Home page logo
/
fulldisclosure logo
Full Disclosure Mailing List

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2014194273434262
2013282162290263227259277303187294222224
2012611477390382323428394393210277236280
2011590687439561572565367393370995466511
2010637502564453408631417445414523342696
2009979380465318282292550455421339386502
2008615496600821681403591559639531739635
2007593629573744555661662530709935582641
200699274018658677891058770771578678545495
2005939676950666678437766107889067710651531
200413581534149911531451103113701314109111741424731
200350540529650042189212511942176318061123782
2002314835685381456313

Latest Posts

AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability Vulnerability Lab (Apr 23)
Document Title:
===============
AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1258

Release Date:
=============
2014-04-22

Vulnerability Laboratory ID (VL-ID):
====================================
1258

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:...

CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive Portcullis Advisories (Apr 23)
Vulnerability title: Unrestricted file upload in Livetecs Timelive
CVE: CVE-2014-2042
Vendor: Livetecs
Product: Timelive
Affected version: 6.2.71
Fixed version: 6.5.1
Reported by: Richard Hatch

Details:
It was discovered that it was possible for low-level TimeLive
application users to upload
files (by using the "My Projects".."Manage Project" functionality).
There was no restriction on
file types that could be uploaded and...

CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive Portcullis Advisories (Apr 23)
Vulnerability title: Unauthenticated access to sensitive information and
functionality in Livetecs Timelive
CVE: CVE-2014-1217
Vendor: Livetecs
Product: Timelive
Affected version: 6.2.71
Fixed version: 6.2.8
Reported by: Richard Hatch

Details:
It was possible to access a URL that allowed unauthenticated access
to sensitive configuration change functionality, and also revealed the
database connection
string (including authentication credentials)...

CVE-2014-2383 - Arbitrary file read in dompdf Portcullis Advisories (Apr 23)
Vulnerability title: Arbitrary file read in dompdf
CVE: CVE-2014-2383
Vendor: dompdf
Product: dompdf
Affected version: v0.6.0
Fixed version: v0.6.1 (partial fix)
Reported by: Alejo Murillo Moyas

Details:
An arbitrary file read vulnerability is present on dompdf.php file that
allows remote or local attackers to read local files using a special
crafted argument. This vulnerability requires the configuration flag
DOMPDF_ENABLE_PHP to be enabled...

SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances SEC Consult Vulnerability Lab (Apr 23)
SEC Consult Vulnerability Lab Security Advisory < 20140423-0 >
=======================================================================
title: Path Traversal/Remote Code Execution
product: WD Arkeia Virtual Appliance (AVA)
vulnerable version: All Arkeia Network Backup releases (ASA/APA/AVA) since 7.0.3.
fixed version: 10.2.9
CVE number: CVE-2014-2846
impact: critical
homepage:...

(CVE-2014-1648) Symantec Messaging Gateway Management Console Cross Site Scripting Vulnerability William Costa (Apr 22)
I. VULNERABILITY

-------------------------

Reflected XSS Attacks vulnerability in Symantec Messaging Gateway Version
10.5.1

II. BACKGROUND

-------------------------

Symantec Corporation is an American computer security, backup and
availability solutions software corporation headquartered in Mountain
View, California, United States. It is a Fortune 500 company and a
member of the S&P 500 stock market index

III. DESCRIPTION...

Parallels Plesk Panel 12.x & 11.x /etc/psa/private/secret_key leakage Tim Rots (Apr 22)
While auditing the source code for Parallels Plesk Panel 12.x on Linux I
noticed the following feature that leads to leakage of the
'/etc/psa/private/secret_key'-file in md5 format to non-authenticated users.

Parallels responded that the 16byte 'secret_key' should provide sufficient
entropy for this not being an issue.
Soooo... even if I can control part of the salt to calculate the md5sum..?
See for yourself.

Code where the...

