Sep 15
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Oxwall 1.8.0 (build 9900)
Fixed in: 1.8.2
Fixed Version Link: https://developers.oxwall.com/download
Vendor Website: http://www.oxwall.org/
Vulnerability Type: XSS & Open Redirect
Remote Exploitable: Yes
Reported to vendor: 11/21/2015
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a
Credits…
Posted by Curesec Research Team (CRT) on Sep 15
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Peel Shopping 8.0.2
Fixed in: 8.0.3
Fixed Version Link: www.peel-shopping.com
Vendor Website: www.peel-shopping.com
Vulnerability Type: Object Injection
Remote Exploitable: Yes
Reported to vendor: 04/11/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a
Credits Tim Coen of Curesec…
Posted by Nightwatch Cybersecurity on Sep 15
Summary
Android applications developed with Adobe AIR send data back to Adobe
servers without HTTPS while running. This can allow an attacker to
compromise the privacy of the applications’ users. This has been fixed
in Adobe AIR SDK release v23.0.0.257.
Details
Adobe AIR is a…
Posted by MustLive on Sep 15
Hello list!
There are multiple vulnerabilities in ASUS Wireless Router RT-N10. There are
Code Execution, Cross-Site Scripting and URL Redirector Abuse
vulnerabilities.
————————-
Affected products:
————————-
Vulnerable are the next models: ASUS RT-N10, RT-N10E, RT-N10LX and RT-N10U
with different versions of firmware. I checked in RT-N10 with firmware
version 1.9.2.7.
Asus ignored vulnerabilities in RT-G32,…
Posted by Nguyen Anh Quynh on Sep 15
Greetings,
(cc: Thanh Nguyen, VNSecurity)
We are excited to release Keypatch 2.0, a better assembler for IDA Pro!
This new version of Keypatch brings some important features, as follows.
– Fix some issues with ARM architecture (including Thumb mode)
– Better support for Python 2.6 & older IDA versions (confirmed to work on
IDA 6.4)
– Save original instructions (before patching) in IDA comments.
– NOP padding also works when new instruction…
Posted by Mark Koek on Sep 15
Well, ‘remote root’… The PoC asks for a working MySQL user name and
password.
And I don’t really get how that account can re-set the logfile location
without SUPER privileges?
Am I wrong in thinking that this is really “just” a MySQL admin -> root
privilege escalation? Don’t get me wrong, still a very nice exploit, but…
Mark
Posted by Justa Person on Sep 15
Either Samsung reads this list or they just have great timing. Just shy of
three weeks later they responded asking for more information. Hope they
close it soon.
Posted by Paul Baade on Sep 15
# Security Advisory — Multiple Vulnerabilities – MuM Map Edit
## Product
Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH
Product: MapEdit
Affected software version: 3.2.6.0
MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and
regional governmental infrastructures to provide geodata to the population. It consists of a
silverlight client and a C#.NET backend. The…