Posted by Hans Jerry Illikainen on Dec 16
Overview
========
Libnsgif[1] is a decoding library for GIF images. It is primarily
developed and used as part of the NetSurf project.
As of version 0.1.2, libnsgif is vulnerable to a stack overflow
(CVE-2015-7505) and an out-of-bounds read (CVE-2015-7506) due to the way
LZW-compressed GIF data is processed.
Details
=======
src/libnsgif.c #80..133:
,—-
| /* Maximum LZW bits available
| */
| #define GIF_MAX_LZW 12
| […]
| static int…
Posted by Hans Jerry Illikainen on Dec 16
Overview
========
Libnsbmp[1] is a decoding library for BMP and ICO files. It is
primarily developed and used as part of the NetSurf project.
As of version 0.1.2, libnsbmp is vulnerable to a heap overflow
(CVE-2015-7508) and an out-of-bounds read (CVE-2015-7507).
CVE-2015-7508
=============
libnsbmp expects that the user-supplied `bmp_bitmap_cb_create’ callback
allocates enough memory to accommodate for `bmp->width * bmp->height *…
Posted by Hector Marco-Gisbert on Dec 16
Hi everyone,
A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98
(December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be
exploited under certain circumstances, allowing local attackers to bypass any
kind of authentication (plain or hashed passwords). And so, the attacker may
take control of the computer.
More details at:
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html…
Posted by Haifei Li on Dec 16
Hi All,
I have released a paper & demo describing a novel/serious attack vector I discovered in Microsoft Outlook.
Paper: https://sites.google.com/site/zerodayresearch/BadWinmail.pdfDemo: https://www.youtube.com/watch?v=ngWVbcLDPm8
Reference:https://technet.microsoft.com/en-us/library/security/ms15-131.aspxhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6172
–ConclusionIn this report, the author disclosed a novel attack vector to…
Posted by ERPScan inc on Dec 16
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: SQL injection
Send: 13.07.2015
Reported: 13.07.2015
Vendor response: 14.07.2015
Date of Public Advisory: 14.12.2015
Reference: SAP Security Note 2193389
Author: Vahagn Vardanyan (ERPScan)
Description…
Posted by ERPScan inc on Dec 16
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Send: 13.07.2015
Reported: 13.07.2015
Vendor response: 14.07.2015
Date of Public Advisory: 14.12.2015
Reference: SAP Security Note 2176785
Author: Roman Bezhan (ERPScan)…
Posted by Alexander Lashkov on Dec 16
Positive Hack Days VI, the international forum on practical information security, opens Call For Papers
(http://www.phdays.com/call_for_papers/). Our international program comittee
(http://www.phdays.com/program/review-board/) consisting of very competent and experienced experts will consider every
application, whether from a novice or a recognized expert in information security, and select the best proposals.
Now, more than ever…
This module enables you to add custom classes to blocks.
The module doesn’t sufficiently scrub class names written by a malicious block class administrator.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Administer block classes”.
Drupal core is not affected. If you do not use the contributed Block Class module, there is nothing you need to do.
Install the latest version:
Also see the Block Class project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.