Full Disclosure
Posted by Mario Vilas on Aug 05
%APPDATA% is within the user’s home directory – by default it should not be
writeable by other users. If this is the case then the problem is one of
bad file permissions, not the location.
Incidentally, many other browsers and tons of software also store
executable code in %APPDATA%.
I think “security nightmare” may be a bit of an overstatement here. I’ll
refrain from panicking about this “issue” for the time…
Posted by SEC Consult Vulnerability Lab on Aug 05
SEC Consult Vulnerability Lab Security Advisory < 20150805-0 >
=======================================================================
title: Stack buffer overflow in handle_debug_network
product: Websense Triton Content Manager
vulnerable version: 8.0.0 build 1165
fixed version: V8.0.0 HF02
CVE number: CVE-2015-5718
impact: high
homepage: www.websense.com…
Posted by Stefan Kanthak on Aug 05
Hi @ll,
Mozilla Thunderbird 38 and newer installs and activates per default
the ‘Lightning’ extension.
Since extensions live in the (Firefox and) Thunderbird profiles
(which are stored beneath %APPDATA% in Windows) and ‘Lightning’ comes
(at least for Windows) with a DLL and some Javascript, Thunderbird
with ‘Lightning’ violates one of the mandatory and basic requirements
of the now 20 year old “Designed for…
Posted by Markus Wulftange on Aug 03
Hi Brandon,
we found two injection points. One in the BinaryFileHandler class:
POST /servlet/ConsoleServlet HTTP/1.1
Host: 192.168.40.133:8443
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
Cookie: JSESSIONID=D739FA0884EB78B31B1D23AEA899C175
ActionType=BinaryFile&Action=EXISTS&GUID=0’or’1’=’1
And one in the ExpRecordHandler class:
POST /servlet/ConsoleServlet…
Posted by Black Arch on Aug 03
Hi,
Today we released new BlackArch Linux ISOs. The new ISOs include over
1230
tools for i686 and x86_64 and over 1010 tools for armv6h and armv7h.
A detailed ChangeLog can be found here: https://www.blackarch.org/blog.html
If you’re not already familiar with BlackArch Linux, please read
the
DESCRIPTION section below.
[ DOWNLOAD ]
You can download the new ISOs here: https://www.blackarch.org/download.html
<…
Posted by Kana Shinoda on Aug 02
Dear all,
CODE BLUE in Tokyo is looking for innovative and creative research topics
regarding information security to be presented at the conference.
CODE BLUE is an international conference in Tokyo with the cutting eges
talks from all over the world, and is a place for all participants to
exchange information and interact beyond borders and languages.
We will support the travel airfare/accommodation/honorarium for one speaker
per a session….
Posted by MustLive on Aug 01
Hello list!
This is Brute Force vulnerability in VirtueMart for Joomla. Which is at
order details page.
————————-
Affected products:
————————-
Vulnerable are VirtueMart 3.0.9 for Joomla and previous versions.
———-
Details:
———-
Brute Force (WASC-11):
Weak password due to limit…
Posted by Brandon Perry on Aug 01
Do you have example requests for the SQL injections?
Posted by Markus Wulftange on Aug 01
Code White found several vulnerabilities in Symantec Endpoint Protection
(SEP), affecting versions 12.1 prior to 12.1 RU6 MP1.
SEP Manager (SEPM):
* CVE-2015-1486: Authentication Bypass
* CVE-2015-1487: Arbitrary File Write
* CVE-2015-1488: Arbitrary File Read
* CVE-2015-1489: Privilege Escalation
* CVE-2015-1490: Path Traversal
* CVE-2015-1491: SQL Injection
SEP clients:
* CVE-2015-1492: Binary Planting
Official Symantec advisory SYM15-007:…
Posted by Jing Wang on Aug 01
PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web
Application 0-Day Bug
Exploit Title: PhotoPost PHP __utmz Cookie Stored XSS Web Security
Vulnerability
Product: PhotoPost PHP
Vendor: PhotoPost
Vulnerable Versions: 4.8c 4.8.6 4.8.5 4.8.2 3.1.1 vB3
Tested Version: 4.8c vB3
Advisory Publication: July 25, 2015
Latest Update: July 28, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Impact CVSS Severity…