Full Disclosure
Posted by LSE-Advisories on May 03
=== LSE Leading Security Experts GmbH – Security Advisory 2016-02-03 ===
OXID eShop Path Traversal Vulnerability
————————————————————————
Affected Versions
=================
Community Edition 4.9.7
Issue Overview
==============
Vulnerability Type: path traversal, privilege escalation
Version: Tested in Community Edition 4.9.7
Technical Risk: high
Likelihood of Exploitation: medium
Vendor: OXID…
Posted by Gavrill Klimov on May 03
what is the real danger of this?
https://blog.strcpy.info/2016/04/21/building-a-portable-gsm-bts-using-bladerf-raspberry-and-yatebts-the-definitive-guide/
is it possible to intercept to the calls?
Posted by Simon Lees on May 03
Hi
This is a disclosure of the following issue that was raised a week ago
on the distro’s mailing list. Both bugs on the gnome bugtracker are
currently private and should be made public now. The two attached
patches are based off the 2.9.3 libxml2 release.
A couple of weeks back while working on a related bug [CVE-2016-3627] I
discovered a specially created xml file is capable of triggering a stack
overflow before libxml2 can detect its a…
Posted by Timo Juhani Lindfors on May 03
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
——————————————————————–
Affected products
=================
At least Zabbix Agent 1:3.0.1-1+wheezy from
http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions
were not tested.
Background
==========
“Zabbix agent is deployed on a monitoring target to actively monitor
local resources and applications (hard…
Posted by Ajin Abraham on May 03
Hey Folks,
Happy to release MobSF v0.9.2
About MobSF
Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android and iOS
Applications and supports both binaries (APK & IPA) and zipped source
code. MobSF can also perform Web API Security testing…
Posted by Karn Ganeshen on May 03
*Moxa MiiNePort – Multiple Vulnerabilities*
Multiple vulnerabilities are present in Moxa MiiNePort. Following versions
have been verified, but it is highly probable all other versions are
affected as well.
*About*
Moxa provides a full spectrum of quality products for industrial
networking, computing, and automation, and maintains a distribution and
service network that reaches customers in more than 70 countries. Our
products have connected…
Posted by Dolev Farhi on May 03
# Exploit title: Observium Commercial – CSRF & Authenticated Code Execution
# Date: 28-04-2016
# Vendor homepage: http://observium.org/
# Software version: CE 0.16.7533
Authenticated remote code execution
Using either CSRF or by editing the whois binary field in the Observium webui under Settings-> System Path, an attacker
may also change the Path to either [whois, mtr, nmap] to any bash command, and by hitting the url:…
Posted by Sandeep Kamble on May 03
Hello all,
I hope you prepared with Sunday weapons
The CTF winning the Hard level will be awarded $150, Medium Level with $125
and Low Level 65$. Ranchoddas CTF Challenge.
The bounty will be donated towards the Garage4hackers Maharastra Drought
Relief Fund.
CTF link: http://92.222.71.224/
Submit your submission to s () garahe4hackers com
Thank you
Posted by Black Arch on May 03
Dear list,
We’ve released the new BlackArch Linux ISOs along with the new
installer. They include more than 1400 tools and come with lots of
improvements. The armv6h and armv7h repositories are filled with about
1300 tools.
A short ChangeLog of the Live-ISOs:
– added new (improved) BlackArch Linux installer
– include linux kernel 4.5.1
– added new blackarch linux installer
– fixed an EFI boot issue
– fixed the well-known…
Posted by Stefan Kanthak on May 03
Hi @ll
despite better knowledge and MULTIPLE bug/vulnerability reports
(see <https://bugzilla.mozilla.org/show_bug.cgi?id=811557>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=809373>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=579593>, …)
Mozilla continues to ship Firefox and Thunderbird for Windows with
a vulnerable executable installer.
Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. visit <…