|
|
Colapse all |
Post message
Re: Kingcopes AthCon 2012 Slides & Notes --> Video online 2013-03-05 king cope (isowarez isowarez isowarez googlemail com) The video of my talk is online now. Happy watching. https://www.youtube.com/watch?v=fYv5tqv1H3U /Kingcope 2012/5/24 HI-TECH . <isowarez.isowarez.isowarez (at) googlemail (dot) com [email concealed]>: > Hello lists, > > you can view my slides & notes for my talk entitled "Uncovering > Zero-Days and advanced fuzzing" held at A [ more ] [ reply ] Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND 2013-03-05 tytusromekiatomek hushmail com ######################### # Subversion MKACTIVITY # ######################### # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # ####################################### # libsvn_fs's svn_fs_file_length() fun # tested on 1.6.17 and few oth [ more ] [ reply ] Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header 2013-03-05 tytusromekiatomek hushmail com ############################################### # fetch_straight() | ((uintmax_t)cl == cll) # ############################################### # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # ####################################### # V [ more ] [ reply ] Verax NMS Authenication Bypass (CVE-2013-1350) 2013-03-06 Just Bugs (sometimesbugs gmail com) Verax NMS Authenication Bypass (CVE-2013-1350) I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing [ more ] [ reply ] Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption. 2013-03-05 tytusromekiatomek hushmail com ############################################################## # httpMakeVaryMark() header value 'value' (http.cc:603 line) # ############################################################## # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # [ more ] [ reply ] Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header 2013-03-05 tytusromekiatomek hushmail com ############################################## # http_GetHdr() | (l == strlen(hdr + 1)) # ############################################## # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # ############################################## [ more ] [ reply ] SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2 2013-03-05 tytusromekiatomek hushmail com #################################### # SIP Witch 0.7.4 w/libosip2-4.0.0 # #################################### # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # ####################################### * DoS by the NULL pointer derefence [ more ] [ reply ] Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc 2013-03-05 tytusromekiatomek hushmail com ################################################################ # DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc # ################################################################ # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AK [ more ] [ reply ] Samsung TV DoS (possible overflow) via SOAPACTION 2013-03-05 tytusromekiatomek hushmail com #!/bin/bash ##################################################### # Samsung TV DoS (possible overflow) via SOAPACTION # ##################################################### # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # ############# [ more ] [ reply ] Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header 2013-03-05 tytusromekiatomek hushmail com ####################################### # STV_alloc() | ((st) != NULL) # ####################################### # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # ####################################### # Versions: 2.1.5 # Full pa [ more ] [ reply ] Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header 2013-03-05 tytusromekiatomek hushmail com ###################################### # VRY_Create() | (*q == ',') # ###################################### # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # ####################################### ## Versions affected: 3.0.3 2. [ more ] [ reply ] RE: [Full-disclosure] Remote system freeze thanks to Kaspersky Internet Security 2013 (SA52053) 2013-03-05 Vulnerability Mailbox (Vulnerability kaspersky com) Hello, Marc, colleagues, We confirm bug that could result in system freeze existed in kneps system driver. Private fix is available right now, patch via automatic product update pending release. Best regards, Vulnerability response | Kaspersky Lab tel: +7 495 7978700 | Vulnerability@kasper [ more ] [ reply ] [PT-2013-17] Arbitrary Files Reading in mnoGoSearch 2013-03-05 noreply ptsecurity ru ----------------------------------------------------------- (PT-2013-17) Positive Technologies Security Advisory Arbitrary Files Reading in mnoGoSearch ----------------------------------------------------------- ---[ Vulnerable software ] mnoGoSearch Version: 3.3.12 and earlier Application [ more ] [ reply ] WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS) 2013-03-05 alej andr0 (alejandr0 m0f0 gmail com) #------------------ # WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS) # # affected versions <= 3.2.5. (tested on 3.2.5, 3.2.3) # # impact: # - code execution in browser context # # author: alejandr0.m0f0 1/ navigate to the page: /wordpress/wp-admin/?page=cpd_meta [ more ] [ reply ] APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 2013-03-04 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 [ more ] [ reply ] [IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting 2013-03-04 Inshell Security (info inshell net) Remote system freeze thanks to Kaspersky Internet Security 2013 2013-03-04 Marc Heuse (mh mh-sec de) I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 (and any other Kaspersky product which includes the firewall f [ more ] [ reply ] [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability 2013-03-01 Frédéric Basse (basse frederic gmail com) [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability _______________________________________________________________________ Summary: Foscam firmware <= 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface. The unauthenticated attacker can access to the ent [ more ] [ reply ] CVE-2013-1413 2013-03-01 stephan rickauer csnc ch ############################################################# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # ############################################################# # # CVE ID : CVE-2013-1413 # CSNC ID: CSNC-2013-003 # Product: i-doit # Vendor: synetics Gesellschaft für Systemintegration [ more ] [ reply ] rpi-update tmpfile vulnerability 2013-03-01 Technion (technion lolware net) Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a (10th Feb commit) Vulnerability #1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create t [ more ] [ reply ] [SE-2012-01] One more attack affecting Oracle's Java SE 7u15 2013-03-04 Security Explorations (contact security-explorations com) Hello All, Last week, Oracle disputed our claim regarding one of the Issues reported to the company on Feb 25, 2012. This was Issue 54 that was partly responsible for a successful attack demonstrated in the environment of Java SE 7 Update 15. It turns out Oracle's attempt to deny Issue 54 turned [ more ] [ reply ] Remote command execution for Ruby Gem ftpd-0.2.1 2013-03-03 larry0 me com Remote command execution for Ruby Gem ftpd-0.2.1 2/28/2013 https://github.com/wconrad/ftpd http://rubygems.org/gems/ftpd "ftpd is a pure Ruby FTP server library. It supports implicit and explicit TLS, passive and active mode, and most of the commands specified in RFC 969. It an be used as part of [ more ] [ reply ] [slackware-security] httpd (SSA:2013-062-01) 2013-03-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2013-062-01) New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +------------------------- [ more ] [ reply ] |
|
Privacy Statement |
I took a closer look at this vulnerability here is my exploit to share:
45 cat > /tmp/updateScript.sh << EOF <-- if we own it first, wait for I_MODIFY and inject our malicious code
46 #!/bin/bash
47 if mv "${_tempFileName}" "$0"; then
48
[ more ] [ reply ]