Full Disclosure
Posted by Programa STIC on Jul 25
Fundación Dr. Manuel Sadosky – Programa STIC Advisory
www.fundacionsadosky.org.ar
Heap memory corruption in ASN.1 parsing code generated by Objective
Systems Inc. ASN1C compiler for C/C++
1. *Advisory Information*
Title: Heap memory corruption in ASN.1 parsing code generated by
Objective Systems Inc. ASN1C compiler for C/C++
Advisory ID: STIC-2016-0603
Advisory URL:…
Posted by James McLean on Jul 25
Bellini/Supercook Wi-Fi Yumi SC200 – Multiple vulnerabilities
Reported By:
==================================
James McLean –
Primary: james dot mclean at gmail dot com
Secondary: labs at juicedigital dot net
Device Overview:
==================================
“The Bellini.SUPERCOOK Kitchen Master is much more than a multifunctional
kitchen machine. It has 13 functions so not only saves a huge amount of
time, it also incorporates the…
Posted by Larry W. Cashdollar on Jul 25
Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Fixed: v1.1.7
Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva
Date: 2016-07-14
Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
Vendor: huge-it.com
Vendor Notified: 2016-07-15, fixed 2016-07-23
Vendor Contact: info () huge-it com
Description: The plugin allows you to add multiple images to the gallery, create…
Posted by Nightwatch Cybersecurity on Jul 25
[Original here:
https://wwws.nightwatchcybersecurity.com/2016/07/21/advisory-amazons-silk-browser-on-the-kindle-didnt-use-ssl-for-google-search/]
Overview
Amazon supplies the Silk Browser for their line of Kindle tablets. The
browser includes a selection of three search engines, of which Google
was setup without SSL. Furthermore, the browser prevented automatic
redirection to the SSL version of Google’s main site when visiting it
directly….
Posted by Hans Jerry Illikainen on Jul 25
PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in
its `bzread()’ function:
php-7.0.8/ext/bz2/bz2.c
,—-
| 364 static PHP_FUNCTION(bzread)
| 365 {
| …
| 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data));
| 383 ZSTR_VAL(data)[ZSTR_LEN(data)] = ”;
| 384
| 385 RETURN_NEW_STR(data);
| 386 }
`—-
php-7.0.8/ext/bz2/bz2.c
,—-
| 210 php_stream_ops php_stream_bz2io_ops…
Posted by Elar Lang on Jul 25
Title: Reflected XSS in LinkedIn
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: Reflected XSS
Vendor: LinkedIn (https://www.linkedin.com/)
# Background
LinkedIn had reflected XSS vulnerability. It was at the end of 2013. I
made fulldisclosure now (middle of 2016) to point out and bring
attention to one frequent finding in pen-test cases: Request URI from
a client (browser) is expected to be always in correct URL encoding on…
Posted by Gergely Eberhardt on Jul 25
Cisco EPC3925 UPC modem/router default passphrase vulnerabilities
—————————————————————–
Platforms / Firmware confirmed affected:
– Cisco EPC3925, ESIP-12-v302r125573-131230c_upc
Vulnerabilities
—————
Default SSID and passphrase can be calculated
The default SSID and passphrase are derived from the MAC address and the
DOCSIS serial number. Since the MAC address of the device is broadcasted…
Posted by Gergely Eberhardt on Jul 25
Compal CH7465LG-LC modem/router multiple vulnerabilities
——————————————————–
The following vulnerabilities are the result of a quick check (~3 hours)
of the Mercury modem. We performed a systematic and deeper evaluation of
this device also, which result will be described in a separate report
[2] and advisory.
Platforms / Firmware confirmed affected:
– Compal CH7465LG-LC, CH7465LG-NCIP-4.50.18.13-NOSH…
Posted by Gergely Eberhardt on Jul 25
Hitron CGNV4 modem/router multiple vulnerabilities
————————————————–
Platforms / Firmware confirmed affected:
– Hitron CGNV4, 4.3.9.9-SIP-UPC
– Product page: http://www.hitrontech.com/en/cable_detail.php?id=62
Vulnerabilities
—————
Insecure session management
The web interface uses insecure cookies, which can be brute-forced
easily (e.g cookie: userid=0). If admin login is successful, the IP
address of…
Posted by Gergely Eberhardt on Jul 25
Technicolor TC7200 modem/router multiple vulnerabilities
——————————————————–
Platforms / Firmware confirmed affected:
– Technicolor TC7200, STD6.02.11
– Product page:
http://www.technicolor.com/en/solutions-services/connected-home/broadband-devices/cable-modems-gateways/tc7200-tc7300
Vulnerabilities
—————
Insecure session management
The web interface does not use cookies at all and does not check…