Posted by John Strander on Oct 23

Posted by Stefan Kanthak on Oct 20

Hi @ll,

on x64 editions of Windows, RegEdit.exe exists both as
%windir%regedit.exe and %windir%SysWOW64regedit.exe.

<https://msdn.microsoft.com/en-us/library/aa384187.aspx> states

| […] whenever a 32-bit application attempts to access […]
| %windir%regedit.exe is redirected to %windir%SysWOW64regedit.exe.

But what is the “application directory” when a 32-bit application
runs %windir%regedit.exe?
Is it %windir% or…

Posted by kvnjs on Oct 19

Tim conflates two products in his original report:

Product: UniFi AP AC Lite
Vendor: Ubiquiti Networks Inc.

Internal reference: ? (Bug ID)
Vulnerability type: Incorrect access control
Vulnerable version: Unify 5.2.7 and possible other versions affected (not
tested)

[…]

Both the UniFi appliance line and the AP management software are properly
spelled ‘UniFi’.

https://www.ubnt.com/unifi/unifi-ap-ac-lite/…

Posted by Carlos Silva on Oct 19

AFAIK, that’s actually the Unifi Controller, but that’s “web based” as in,
you access it via a browser (I use the same on my Unifi setup). So, I still
can’t see, nor understand, how to exploit said vulnerability unless you
already have a local account on the controller.

Posted by Tim Schughart on Oct 19

Hi,

please let us communicate directly and not via Mailinglists, because this results in flooding and is not important to
all other people. If there is an final result, weather the PoC has got an mistake or not, we can publish the result.

If there are other products affected we don’t know – this was not mentioned in the disclosure (The PoC is only for the
OS X Software combined with an AP AC Lite), so we can’t give an statement to other…

Posted by Sebastian Perez on Oct 19

[Product Description]
Plone is a free and open source content management system built on
top of the Zope application server. Plone is positioned as an
“Enterprise CMS” and is most commonly used for intranets and as part
of the web presence of large organizations

[Systems Affected]
Product : Plone
Version : All supported Plone versions (4.3.11 and any earlier 4.x
version, 5.0.6 and any earlier 5.x version). Previous versions…

Posted by redrain root on Oct 19

recently I noticed Tavis Ormandy reporting a vulnerability about Ghostscript
-dSAFER mode could be ignored and lead to code execution, however no one
exploit it in a application. there is a simple discussion and exploit
about it.

Author: redrain, yu.hong () chaitin com
Date: 2016-10-17
Version: Ghostscript version > 1.6
ImageMagick(or other app) all version
Vendor Notified: 2016-10-18

ImageMagick allows to process files with…

Posted by Himanshu Mehta on Oct 19

Aloha,

Summary
Evernote contains a DLL hijacking vulnerability that could allow an
unauthenticated, remote attacker to execute arbitrary code on the targeted
system. The vulnerability exists due to some DLL file is loaded by
‘Evernote_6.1.2.2292.exe’ improperly. And it allows an attacker to load
this DLL file of the attacker’s choosing that could execute arbitrary code
without the user’s knowledge.

Affected Product:
Evernote…

Posted by Stefan Kanthak on Oct 19

Hi @ll,

since more than a year now, Windows Update fails (not only, but most
notably) on FRESH installations of Windows 7/8/8.1 (especially their
32-bit editions), which then get NO security updates at all [°]!

One of the many possible causes: Windows Update Client runs out of
(virtual) memory during the search for updates and yields 0x8007000E
alias E_OUTOFMEMORY [‘].

According to <https://support.microsoft.com/en-us/kb/3050265>…

Posted by Sysdream Labs on Oct 19

## SPIP 3.1.2 Server Side Request Forgery (CVE-2016-7999)

### Product Description

SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments
and ease of use. It is free software, distributed under the GNU/GPL licence.

### Vulnerability Description

It’s possible to send HTTP/FTP requests using the `valider_xml` file.
Attackers can make it look like the server is sending the…