Full Disclosure
Posted by David Leo on Mar 23
To secure browser which is very fragile, the approach of HTTPS Only 3.1 is exceptionally simple:
1. Only HTTPS URLs(no other protocols)
2. Whitelist of domains(anything outside of whitelist is blocked)
Now, let’s look at threats:
1. Man in the middle – it’s fixed.
2. Phishing always requires the browser to load attacker’s website, so it’s permanently dead here.
3. Drive-by Download – dead(if applied strictly, unable to…
Posted by Sean Wright on Mar 23
Classification: //Dell SecureWorks/Public Use:
Classification: //Dell SecureWorks/Public Use:
Advisory Information
=================
Title: Facebook Messenger (iOS) Certificate Validation Vulnerability
Advisory ID: SWRX-2016-001
Advisory URL: https://www.secureworks.com/research/swrx-2016-001
Date published: Tuesday, March 22, 2016
CVE: Not assigned
CVSS v2 base score: 5.8
Date of last update: Tuesday, March 22, 2016
Vendors contacted:…
Posted by rotem kerner on Mar 23
0day exploit affecting CCTV DVR of over 70 different vendors. Attached is a
link to the research containing the vulnerability description and a working
exploit. In addition, It discuss the problem in performing responsible
disclosure with white label products.
Full research –
http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html
Posted by Stefan Kanthak on Mar 23
Hi @ll,
the executable installers cispro_30day_installer_1150_8d.exe,
cispremium_installer_6100_08.exe, cav_installer_5951_60.exe,
cav_installer.exe and cfw_installer.exe available from
<http://www.comodo.com> load and execute several DLLs from
their “application directory”.
For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory: see
<…
Posted by RedTeam Pentesting GmbH on Mar 22
Advisory: Cross-site Scripting in Securimage 3.6.2
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Securimage CAPTCHA software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.
Details
=======
Product: Securimage
Affected Versions: >= 3.2RC1
Fixed Versions: 3.6.4
Vulnerability Type: Cross-site Scripting
Security Risk: high
Vendor URL: https://www.phpcaptcha.org/
Vendor Status:…
Posted by SECUPENT Research Center on Mar 20
Exploit Title: Achievo Cross Site Scripting vulnerability
Vendor: www.achievo.org
Software Link: http://www.opensourcecms.com/scripts/details.php?scriptid=98
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 20-3-2016
Cross Site scripting link:
http://site/achievo/index.php?%27%22–%3E%3C%2fstyle%3E%3C%2fscRipt%3E%3CscRipt%3Ealert%280×000912%29%3C%2fscRipt%3E
Screenshot:…
Posted by 0x3d5157636b525761 iddqd on Mar 20
A novel persistent injection to Windows machines:
– By abusing “Dos Devices” registry key, a user could redefine the “C:”
symlink to an arbitrary value.
– smss.exe, which is responsible for mapping Dos devices, later maps “known
DLLs” as sections. These DLLs are typically loaded from
“C:WindowsSystem32” (e.g. kernel32.dll) and will henceforth be loaded to
any usermode process by the Windows loader.
– This…
Posted by SECUPENT Research Center on Mar 20
Exploit Title: DORG – Disc Organization System SQL Injection And Cross Site Scripting
Software Link: http://www.opensourcecms.com/scripts/details.php?scriptid=479
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 20-3-2016
SQL Injection:
link: http://localhost/dorg/results.php?q=3&search=%2527&type=3
Screenshot: http://secupent.com/exploit/images/drogsql.jpg
Cross Site Scripting (XSS):…
Posted by 0x3d5157636b525761 iddqd on Mar 20
Disclosure timeline
===================
February 10th, 2016: discovered 3 issues: memory corruption, authorization
bypass, CSRF.
February 10th, 2016; supplying technical details to Netgear, including POC
code.
February 12th, 2016: Netgear’s response – they said that only the Bezeq
firmware is vulneable.
February 13th, 2016: discovering command injection vulnerability, updating
Netgear.
February 14th, 2016: contacted Bezeq.
February 21st,…
Posted by 0x3d5157636b525761 iddqd on Mar 20
Brief
====
AsusTEK asio.sys driver accepts IOCTLs that allow the user to freely
manipulate MSRs.
Disclosure timeline
================
March 4th, 2016: contacted AsusTEK via mail and online chat. AsusTEK blamed
it on Microsoft!
March 5th, 2016: contacted the Microsoft security response center.
March 10th, 2016: Microsoft acknowledged and asked AsusTEK to fix.
March 16th, 2016: AsusTEK refuse to admit their mistakes.
March 17th, 2016: public…
