Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Defense in depth — the Microsoft way (part 43): restricting the DLL load order fails

Posted by Stefan Kanthak on Sep 08

Hi @ll,

according to <https://msdn.microsoft.com/en-us/library/ms684179.aspx>
and <https://msdn.microsoft.com/en-us/library/ms682586.aspx>,
LoadLibraryEx with LOAD_WITH_ALTERED_SEARCH_PATH should NOT search
the calling program’s application directory:

| Note that the standard search strategy and the alternate search
| strategy specified by LoadLibraryEx with LOAD_WITH_ALTERED_SEARCH_PATH
| differ in just one way: The standard…

Full Disclosure

Heap 'two-write-where-and-what' format string (FMS) technique

Posted by bashis on Sep 08

/*

Author: bashis <mcw noemail eu>, 2016

Small example code of ‘two-write-where-and-what’ format string (FMS) and description how to possible exploit when
located on heap.
Since the technique is ‘two-write-where-and-what’, it’s possible to jump to lower target address than the FMS has
counted up to.
[You will need to check addresses of free() and target() to see if it’s matching this example; if not, you…

Full Disclosure

ELNet Energy & Electrical Power Meter – Mulitple Vulnerabilities

Posted by Karn Ganeshen on Sep 08

*ELNet **Energy & Electrical Power Meter – Mulitple Vulnerabilities*

http://elnet.feniks-pro.com/Elnet-LT.php

http://www.elnet.cc/product/elnet-lt/

Powermeter with color graphic display for all electrical measurements and
harmonics, with TCP/IP and RS485 communication (ModBus and Bacnet), panel
mounted 96X96 mm.

*Product Description*

General

Simple operated menus.

– Multilingual support.
– Up to One year of energy data logging….

Full Disclosure

Multiple vulnerabilities – Powerlogic/Schneider Electric IONXXXX series Smart Meters

Posted by Karn Ganeshen on Sep 08

*Powerlogic/Schneider Electric IONXXXX series Smart Meters – Multiple
security issues*

*Impacted devices:*

*ION7300 and potentially all IONXXXX models (based off of Powerlogic) *For
example, Power Measurement Ltd. Meter ION 7330V283 ETH ETH7330V274
http://www.schneider-electric.com/download/hk/en/details/2254511-ETH-7330-V274/?reference=ETH7330V274

*About*
Power & Energy Monitoring System
Compact energy and power quality meters for feeders…

Full Disclosure

Unrar 0.0.1 Memory Corruption

Posted by Rio Sherri on Sep 08

# Title : Unrar 0.0.1 Memory Corruption
# Date : 05/09/2016
# Author : R-73eN
# Tested on : Linux VM 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:50
UTC 2011 i686 i686 i386 GNU/Linux
# Software : https://github.com/defiant-labs/unrar-free

root@VM:~/unrar-free/src# unrar –version
unrar 0.0.1
root@VM:~/unrar-free/src# gdb –args ./unrar ~/test.rar
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc….

Full Disclosure

Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names

Posted by Summer of Pwnage on Sep 08

————————————————————————
Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe
processing of file names
————————————————————————
Han Sahin, July 2016

————————————————————————
Abstract
————————————————————————
A persistent Cross-Site…

Full Disclosure

PHPHolidays CMS v3.00.50 – Cross Site Scripting Web Vulnerability

Posted by Vulnerability Lab on Sep 08

Document Title:
===============
PHPHolidays CMS v3.00.50 – Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1948

Release Date:
=============
2016-09-08

Vulnerability Laboratory ID (VL-ID):
====================================
1948

Common Vulnerability Scoring System:
====================================
3.1

Product & Service Introduction:…

Full Disclosure

Picosmos Shows v1.6.0 – Stack Buffer Overflow Vulnerability

Posted by Vulnerability Lab on Sep 08

Document Title:
===============
Picosmos Shows v1.6.0 – Stack Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1936

Release Date:
=============
2016-09-05

Vulnerability Laboratory ID (VL-ID):
====================================
1936

Common Vulnerability Scoring System:
====================================
6.1

Product & Service Introduction:…

Full Disclosure

SEC Consult SA-20160906-0 :: Private key for browser-trusted certificate embedded in multiple Aruba Networks / Alcatel-Lucent products

Posted by SEC Consult Vulnerability Lab on Sep 06

This advisory is accompanied by a blog post regarding a recap on our published
“House of Keys” research study on the re-use of cryptographic secrets from
11/2015.

For further information also see
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html

SEC Consult Vulnerability Lab Security Advisory < 20160906-0 >
=======================================================================
title:…

Full Disclosure

Kaspersky Company Account – FileManager Vulnerability

Posted by Vulnerability Lab on Sep 02

Document Title:
===============
Kaspersky Company Account – FileManager Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1924

Release Date:
=============
2016-08-30

Vulnerability Laboratory ID (VL-ID):
====================================
1924

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…