Defense in depth — the Microsoft way (part 27): the command line you get differs from the command line I use to call you

Posted by Stefan Kanthak on Feb 01

Hi @ll,

on Windows, the command line an application receives can differ
from the command line the calling application supplies to
CreateProcess*().

The documentation of GetCommandLine()
<https://msdn.microsoft.com/en-us/library/ms683156.aspx> tells:

| Note The name of the executable in the command line that
| the operating system provides to a process is not necessarily
| identical to that in the command line that the calling process
|…

SQL injection vulnerabilities in zerocms <= v.1.3.3

Posted by Steffen Rösemann on Feb 01

Advisory: SQL injection vulnerabilities in zerocms <= v.1.3.3
Advisory ID: SROEADV-2015-13
Author: Steffen Rösemann
Affected Software: zerocms <= v.1.3.3 (released 23rd-Jan-2015)
Vendor URL: http://aas9.in/zerocms/
Vendor Status: platform will be moving to Rails4
CVE-ID: –

==========================
Vulnerability Description:
==========================

Content management system Zerocms v. 1.3.3 suffers from SQL injection
vulnerabilities….

iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:Program Files…

Posted by Stefan Kanthak on Feb 01

Hi @ll,

See <http://seclists.org/bugtraq/2014/Oct/164>,
<http://seclists.org/fulldisclosure/2014/Oct/109>,
<http://seclists.org/fulldisclosure/2014/Aug/44>,
<http://seclists.org/fulldisclosure/2014/Aug/33> and
<http://seclists.org/fulldisclosure/2014/Jul/30> for the
prequel.

The just released iTunes 12.1 for Windows comes again with
outdated and VULNERABLE 3rd party libraries.

In AppleMobileDeviceSupport.msi:

*…

CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities

Posted by Jing Wang on Feb 01

CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities

Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS
Product: SnipSnap
Vulnerable Versions: 0.5.2a 1.0b1 1.0b2
Tested Version: 0.5.2a 1.0b1 1.0b2
Advisory Publication: Jan 30, 2015
Latest Update: Jan 30, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9559
Credit: Wang Jing [MAS, Nanyang Technological University (NTU),…

Banner Effect Header Security Advisory – XSS Vulnerability – CVE-2015-1384

Posted by Onur Yilmaz on Feb 01

Information
————
Advisory by Netsparker.
Name: XSS Vulnerability in Banner Effect Header
Affected Software : Banner Effect Header
Affected Versions: 1.2.7 and possibly below
Vendor Homepage : https://wordpress.org/plugins/banner-effect-header/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID: CVE-2015-1384
Netsparker Advisory Reference : NS-15-002

Description
———–
By exploiting a Cross-site scripting…

Major Internet Explorer Vulnerability – NOT Patched

Posted by David Leo on Feb 01

Deusen just published code and description here:
http://www.deusen.co.uk/items/insider3show.3362009741042107/
which demonstrates the serious security issue.

Summary
An Internet Explorer vulnerability is shown here:
Content of dailymail.co.uk can be changed by external domain.

How To Use
1. Close the popup window(“confirm” dialog) after three seconds.
2. Click “Go”.
3. After 7 seconds, “Hacked by Deusen” is actively…

CVE-2014-4632

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 does not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

CVE-2014-7287

The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.

CVE-2014-7288

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.