Posted by Tim Schughart on Oct 19
Hi,
please let us communicate directly and not via Mailinglists, because this results in flooding and is not important to
all other people. If there is an final result, weather the PoC has got an mistake or not, we can publish the result.
If there are other products affected we don’t know – this was not mentioned in the disclosure (The PoC is only for the
OS X Software combined with an AP AC Lite), so we can’t give an statement to other…
Posted by Sebastian Perez on Oct 19
[Product Description]
Plone is a free and open source content management system built on
top of the Zope application server. Plone is positioned as an
“Enterprise CMS” and is most commonly used for intranets and as part
of the web presence of large organizations
[Systems Affected]
Product : Plone
Version : All supported Plone versions (4.3.11 and any earlier 4.x
version, 5.0.6 and any earlier 5.x version). Previous versions…
Posted by redrain root on Oct 19
recently I noticed Tavis Ormandy reporting a vulnerability about Ghostscript
-dSAFER mode could be ignored and lead to code execution, however no one
exploit it in a application. there is a simple discussion and exploit
about it.
Author: redrain, yu.hong () chaitin com
Date: 2016-10-17
Version: Ghostscript version > 1.6
ImageMagick(or other app) all version
Vendor Notified: 2016-10-18
ImageMagick allows to process files with…
Posted by Himanshu Mehta on Oct 19
Aloha,
Summary
Evernote contains a DLL hijacking vulnerability that could allow an
unauthenticated, remote attacker to execute arbitrary code on the targeted
system. The vulnerability exists due to some DLL file is loaded by
‘Evernote_6.1.2.2292.exe’ improperly. And it allows an attacker to load
this DLL file of the attacker’s choosing that could execute arbitrary code
without the user’s knowledge.
Affected Product:
Evernote…
The isolated private namespace created by ierutils has a insecure DACL which allows any appcontainer process to gain elevated permissions on the namespace directory which could lead to elevation of privilege.
The isolated private namespace created by ierutils has an insecure boundary descriptor which allows any non-appcontainer sandbox process (such as chrome) or other users on the same system to gain elevated permissions on the namespace directory which could lead to elevation of privilege.
Posted by Stefan Kanthak on Oct 19
Hi @ll,
since more than a year now, Windows Update fails (not only, but most
notably) on FRESH installations of Windows 7/8/8.1 (especially their
32-bit editions), which then get NO security updates at all [°]!
One of the many possible causes: Windows Update Client runs out of
(virtual) memory during the search for updates and yields 0x8007000E
alias E_OUTOFMEMORY [‘].
According to <https://support.microsoft.com/en-us/kb/3050265>…
NtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.
Posted by Sysdream Labs on Oct 19
## SPIP 3.1.2 Exec Code Cross-Site Request Forgery (CVE-2016-7980)
### Product Description
SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments
and ease of use. It is free software, distributed under the GNU/GPL licence.
### Vulnerability Description
The vulnerable request to `valider_xml` (see: *SPIP 3.1.2 Template Compiler/Composer PHP Code Execution –
CVE-2016-7998*) is…
Posted by Sysdream Labs on Oct 19
## SPIP 3.1.2 Reflected Cross-Site Scripting (CVE-2016-7981)
### Product Description
SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments
and ease of use. It is free software, distributed under the GNU/GPL licence.
### Vulnerability Description
The `var_url` parameter of the `valider_xml` file is not correctly sanitized and can be used to trigger a reflected XSS…