Full Disclosure
Posted by Berend-Jan Wever on Dec 12
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirtieth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161212001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind of…
Posted by [CXSEC] on Dec 12
Apple iOS/tvOS/watchOS Remote memory corruption through certificate file
Source: https://cxsecurity.com/issue/WLB-2016110046
————————————————————
————————–
0. Short description
Special crafted certificate file may lead to memory corruption of several
processes and the vector attack may be through Mobile Safari or Mail app.
Attacker may control the overflow through the certificate length in…
Posted by Summer of Pwnage on Dec 11
————————————————————————
Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP
Object injection vulnerability
————————————————————————
Remco Vermeulen, July 2016
————————————————————————
Abstract
————————————————————————
A PHP Object injection…
Posted by dxw Security on Dec 10
Details
================
Software: Social Pug – Easy Social Share Buttons
Version: 1.1.2,1.2.5
Homepage: http://wordpress.org/plugins/social-pug/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-social-pug-easy-social-share-buttons-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
Reflected XSS in Social Pug…
Posted by dxw Security on Dec 10
Details
================
Software: Multisite Post Duplicator
Version: 0.9.5.1
Homepage: http://wordpress.org/plugins/multisite-post-duplicator/
Advisory report:
https://security.dxw.com/advisories/csrf-vulnerability-in-multisite-post-duplicator-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can-do/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
CSRF vulnerability in Multisite…
Posted by Oscar Martinez on Dec 09
# Date : 09/12/2016
# Author : Oscar Martinez
# Tested on:cf version 6.22.1+6b7af9c-2016-09-24 / Docker version 1.12.3,
build 6b644ec / API endpoint: https://api.ng.bluemix.net (API version:
2.54.0)
API endpoint: https://api.ng.bluemix.net (API version: 2.54.0)
# Vendor : IBM
# Software : bluemix https://www.ibm.com/cloud-computing/bluemix/
# Vulnerability Description:
It is assumed that a user with auditor role should not be able to create…
Posted by Berend-Jan Wever on Dec 09
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-ninth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161209001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind…
Posted by ESNC Security on Dec 09
*[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP
Security*
Please refer to https://www.esnc.de for the original security advisory,
updates, and additional information.
*———————————————————————-*
*1. Business Impact*
*———————————————————————-*
According to PwC website:
– “Using the proprietary ACE software, we perform…
Posted by Rio Sherri on Dec 09
# Date : 07/12/2016
# Author : R-73eN
# Tested on: Dual DHCP DNS Server 7.29 on Windows 7 SP1 (32bit)
# Vendor : http://dhcp-dns-server.sourceforge.net/
# Software :
https://sourceforge.net/projects/dhcp-dns-server/files/Dual%20DHCP%20DNS%20Server/DualServerInstallerV7.29.exe/download
# Vulnerability Description:
# The software crashes when it tries to write to an invalid address.
#
# MOV EBX,DWORD PTR SS:[EBP+8] -> EBP+8 is part of our…
Posted by Martin Bednorz on Dec 09
Roundcube 1.2.2: Command Execution via Email
============================================
You can find the online version of the advisory here:
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
Found by Robin Peraglie with RIPS
Introduction
————
Roundcube is a widely distributed open-source webmail software used by
many organizations and companies around the globe. The mirror on
SourceForge, for example, counts more…