Monthly Archives: November 2016

Fedora

phpMyAdmin-4.6.5.1-2.fc25

phpMyAdmin 4.6.5.1 (2016-11-26)
===============================

A patch-level release fixing two small issues:

* an issue affecting a small number of users using $cfg[‘Servers’][$i][‘hide_db’] or $cfg[‘Servers’][$i][‘only_db’].
* an issue affecting the create table dialog where the partition selection tool was overzealous and made it difficult to create a new table.

There are also minor improvements to the Czech language file.

phpMyAdmin 4.6.5 (2016-11-25)
=============================

A release containing security fixes and bug fixes. Aside from the security improvements, many bugs have been fixed including:

* Fix for expanding in navigation pane
* Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies)
* Fix editing of ENUM/SET/DECIMAL field structures
* Improvements to the parser

And many, many more. Please see the ChangeLog for full details of bugs fixes.

Security

Red Hat Security Advisory 2016-2824-01

Red Hat Security Advisory 2016-2824-01 – Expat is a C library for parsing XML documents. Security Fix: An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.

Security

Ubuntu Security Notice USN-3135-2

Ubuntu Security Notice 3135-2 – USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

Full Disclosure

Re: Tenda, Dlink & Tplink TD-W8961ND – DHCP XSS Vulnerability

Posted by Simon Waters (Surevine) on Nov 28

XSS in DHCP name has been reported on the Full Disclosure mailing list for other models of TP-Link Router before.

Seems to be generic to many TP-Link models.

My model has a regular line wrap to the DHCP hostname field, so you need to insert a comment into HTML or JS every N
characters into any exploit code, but it is fully exploitable, and you can write arbitrary JS in that space with a
little effort.

The attacker would have to inject…

Full Disclosure

CFP – BloomCON 0x02 – March 24-25, 2017 Bloomsburg, PA

Posted by Philip Polstra on Nov 28

The second BloomCON Forensics and Security conference will be held March
24-25, 2017 in Bloomsburg, PA (USA).

We are now officially accepting presentation and workshop submissions. We
will hosting multiple speaking and workshop tracks.

We are looking for talks of 25 or 50 minutes in length and 2-hr or 4-hr
workshops.

If you have something you would like to share please send the following to:
drphil () bloomcon com

* your name or…

Full Disclosure

[ndhXV] Call For Paper – 15th anniversary – 24-25 June 2017

Posted by Freeman on Nov 28

If you have some l33t skillz, just follow the link :
https://submit.hackerzvoice.net

For the lazy ones, just keep scrolling

CALL FOR PAPERS – #ndhXV – 15th anniversary – 24-25 June 2017

IN A NUTSHELL

Conference format : 45min, including 5 to 10min of Q&A
Submission : https://submit.hackerzvoice.net
Deadline : April 5th, 2017
Announcement : April 20th, 2017
Beer,…

Full Disclosure

CVE-2016-0063: MSIE 8-11 MSHTML DOMImplementation type confusion details

Posted by Berend-Jan Wever on Nov 28

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
twentieth entry in that series. Unfortunately I won’t be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161128001.html. There you…