Full Disclosure
Posted by Brandon Perry on Jul 06
I have gone ahead and just pushed my fuzzing results to Github. These were found with American Fuzzy Lop.
https://github.com/brandonprry/ical-fuzz <https://github.com/brandonprry/ical-fuzz>
While Mozilla lists information leaks as viable for a bug bounty [1], unless it straight up crashes Thunderbird (which
heap over reads may or may not do depending on the surrounding memory), it doesn’t seem they will care much and will
mark your…
Posted by Benjamin Gnahm on Jul 06
Hey guys,
I just want to correct a small mistake I made when publishing the
advisory here. The internal tracking number was wrongly stated as
BFS-SA-2016-003 but it actually is BFS-SA-2016-002. My apologies for any
confusion that I might have created with that typo.
Best regards,
Benjamin
Posted by Dawid Golunski on Jul 06
GNU Wget < 1.18 Arbitrary File Upload
URL: http://legalhackers.com/advisories/Wget-Arbitrary-File-Upload-Vulnerability-Exploit.txt
CVE-2016-4971
GNU Wget before 1.18 when supplied with a malicious URL (to a malicious or
compromised web server) can be tricked into saving an arbitrary remote file
supplied by an attacker, with arbitrary contents and filename under
the current directory and possibly other directories by writing to .wgetrc….
Posted by Karn Ganeshen on Jul 06
*RS232-NET Converter (JTC-200) – Multiple vulnerabilities*
About RS232-NET Converter (model JTC-200)
http://www.jantek.com.tw/en/product/73
*Seen deployed in:*
CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
HiNet (Taiwan & China)
PT Comunicacoes (Portugal)
Sony Network Taiwan Limited (Taiwan)
Vodafone Portugal (Portugal)
*1. Weak Credential Management*
The RS232-NET Converter (model JTC-200) web administration interface uses
non-random default…
Posted by Karn Ganeshen on Jul 06
*CIMA DocuClass Enterprise Content Management – Multiple Vulnerabilities*
DocuClass is a modular and scalable enterprise content management (ECM)
solution that allows organizations to streamline internal operations by
significantly improving the way they manage their information within a
business process.
*Vendor Response*: None
*Vulnerability Findings*
1. *SQL Injection* [Post Auth]
DocuClass web application contains a SQL injection…
Posted by Sysdream Labs on Jul 06
# Several vulnerabilities doscovered in OpenFire version 3.10.2 to 4.0.1
## Product Description
**OpenFire** is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java.
It’s develloped by the **Ignite realtime** community.
The actual version of the product is 4.0.2.
Official web site : http://igniterealtime.org/
Several vulnerabilities have been discovered between 2015, October and 2016,…
Posted by Dirk-Willem van Gulik on Jul 06
Security Advisory – Apache Software Foundation
Apache HTTPD WebServer / httpd.apache.org
X509 Client certificate based authentication can
be bypassed when HTTP/2 is used
CVE-2016-4979 / CVSS 7.5
The Apache HTTPD web server (from 2.4.18-2.4.20) did not validate a X509
client certificate correctly when experimental module for the HTTP/2
protocol is used to access a resource….
Posted by Brandon Perry on Jul 06
While grabbing a copy PrinceXML, I noticed the company also offered some wrapper classes in various languages for using
prince in server applications (web applications).
http://www.princexml.com/download/wrappers/ <http://www.princexml.com/download/wrappers/>
Taking a quick look at the PHP class, there are likely numerous command injection vulnerabilities. I was able to prove
a quick PoC out. Some quick googling yielded more results…
Posted by Sachin Wagh on Jul 06
/*
Exploit Title: Putty DLL Hijacking Exploit ( UxTheme.dll or ntmarta.dll )
Vendor Homepage:https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
Author: Sachin Wagh (@tiger_tigerboy)
Linkedin: https://in.linkedin.com/in/sachin-wagh-95b17555
Affected Version: beta 0.67
Tested on: Windows 7 Ultimate
*/
Proof-Of-Concept :
1. Create malicious dll file and save it as UxTheme.dll or ntmarta.dll in
your “Downloads” directory.
2….
Posted by Stefan Kanthak on Jul 06
Hi @ll,
the executable installer for Microsoft’s Visual Studio 2015
Community Edition, available from <https://www.visualstudio.com/>,
is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1
it loads the following DLLs from its “application directory”
instead of Windows’ “system directory”:
Version.dll, AppHelp.dll, NTMARTA.dll, CryptSP.dll, RPCRTRemote.dll
Additionally it loads…