Full Disclosure
Posted by Joshua on Dec 09
Gstreamer ID3v2 v1.0 – Out of Bounds Read
A maliciously crafted ID3v2-tagged file enables an out-of-bounds memory read against Gstreamer 1.0.
The Gstreamer ID3v2 implementation uses arbitrarily supplied data to generate buffers for the ID3v2 object and frames.
By providing a maliciously crafted file with a null length in the ID3v2 header and an arbitrarily set length in the
succeeding frame it is possible to generate an out of bounds read. An…
Posted by Berend-Jan Wever on Dec 09
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-seventh entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161207001.html. There you can find a repro
that triggered this issue in addition to the information below.
Today’s release is not very interesting, because it was one of the first
bugs I found and…
Posted by Berend-Jan Wever on Dec 09
Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful, you can help me make more time available by donating
bitcoin to 183yyxa9s1s1f7JBpPHPmzQ346y91Rx5DX.
This is the twenty-sixth entry in the…
Posted by Francesco Oddo on Dec 09
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Posted by Berend-Jan Wever on Dec 09
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-eighth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161208001.html. There you can find a repro
that triggered this issue in addition to the information below.
Today’s release is again not very interesting, because it also was one
of the first bugs I found…
Posted by Asterisk Security Team on Dec 08
Asterisk Project Security Advisory – ASTERISK-2016-009
Product Asterisk
Summary
Nature of Advisory Authentication Bypass
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known No…
Posted by Asterisk Security Team on Dec 08
Asterisk Project Security Advisory – AST-2016-008
Product Asterisk
Summary Crash on SDP offer or answer from endpoint using
Opus
Nature of Advisory Remote Crash
Susceptibility Remote unauthenticated sessions…
Posted by SEC Consult Vulnerability Lab on Dec 06
We have published an accompanying blog post to this technical advisory with
further information:
http://blog.sec-consult.com/2016/12/backdoor-in-sony-ipela-engine-ip-cameras.html
SEC Consult Vulnerability Lab Security Advisory < 20161206-0 >
=======================================================================
title: Backdoor vulnerability
product: Sony IPELA ENGINE IP Cameras
(multiple…
Posted by Berend-Jan Wever on Dec 06
FYI: this link to my blog was 404 until early this morning. It is now up
if you are still interested in reading it.
Posted by MustLive on Dec 06
Hello participants of Mailing List.
After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I’ve made next update of the software. At 30th of November DAVOSET v.1.2.9
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub:…