seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 22 perc 35 másodperc
2017. szeptember 22.

WordPress Plugin Responsive Image Gallery 1.1.8 - SQL Injection

Posted by Manuel Garcia Cardenas on Sep 22

=============================================
MGC ALERT 2017-006
- Original release date: September 01, 2017
- Last revised: September 25, 2017
- Discovered by: Manuel García Cárdenas
- Severity: 7,1/10 (CVSS Base Score)
- CVE-ID: CVE-2017-14125
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin Responsive Image Gallery 1.1.8 - SQL Injection

II. BACKGROUND
-------------------------...
2017. szeptember 21.

Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities

Posted by hyp3rlinx on Sep 21

[+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAUTHENTICATED-VULNERABILIITIES-SECURITEAM.txt
[+] ISR: ApparitionSec

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in
Mako Server’s tutorial page.

The...
2017. szeptember 21.

Re: Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

Posted by Pierre Kim on Sep 21

Hello,

Following the advisory posted to FD and Buqtraq about "Pwning the
Dlink 850L routers and abusing the MyDlink Cloud protocol"
the HTML version on analyzing the security on the corrected
firmware for Dlink 850L routers is posted here:
https://pierrekim.github.io/blog/2017-09-21-update-dlink-850l-mydlink-cloud-0days-vulnerabilities.html

Please find a text-only version below sent to security mailing lists.

=== text-version ===...
2017. szeptember 21.

CSNC-2017-023: Buffer Overflow in Mongoose MQTT Broker

Posted by Advisories on Sep 21

#############################################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
#############################################################################
#
# Product: Mongoose Embedded Web Server Library
# Vendor: Cesanta
# CVE ID: Not yet assigned.
# CSNC ID: CSNC-2017-023
# Subject: Stack based buffer overflow
# Risk: High
# Effect: Remotely exploitable...
2017. szeptember 21.

ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities

Posted by EMC Product Security Response Center on Sep 21

ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple
Vulnerabilities

EMC Identifier: ESA-2017-081
CVE Identifier: CVE-2017-8007, CVE-2017-8012
Severity Rating: CVSS Base Score: See below for individual scores.

Affected products:
* EMC ViPR SRM all versions
* EMC Storage M&R all versions
* EMC VNX M&R all versions
* EMC M&R...
2017. szeptember 21.

Pixie image Editor SSRF vulnerability for CVE-2017-12905

Posted by service () baimaohui net on Sep 21

Pixie image Editor SSRF vulnerability for CVE-2017-12905

title: Pixie image Editor SSRF vulnerability for CVE-2017-12905

Date: 20/09/2017

Vulnerability Type: SSRF(Server Side Request Forgery)

Vendor of Product: vebto(vebto.com)

Attack Type: Remote

Impact: Importent

Author:BeiJing Baimaohui technology co., LTD.

Version: Pixie Image Editor 1.4 and 1.7

CVE-ID : CVE-2017-12905

==========Detail==========

I found "Pixie...
2017. szeptember 21.

APPLE-SA-2017-09-20-3 tvOS 11

Posted by Apple Product Security on Sep 21

APPLE-SA-2017-09-20-3 tvOS 11

tvOS 11 addresses the following:

Wi-Fi
Available for: Apple TV (4th generation)
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7103: Gal Beniamini of Google Project Zero
CVE-2017-7105: Gal Beniamini of Google Project Zero...
2017. szeptember 21.

APPLE-SA-2017-09-20-2 watchOS 4

Posted by Apple Product Security on Sep 21

APPLE-SA-2017-09-20-2 watchOS 4

watchOS 4 addresses the following:

Wi-Fi
Available for: All Apple Watch models
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7103: Gal Beniamini of Google Project Zero
CVE-2017-7105: Gal Beniamini of Google Project Zero...
2017. szeptember 21.

APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11

Posted by Apple Product Security on Sep 21

APPLE-SA-2017-09-20-1
Additional information for APPLE-SA-2017-09-19-1 iOS 11

iOS 11 addresses the following:

Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This
was addressed by requiring TLS for AutoDiscover V1....
2017. szeptember 21.

APPLE-SA-2017-09-19-3 Xcode 9

Posted by Apple Product Security on Sep 21

APPLE-SA-2017-09-19-3 Xcode 9

Xcode 9 is now available and addresses the following:

Git
Available for: macOS Sierra 10.12.6 or later
Impact: Checking out a maliciously crafted repository may lead to
arbitrary code execution
Description: An ssh:// URL scheme handling issue was addressed
through improved input validation.
CVE-2017-1000117

ld64
Available for: macOS Sierra 10.12.6 or later
Impact: Parsing a maliciously crafted Mach-O file may...
2017. szeptember 21.

