Resolved Bugs
1236011 – CVE-2015-5070 CVE-2015-5069 wesnoth: authentication information disclosure [fedora-all]<br
Latest upstream.
http://www.openwall.com/lists/oss-security/2015/06/25/2
http://www.openwall.com/lists/oss-security/2015/06/25/2
Monthly Archives: June 2015
Google Chrome Address Spoofing (Request For Comment)
Posted by David Leo on Jun 30
Impact:
The “click to verify” thing is completely broken…
Anyone can be “BBB Accredited Business” etc.
You can make whitehouse.gov display “We love Islamic State” 🙂
Note:
No user interaction on the fake page.
Code:
***** index.html
<script>
function next()
{
w.location.replace(‘http://www.oracle.com/index.html?’+n);n++;
setTimeout(“next();”,15);…
Re: Google Chrome Address Spoofing (Request For Comment)
Posted by Big Whale on Jun 30
Tested on Google Chrome 43.0.2357.130 (64-bit) (Linux) and it works. I do not think it is some kind of DoS attack, it
is clearly URL spoofing vulnerability. Perhaps, your report does not clarify the vulnerability precisely.
Chrome Rewards – Application Security – Google
| |
| | | | | |
| Chrome Rewards – Application Security – GoogleChrome Reward Program Rules |
| |
| View on www.google.com | Preview by Yahoo |
|…
Broken, Abandoned, and Forgotten Code, Part 9
Posted by Zach C on Jun 30
Part 9 of Broken, Abandoned, and Forgotten Code is up! In this part,
we fill out the ambit firmware header enough to satisfy upnpd’s loose
validation and have it write the image to flash. Additionally, we have
to binary patch upnpd to get it to play nicely in QEMU, since there’s
no physical flash memory in the emulator.
Here’s the link to part 9:
http://shadow-file.blogspot.com/2015/06/abandoned-part-09.html
Here was a mid-term…
CVE-2015-4674 – TimeDoctor autoupdate over plain-HTTP
Posted by Fernando Muñoz on Jun 30
TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions [1]
Vulnerability:
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn’t perform any check with the files. An attacker with
MITM capabilities (i.e., when user connects to a public wifi) could
override the Timedoctor subdomain and then execute custom binaries on
the machine where the…
Siemens, Climatix BACnet/IP communication module, Vulnerabilities
Posted by Fran on Jun 30
I. VULNERABILITIES
————————-
1. Reflected XSS Attack vulnerability in Climatix BACnet/IP communication
module from Siemens
2. Unrestricted upload of files
II. BACKGROUND
————————-
BACnet/IP communication modules help to integrate controller types POL6XX
of the Climatix family into BACnet networks
III. DESCRIPTION
————————-
1. XSS,Has been detected Reflected XSS vulnerability…
ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability
Posted by Blazej Adamczyk on Jun 30
Title: ManageEngine Password Manager Pro SQL 8.1 Injection vulnerability
Author: Blazej Adamczyk (br0x)
Date: 2015-06-30
Download site: https://www.manageengine.com/products/passwordmanagerpro/download.html
Version: 8.1 and below
Vendor: https://www.manageengine.com/products/passwordmanagerpro/
Vendor Notified: 2015-06-30
Vendor Contact: passwordmanagerpro-support () manageengine com
Description:
An authenticated user (even the guest user) is…