RAT C2 Domains Kevin Breen (Apr 21)
This is going out to a few lists, so apologies for those who get this a few
times.

As part of my project researching RATS - http://malwareconfig.com
http://techanarchy.net/2014/04/rat-decoders/

I am finding myself with a large dataset of known Bad C2 Domains and IP's,
Most of these are hosted on service like no-ip.

So my question, other than an email to the abuse () email address are
there any services that can make use of this data....

BlackArch Linux / New ISOs released Levon Kayan (Apr 21)
Dear list,

Today, we released new BlackArch Linux ISOs including more than 750 tools and
lot's of improvements. Also, armv6h and armv7h repositories are filled with
about 650 tools.

A short ChangeLog:
- added new system packages: mplayer, abs, ack, bc, bridge-utils, darkhttpd,
flashplugin, inotify-tools, irssi, makepasswd, mercurial, mplayer, rtorrent,
scrot, strace, tor-browser-en
- added .Xresources with entries for...

CS, XSS and FPD vulnerabilities in multiple plugins with CU3ER for WordPress MustLive (Apr 21)
Hello list!

Recently I disclosed vulnerabilities in CU3ER
(http://seclists.org/fulldisclosure/2014/Apr/244) and vulnerabilities in
plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone
(http://seclists.org/fulldisclosure/2014/Apr/251). This is popular flash
file and in Google's index there are up to million web sites with it
(inurl:cu3er.swf filetype:swf - now Google shows 994000 results).

These are Content Spoofing,...

Vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone MustLive (Apr 20)
Hello list!

Recently I disclosed vulnerabilities in CU3ER
(http://seclists.org/fulldisclosure/2014/Apr/244). This is popular flash
file and in Google's index there are up to million web sites with it
(inurl:cu3er.swf filetype:swf - now Google shows 994000 results).

There are any plugins for different CMS with CU3ER. These are Content
Spoofing and Cross-Site Scripting vulnerabilities in plugins with CU3ER for
WordPress, Joomla, SilverStripe...

Re: [ANN] Struts 2.3.16.1 GA release available - security fix Takeshi Terada (Apr 20)
There is another bypass of the excludeParams workaround.

Test.action?class['classLoader'].resources......(snip)

I confirmed it works on struts 2.3.16.

Plus, RCE exploits (for tomcat 8) using S2-020 were already disclosed.

http://sec.baidu.com/index.php?research/detail/id/18

Therefore upgrading to the latest version is strongly recommended.

Regards,

phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerability Chapp (Apr 20)
Happy easter..

* Product: phpManufaktur / kitForm
* Version: <= 0.43 (2013-11-22)
* Date: 2014-04-20
* Criticality: Medium
* Exploitable from: Remote
* Impact: SQL Injection
* Product URL: https://github.com/phpManufaktur/kitForm

1. Vendor Description:

kitForm is an extension for the Customer Relationship Management (CRM)
KeepInTouch and the Content Management Systems WebsiteBaker or LEPTON
CMS. It enables the easy creation of forms and...

no good signals in infosec coderman (Apr 19)
if your industry lacks meaningful measurements,
is devoid of independent, accurate, assessments,
your industry has no good signals.

---

"No college,huh?"
"How many PhD's do you have?"
- someone selling security using credentials rather than capabilities
as a signal.

---

https://www.schneier.com/blog/archives/2007/04/a_security_mark.html

A Security Market for Lemons

More than a year ago, I wrote about the...

Re: iis cgi 0day YiFei Yang (Apr 19)
Confirmed working, however it can only overwrite environment variables
whose name is all capital, you can't overwrite Path.

So, you can overwrite CONTENT_LENGTH, which may trigger buffer overflow in
some applications that depends on this variable to allocate buffer, or have
the application allocating a huge amount of memory.
And HTTPS/REMOTE_ADDR/REMOTE_HOST, which might trick some apps to lower
their security level like allowing plaintext...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]