Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Unrar 0.0.1 Memory Corruption

Posted by Rio Sherri on Sep 08

# Title : Unrar 0.0.1 Memory Corruption
# Date : 05/09/2016
# Author : R-73eN
# Tested on : Linux VM 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:50
UTC 2011 i686 i686 i386 GNU/Linux
# Software : https://github.com/defiant-labs/unrar-free

root@VM:~/unrar-free/src# unrar –version
unrar 0.0.1
root@VM:~/unrar-free/src# gdb –args ./unrar ~/test.rar
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc….

Full Disclosure

CVE request – Samsumg Mobile Phone SVE-2016-6248: SystemUI Security issue

Posted by 0xr0ot on Sep 08

Hi,

Description of the potential vulnerability:
SVE-2016-6248: SystemUI Security issue
Severity: Medium
Affected versions: L(5.0/5.1), M(6.0) devices with Exynos7420 chipset
Reported on: June 7, 2016
Disclosure status: Privately disclosed.
The vulnerability exists due to a null pointer dereference on fimg2d driver.
The patch verifies if the object is null before dereferencing it.

Fix:…

Full Disclosure

CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability

Posted by Dawid Golunski on Sep 08

Vulnerability: Adobe ColdFusion <= 11 XXE Injection
CVE: CVE-2016-4264
Vendor ID: APSB16-30
Discovered by: Dawid Golunski (http://legalhackers.com)

Adobe ColdFusion in versions 11 and below is vulnerable to XXE
Injection when processing untrusted office documents.

Depending on a web application’s functionality and the attacker’s ability to
supply a malicious document to be processed by a vulnerable ColdFusion
application, this…

Full Disclosure

cve request: Airmail URLScheme render and file:// xss vulnerability

Posted by redrain root on Sep 08

Airmail is a popular email client on iOS and OS X.
I found a vulnerability in airmail of the latest version which could cause
a file:// xss and arbitrary file read.

Author: redrain, yu.hong () chaitin com
Date: 2016-08-15
Version: 3.0.2 and earlier
Platform: OS X and iOS
Site: http://airmailapp.com/
Vendor: http://airmailapp.com/
Vendor Notified: 2016-08-15

Vulnerability:
There is a file:// xss in airmail version 3.0.2 and earlier.
The app can…

Full Disclosure

Defense in depth — the Microsoft way (part 43): restricting the DLL load order fails

Posted by Stefan Kanthak on Sep 08

Hi @ll,

according to <https://msdn.microsoft.com/en-us/library/ms684179.aspx>
and <https://msdn.microsoft.com/en-us/library/ms682586.aspx>,
LoadLibraryEx with LOAD_WITH_ALTERED_SEARCH_PATH should NOT search
the calling program’s application directory:

| Note that the standard search strategy and the alternate search
| strategy specified by LoadLibraryEx with LOAD_WITH_ALTERED_SEARCH_PATH
| differ in just one way: The standard…

Full Disclosure

Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names

Posted by Summer of Pwnage on Sep 08

————————————————————————
Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe
processing of file names
————————————————————————
Han Sahin, July 2016

————————————————————————
Abstract
————————————————————————
A persistent Cross-Site…

Full Disclosure

PHPHolidays CMS v3.00.50 – Cross Site Scripting Web Vulnerability

Posted by Vulnerability Lab on Sep 08

Document Title:
===============
PHPHolidays CMS v3.00.50 – Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1948

Release Date:
=============
2016-09-08

Vulnerability Laboratory ID (VL-ID):
====================================
1948

Common Vulnerability Scoring System:
====================================
3.1

Product & Service Introduction:…

Full Disclosure

Picosmos Shows v1.6.0 – Stack Buffer Overflow Vulnerability

Posted by Vulnerability Lab on Sep 08

Document Title:
===============
Picosmos Shows v1.6.0 – Stack Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1936

Release Date:
=============
2016-09-05

Vulnerability Laboratory ID (VL-ID):
====================================
1936

Common Vulnerability Scoring System:
====================================
6.1

Product & Service Introduction:…

Full Disclosure

SEC Consult SA-20160906-0 :: Private key for browser-trusted certificate embedded in multiple Aruba Networks / Alcatel-Lucent products

Posted by SEC Consult Vulnerability Lab on Sep 06

This advisory is accompanied by a blog post regarding a recap on our published
“House of Keys” research study on the re-use of cryptographic secrets from
11/2015.

For further information also see
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html

SEC Consult Vulnerability Lab Security Advisory < 20160906-0 >
=======================================================================
title:…

Full Disclosure

Kaspersky Company Account – FileManager Vulnerability

Posted by Vulnerability Lab on Sep 02

Document Title:
===============
Kaspersky Company Account – FileManager Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1924

Release Date:
=============
2016-08-30

Vulnerability Laboratory ID (VL-ID):
====================================
1924

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…