Full Disclosure
Posted by David Leo on Jul 07
It’s public now:
https://code.google.com/p/chromium/issues/detail?id=497588
Interesting Points:
They did reproduce
“I can reproduce this locally”
They say it’s DoS
“seems like any renderer denial-of-service”
(The browser does not crash!)
They say it’s not security issue
“remove security flags from this bug”
Finally, they stopped replying
“Jun 10” to “Jul 2”
(unbelievable huge…
Posted by David Jorm on Jul 07
The Grandstream GXV3275 is an Android-based VoIP phone. Several
vulnerabilities were found affecting this device.
* The device ships with a default root SSH key, which could be used as a
backdoor:
/system/root/.ssh # cat authorized_keys
Public key portion is:
ssh-rsa…
Posted by sikkandar.lynx on Jul 06
WideImage Demo Code Cross Site Scripting (XSS)
Description:
WideImage is an object-oriented library for image manipulation.
It requires PHP 5.2+ with GD2 extension. The library provides a simple way to loading, manipulating and saving images
in the most common image formats.
Type of vulnerability:
Reflected XSS
Threat level:
Medium
Tested on:
Windows 8.1
Product:
WideImage – An Open Source PHP library for image manipulation.
Version:…
Posted by Paris Zoumpouloglou on Jul 06
—————–
Background
—————–
Orchard is a free, open source, community-focused content management
system written in ASP.NET platform using the ASP.NET MVC framework. Its
vision is to create shared components for building ASP.NET applications
and extensions, and specific applications that leverage these components
to meet the needs of end-users, scripters, and developers.
————————
Software Version…
Posted by Darío B on Jul 06
Hi all,
I would like to present a powershell script that helps you to check/audit
the compliance of the applied folder permissions to the shared folders
hosted by a file server according to the need-to-know defined in your
security policy.
This script allows to export the differences from the baseline (security
policy) so that you can further analyze that.
In these two posts you will find the details about the script and output:…
Posted by 47 on Jul 06
WideImage Demo Code Cross Site Scripting (XSS)
Description:
WideImage is an object-oriented library for image manipulation.
It requires PHP 5.2+ with GD2 extension. The library provides a simple way to loading, manipulating and saving images
in the most common image formats.
Type of vulnerability:
Reflected XSS
Threat level:
Medium
Tested on:
Windows 8.1
Product:
WideImage – An Open Source PHP library for image manipulation….
Posted by CORE Advisories Team on Jul 06
1. Advisory Information
Title: AirLive Multiple Products OS Command Injection
Advisory ID: CORE-2015-0012
Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection
Date published: 2015-07-06
Date of last update: 2015-07-06
Vendors contacted: AirLive
Release mode: User release
2. Vulnerability Information
Class: OS Command Injection [CWE-78], OS Command Injection [CWE-78]
Impact: Code execution
Remotely…
Posted by Pierre Kim on Jul 06
## Advisory Information
Title: 127 ipTIME router models vulnerable to an unauthenticated RCE
by sending a crafted DHCP request
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-06-127-iptime-router-models-unauthenticated-RCE-with-DHCP.html
Date published: 2015-07-06
Vendors contacted: None
Release mode: Released, 0day
CVE: no current CVE
## Product Description…
Posted by Nitin Venkatesh on Jul 05
# Title: Open redirect vulnerability in StageShow WordPress plugin v5.0.8
# Submitter: Nitin Venkatesh
# Product: StageShow WordPress Plugin
# Product URL: https://wordpress.org/plugins/stageshow
# Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’)
[CWE-601]
# Affected Versions: v5.0.8 and possibly below
# Tested Version: v5.0.8
# Fixed Version: v5.0.9
# Link to source code diff:…
Posted by MustLive on Jul 05
Hello list!
Let’s back to vulnerabilities, which I disclosed in April 2011, which can be
used for DDoS attacks on other sites, e.g. with my DAVOSET
(http://seclists.org/fulldisclosure/2015/Jun/111). In addition to hundreds
of themes, which I wrote about in previous years, here is another theme for
WordPress, which still didn’t fix all holes and there are many sites with
old version of theme (+ WAF bypass).
I want to warn you…