Full Disclosure
Posted by 0x3d5157636b525761 iddqd on May 09
Brief
=====
Android App WheresMyDroid (10M – 50M installations) allows a malicious
user to perform the following:
– Take silent camera photos, automatically uploading them.
– Getting the GPS location.
– Possibly wiping the phone, locking and unlocking the device.
– Upgrading the App to the Pro version.
These are all possible via SMS messages.
Disclosure timeline
===================
April 20th, 2016: discovered issues.
April 21st, 2016:…
Posted by Saif El-Sherei on May 09
Heya,
I was already informed that the product is mot covered by Mitre CVE the release is just for responsible disclosure not
CVE request.
Regards,
Saif
Sent from my iPhone
Posted by Sven Blumenstein on May 06
Aruba ArubaOS/Aruba Instant/AirWave Management – Multiple Vulnerabilities
————————————————————————-
Introduction
============
Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The
Vulnerabilities were discovered during a black box security assessment and
therefore the vulnerability list should not be considered exhaustive. Several
of the high severity vulnerabilities listed…
Posted by Bhadresh Patel on May 06
Hello Team,
Sorry for the typo in earlier draft.
The correct CVE IDs are both year 2015.
1) Unauthorized access of router’s network troubleshooting page
(ping.cgi) — CVE-2015-6023
2) Command injection vulnerability on ping.cgi — CVE-2015-6024
Regards,
-Bhadresh
*******************************
Bhadresh Patel
Senior Security Analyst
Tel: +97144405666
Fax: +971 4 363 6742
Mob: +971529172297
Arjaan Office Tower, Office 1208
Dubai Internet…
Posted by Francisco Amato on May 06
Faraday v1.0.19 is ready! More documentation, a new interface and
plugin fixes are some of the improvements included in this version.
Continuing with our efforts to make Faraday accessible to everyone we
stopped the development and spent a few days improving our
documentation, so feel free to take a look at it and let us know if
you feel something is missing!
It shouldn’t come as a surprise that our QT interface will be
deprecated during…
Posted by Saif El-Sherei on May 06
Heya,
Wanted to request CVE for the following issues, that have been fixed by the vendor, fix details are at:
https://www.manageengine.com/products/applications_manager/release-notes.html
[SPSA-2016-02/ManageEngine ApplicationsManager]——————————
SECURITY ADVISORY: SPSA-2016-02/ManageEngine Applications Manager Build No: 12700
Affected Software: ManageEngine Applications Manager Build No: 12700
Vulnerability:…
Posted by Lab I-Tracing on May 06
=============================================
Web Server Cache Poisoning in CMS Made Simple
=============================================
CVE-2016-2784
Product Description
===================
CMS Made Simple is a great tool with many plugins to publish content on the Web. It aims to
be simple to use by end users and to provide a secure and robust website.
Website: http://www.cmsmadesimple.org/
Description
===========
A remote…
Posted by Julien Ahrens on May 06
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Swagger Editor
Vendor URL: https://github.com/swagger-api/swagger-editor
Type: Cross-Site Scripting [CWE-79]
Date found: 2015-04-07
Date published: 2016-05-03
CVSSv3 Score: 6.3 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: –
2. CREDITS
==========
This vulnerability was discovered and researched by Julien…
Posted by Bhadresh Patel on May 06
Title:
====
NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities
Credit:
======
Name: Bhadresh Patel
Company/affiliation: HelpAG
Website: www.helpag.com
CVE:
=====
CVE-2015-6023, CVE-2016-6024
Date:
====
03-05-2016 (dd/mm/yyyy)
Vendor:
======
NetComm Wireless is a leading developer and supplier of high performance
communication devices that connect businesses and people to the internet.
Products and services:…
Posted by Apple Product Security on May 06
APPLE-SA-2016-05-03-1 Xcode 7.3.1
Xcode 7.3.1 is now available and addresses the following:
Git
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A heap-based buffer overflow issue existed in the
handling of filenames. This issue was addressed by updating git to
version 2.7.4.
CVE-ID
CVE‑2016‑2315
CVE‑2016‑2324
Xcode 7.3.1 may be obtained from:…