Home page logo
/
fulldisclosure logo
Full Disclosure Mailing List

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
201419427343432521317416789112
2013282162290263227259277303187294222224
2012611477390382323428394393210277236280
2011590687439561572565367393370995466511
2010637502564453408631417445414523342696
2009979380465318282292550455421339386502
2008615496600821681403591559639531739635
2007593629573744555661662530709935582641
200699274018658677891058770771578678545495
2005939676950666678437766107889067710651531
200413581534149911531451103113701314109111741424731
200350540529650042189212511942176318061123782
2002314835685381456313

Latest Posts

WPScan Vulnerability Database Ryan Dewhurst (Sep 27)
Hi,

The WPScan Vulnerability Database a WordPress Vulnerability Database was
released last week during the BruCON security conference.

The database is exclusively for Wordpress core, Plugin and Theme
vulnerabilities and is what the WPScan tool (an Open Source WordPress
vulnerability scanner) uses to detect and output vulnerabilities.

The database also has an API available for non-commercial usage. A
submission system, RSS Feeds and more....

[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 Pedro Ribeiro (Sep 27)
Hi,

This is the fifth part of the ManageOwnage series. For previous parts, see:
http://seclists.org/fulldisclosure/2014/Aug/55
http://seclists.org/fulldisclosure/2014/Aug/75
http://seclists.org/fulldisclosure/2014/Aug/88
http://seclists.org/fulldisclosure/2014/Sep/1

This time we have a file upload with directory traversal as well as an
arbitrary file deletion vulnerability. The file upload can be abused
to deliver a WAR payload in the Tomcat...

Openfiler DoS via CSRF (CVE-2014-7190) Dolev Farhi (Sep 27)
# Exploit author: @dolevff
# Vendor homepage: http://www.openfiler.com
# Affected Software version: 2.99.1 (latest)
# Alerted vendor: 7.5.14
# CVE-2014-7190

Software Description
=====================
Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of
file-based Network Attached Storage and block-based
Storage Area Networking functionality in a single cohesive framework....

XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158) William Costa (Sep 27)
I. VULNERABILITY

-------------------------

XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite

II. BACKGROUND
-------------------------
WAN Optimization Suite integrates enterprise-caliber bandwidth acceleration
and optimization with best-in-class application network visibility and
control in a single, easy-to-use suite - See more at:

III. DESCRIPTION
-------------------------
Has been detected a XSS Reflected...

Re: Critical bash vulnerability CVE-2014-6271 Matt Hazinski (Sep 27)
I'm able to get remote code execution via CVE-2014-6271 on the Digital
Alert Systems DASDEC. This appliance is used by broadcasters to send and
receive Emergency Alert System messages over IP and AFSK. Once
authenticated,
an attacker can interrupt broadcasts (via a relay) and play arbitrary audio
over the airwaves.

Exploiting it only requires a malicious HTTP header:

curl -H 'X-Shell-Shock: () { :; }; /bin/echo vulnerable >...

uni-konstanz.de subdomain, arbitrary file download b4mbi (Sep 27)
Hi,
there is a arbitrary file download vulnerability in the University Konstanz Website.
Vulnerable link: http://www.wiwi.uni-konstanz.de/index.php?eID=tx_nawsecuredl&u=0&file=[ File here! ]

Re: Critical bash vulnerability CVE-2014-6271 (slightly OT logo discussion) Ben Lincoln (F7EFC8C9 - FD) (Sep 26)
I propose a contest - IMO if Heartbleed got a cool logo/symbol,
ShellShock deserves at least 4 or 5 designs to choose from.

http://www.beneaththewaves.net/ShellShock-With_Shockwaves-With_Text.JPG
http://www.beneaththewaves.net/ShellShock-With_Shockwaves-Without_Text.JPG
http://www.beneaththewaves.net/ShellShock-Without_Shockwaves-With_Text.JPG
http://www.beneaththewaves.net/ShellShock-Without_Shockwaves-Without_Text.JPG

Maybe MITRE can be...

Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities Vulnerability Lab (Sep 26)
Document Title:
===============
Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=716

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
716

Common Vulnerability Scoring System:
====================================
4.1

Product & Service Introduction:...

Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability Vulnerability Lab (Sep 26)
Document Title:
===============
Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=660

Release Date:
=============
2014-09-18

Vulnerability Laboratory ID (VL-ID):
====================================
660

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...

SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability Vulnerability Lab (Sep 26)
Document Title:
===============
SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1298

Tracking ID: 088-1B879F0C-0A22

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
1298

Common Vulnerability Scoring System:
====================================
6.1

Product &...

Oracle Corporation MyOracle - Persistent Vulnerability Vulnerability Lab (Sep 26)
Document Title:
===============
Oracle Corporation MyOracle - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1261

Oracle Security ID (Team Tracking ID): admin () vulnerability-lab com-001

Release Date:
=============
2014-09-17

Vulnerability Laboratory ID (VL-ID):
====================================
1261

Common Vulnerability Scoring System:...

GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability Vulnerability Lab (Sep 26)
Document Title:
===============
GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
1325

Common Vulnerability Scoring System:
====================================
6.3

Product & Service Introduction:...

Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 26)
it's like this:

i'm told that this is somewhat common, which probably means that not all
shells are good enough for this script. on debian, /bin/sh is "dash"
which may be an example of "not good enough to run this script".

on systems like red hat and mac osx where /bin/sh just is bash, it's the
same effect but dhclient-script begins #!/bin/sh instead.

here's a POC:...

Re: Critical bash vulnerability CVE-2014-6271 Seth Arnold (Sep 25)
Which systems go through /bin/sh for the exec*() family of functions?

Thanks

Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
i don't have an exhaustive list. my friends at $dayjob told me to use
debian, so i am. i see this:

http://manpages.debian.org/cgi-bin/man.cgi?query=execv&apropos=0&sektion=0&manpath=Debian+7.0+wheezy&format=html&locale=en

which contains this text:

i now see that this only applies to execlp() and execvp(), not to the
entire family. (was reading in a terminal window before.)

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault