Full Disclosure
Posted by Zach C on Jul 16
Part 11 of Broken, Abandoned, and Forgotten Code is up! In this part,
we regenerate the SquashFS filesystem for our exploit firmware. We
have to shrink the firmware image down to 4MB from nearly 9MB to avoid
crashing the R6200’s UPnP daemon. We also add one more field to the
firmware header that, if absent, will cause the bootloader to hang.
Here’s a link to part 11:
http://shadow-file.blogspot.com/2015/07/abandoned-part-11.html
If…
Posted by PIN on Jul 16
/* glibc fastbin / tcmalloc / jemalloc double destructor/free example
*
* This example demonstrates a pattern with a base type with a protected
* destructor so as to avoid glibc’s corruption of the vftable pointer,
* that exact condition does not exhibit itself with jemalloc, however
* there appears to be additional memory corruption in tcmalloc that
* leaves the heap in a less than stable state, however it was not
* further…
Posted by Joshua Wright on Jul 16
This was my morning LOL:
$ curl -O http://totolink.net/include/download.asp?path=down/010300&file=TOTOLINK%20N300RG_8_70.zip
$ unzip TOTOLINK N300RG_8_70.bin
$ binwalk -e TOTOLINK N300RG_8_70.bin
DECIMAL HEXADECIMAL DESCRIPTION
——————————————————————————–
0 0x0 uImage header, header size: 64 bytes, header CRC: 0xB0D462F0, created: 2013-08-19
07:55:35,…
Posted by Kasper Westphal Bertelsen on Jul 16
Hi Full Disclosure,
New vulnerabilities has been discovered in Joomla Helpdesk Pro by Outpost24 ethical hackers.
Release date tomorrow the 17th of June 10 GMT(+2) time. Don’t reveal before tomorrow.
Exploits:
Link to blog:
https://www.outpost24.com/outpost24-has-found-critical-vulnerabilities-in-joomla-helpdesk-pro/
<https://www.outpost24.com/outpost24-has-found-critical-vulnerabilities-in-joomla-helpdesk-pro/>
References:…
Posted by SEC Consult Vulnerability Lab on Jul 16
SEC Consult Vulnerability Lab Security Advisory < 20150716-0 >
=======================================================================
title: Permanent Cross-Site Scripting
product: Oracle Application Express
vulnerable version: All versions prior to 4.2.3.00.08
fixed version: 4.2.3.00.08
CVE number: CVE-2015-2655
impact: high
homepage: https://apex.oracle.com/i/index.html…
Posted by Pierre Kim on Jul 16
## Advisory Information
Title: Backdoor and RCE found in 8 TOTOLINK router models
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x02.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html
Date published: 2015-07-16
Vendors contacted: None
Release mode: 0days, Released
CVE: no current CVE
## Product Description
TOTOLINK is a brother brand of ipTime which wins over 80% of…
Posted by Pierre Kim on Jul 16
## Advisory Information
Title: Backdoor credentials found in 4 TOTOLINK router models
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-16-backdoor-credentials-found-in-4-TOTOLINK-products.html
Date published: 2015-07-16
Vendors contacted: None
Release mode: 0days, Released
CVE: no current CVE
## Product Description
TOTOLINK is a brother brand of ipTime which wins…
Posted by Pierre Kim on Jul 16
## Advisory Information
Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt
Blog URL: http://pierrekim.github.io/blog/2015-07-16-4-TOTOLINK-products-vulnerable-to-CSRF-and-XSS-attacks.html
Date published: 2015-07-16
Vendors contacted: None
Release mode: Released, 0day
CVE: no current CVE
## Product Description
TOTOLINK is a brother brand of ipTime which…
Posted by Pierre Kim on Jul 16
Hash: SHA512
## Advisory Information
Title: 15 TOTOLINK router models vulnerable to multiple RCEs
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnerable-to-multiple-RCEs.html
Date published: 2015-07-16
Vendors contacted: None
Release mode: 0days, Released
CVE: no current CVE
## Product Description
TOTOLINK is a brother brand of ipTime…
Posted by Darya Maenkova on Jul 16
*SAP Security Notes July 2015*
SAP <http://www.sap.com/>has released the monthly critical patch update
for July 2015. This patch update closes a lot of vulnerabilities in SAP
products, some of them belong in the SAP HANA security area. The most
popular vulnerability is Missing Authorization Check. This month, one
critical vulnerability found by ERPScan researcher Alexander Polyakov
was closed.
*Issues that were patched with the help…