Posted by Laël Cellier on Mar 20

Oh………………………… Big mistake. I might advertised too soon.

I saw changes were pushed in master, so I thought the next version
(which was 2.7.1) would be the one which will include the fix.
But as pointed out on
https://security-tracker.debian.org/tracker/CVE-2016-2324 no versions
including the fixes were released yet, and even 2.7.3 still include
path_name(). I didn’t checked the code (Sorrrry).

So the only way to fix it…

Posted by Javier Nieto on Mar 20

Description
===================================================================
The FortiOS webui accepts a user-controlled input that specifies a link to
an external site, and uses that link in a redirect.

The redirect input parameter is also prone to a cross site scripting.

Public Fortinet Security Advisory (Mar 16 2016):
http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability

PoC…

Posted by jungle Boogie on Mar 17

Your URL is wrong.

Correct location:
http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow

Posted by cr0hn on Mar 17

 
Dear colleagues,

Please, allow us to introduce Enteletaor -> https://github.com/cr0hn/enteletaor

Enteletaor is a Message Queue & Broker Injection tool that implements attacks to: Redis, RabbitMQ and ZeroMQ.

Some of the actions you can do:

– Listing remote tasks.
– Read remote task content.
– Disconnect remote clients from Redis server (even the admin)
– Inject tasks into remote processes.
– Make a scan to discover open…

Posted by Laël Cellier on Mar 17

Hello, original report describing the first overflow full details is
here http://pastebin.com/UX2P2jjg or at the attachment
The aim is to push a crafted tree object if the target is a server or
make a client cloning a crafted repository.

Of course everything Peff talked about above is now fixed in git 2.7.1
with the removal of path_name() and the size_t/overflow check in
tree-diff.c. It was even fixed earlier for users of github enterprise….

Posted by Sachin Wagh on Mar 17

*Product: Bulletproof SecurityExploit Author: Sachin WaghAffected Version:
0.53.2*

*Fixed Version:** 0.53.3 *
(http://forum.ait-pro.com/forums/topic/bps-changelog/
<http://forum.ait-pro.com/forums/topic/bps-changelog/>)

*Home page Link: https://wordpress.org/plugins/bulletproof-security/
<https://wordpress.org/plugins/bulletproof-security/>*

*Detail:*

The Bulletproof Security plugin for WordPress is prone to a multiple
cross-site…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: PivotX 2.3.11
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://pivotx.net/
Vulnerability Type: Reflected XSS
Remote Exploitable: Yes
Reported to vendor: 01/20/2016
Disclosed to public: 03/15/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview

PivotX is a…

Posted by Curesec Research Team (CRT) on Mar 17

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Zenphoto 1.4.11
Fixed in: 1.4.12
Fixed Version Link: https://github.com/zenphoto/zenphoto/archive/
zenphoto-1.4.12.zip
Vendor Website: http://www.zenphoto.org/
Vulnerability Type: RFI
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to 03/15/2016
public:
Release mode: Coordinated Release
CVE:…

Posted by Weidenhamer, Andrew on Mar 17

We are pleased to announce our annual OWASP AppSec USA 2016 conference to be to be held at the Renaissance Washington
DC on October 11th<http://airmail.calendar/2016-10-11%2012:00:00%20EDT> – 14th. We are actively looking for Call for
Papers and Call for Trainings which can be found at the official OWASP AppSec USA 2016 website below:

https://2016.appsecusa.org<https://2016.appsecusa.org/>

If you have any other cool ideas for…

Posted by Stefan Kanthak on Mar 17

Hi @ll,

this multipart post does not require a MIME-compliant MUA.-)

Part 0:
~~~~~~~

On Windows 7 (other versions of Windows not tested for this
vulnerability, but are likely vulnerable too) all executable
installers/self-extractors based on Microsoft’s SFXCAB [*]
load and execute a rogue CryptDll.dll from their application
directory instead of %SystemRoot%System32CryptDll.dll.

For software downloaded with a web browser the application…