APPLE-SA-2017-09-19-2 Safari 11

Posted by Apple Product Security on Sep 21

APPLE-SA-2017-09-19-2 Safari 11

Safari 11 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit
Available for: OS X El Capitan 10.11.6 and macOS...
2017. szeptember 21.

APPLE-SA-2017-09-19-1 iOS 11

Posted by Apple Product Security on Sep 21

APPLE-SA-2017-09-19-1 iOS 11

iOS 11 is now available and addresses the following:

Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This
issue was addressed through requiring TLS.
CVE-2017-7088: Ilya Nesterov, Maxim...
2017. szeptember 19.

AST-2017-008: RTP/RTCP information leak

Posted by Asterisk Security Team on Sep 19

Asterisk Project Security Advisory - AST-2017-008

Product Asterisk
Summary RTP/RTCP information leak
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Critical...
2017. szeptember 19.

Vulnerabilities in D-Link DGS-3000-10TC

Posted by MustLive on Sep 18

Hello list!

There are Cross-Site Scripting and Content Spoofing vulnerabilities in
D-Link DGS-3000-10TC.

-------------------------
Affected products:
-------------------------

Vulnerable is the next model: D-Link DGS-3000-10TC, Firmware Version
2.00.006. All other versions also must be vulnerable.

----------
Details:
----------

Cross-Site Scripting (WASC-08):

http://site/html/errorpage.html?%22;alert(document.cookie);//

Cross-Site...
2017. szeptember 19.

SSD Advisory – NEXXT Authentication Bypass

Posted by Maor Shwartz on Sep 18

SSD Advisory – NEXXT Authentication Bypass

Full report: https://blogs.securiteam.com/index.php/archives/3414
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes an authentication bypass found in NEXXT
routers.

NEXXT Connectivity Solutions develops “state of the art networking devices
that help connect people and things together, at home, the office and
virtually everywhere”.

Credit
An...
2017. szeptember 19.

Recon Brussels 2018 Call For Papers - 0xD - Registration - Training - Conference - Submit! - PGP key

Posted by cfpbrussels2018 on Sep 18

╔══════════════════════════════════════════════════════════════════════╗
║ ║
║ ║
║ ║...
2017. szeptember 19.

ZK Time_Web Software 2.0 - Broken Authentication

Posted by Arvind Vishwakarma on Sep 18

*Vulnerability Type*: Broken Authentication
*Vendor of Product*: ZKTeco
*Affected Product Code Base*: ZKTime Web - 2.0.1.12280
*Affected Component*: ZK Time Web Interface Management.
*Attack Type*: Local - Unauthenticated
*Impact*: Information Disclosure

------------------------------------------

*Product description:*
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software, which
provided a stable communication for devices through...
2017. szeptember 19.

ZKTime_Web Software 2.0 - Cross Site Request Forgery

Posted by Arvind Vishwakarma on Sep 18

*Vulnerability Type*: Cross Site Request Forgery (CSRF)
*Vendor of Product*: ZKTeco
*Affected Product Code Base*: ZKTime Web - 2.0.1.12280
*Affected Component*: ZK Time Web Interface Management.
*Attack Type*: Local - Authenticated
*Impact*: Escalation of Privileges

------------------------------------------

*Product description:*
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software, which
provided a stable communication for...
2017. szeptember 17.

Internet Security Conference 2017 in China by 360 Qihoo

Posted by Vulnerability Lab on Sep 17

Internet Security Conference China (Asia) - 360 Qihoo

Event Url: http://isc.360.cn/2017/en/index.html

---

Speaker: Benjamin Kunz Mejri

Keynote:  People is the key factor of online security

Possibilities of Individuals & IT-Security - Security Researcher &
Bounty Hunter “No System is Safe!”

---

Speaker: Patrick Paumen

Keynote: Bio Hackers

---

References:

http://www.cctvplus.com/news/20170913/8060916.shtml#!language=1...
2017. szeptember 15.

ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability

Posted by EMC Product Security Response Center on Sep 15

ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability

EMC Identifier: ESA-2017-098
CVE Identifier: CVE-2017-8013
Severity Rating: CVSS v3 Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)

Affected products:
* EMC Data Protection Advisor versions 6.3.x
* EMC Data Protection Advisor versions 6.4.x

Summary:
EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords that could...