|
|
Colapse all |
Post message
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking 2016-07-23 Stefan Kanthak (stefan kanthak nexgo de) [slackware-security] bind (SSA:2016-204-01) 2016-07-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2016-204-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +-------------------------- [ more ] [ reply ] Cross-Site Scripting in Contact Form to Email WordPress Plugin 2016-07-24 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in Contact Form to Email WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ----------------------------------------------------------------- [ more ] [ reply ] CA20160721-01: Security Notice for CA eHealth 2016-07-22 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20160721-01: Security Notice for CA eHealth Issued: 2016-07-21 Last Updated: 2016-07-21 CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface, CVE-2016-6151 and CV [ more ] [ reply ] [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example 2016-07-22 Tim Allison (tallison apache org) CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Severity: Important Vendor: The Apache Software Foundation Versions Affected: POI 3.5-3.13 Description: Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and [ more ] [ reply ] MySQL zero-day vulnerabilities (July 2016 CPU) 2016-07-22 lem nikolas gmail com MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google, Facebook, Twitter just to cite a few.. In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to identify and mitigate tho [ more ] [ reply ] Dreammail 5 mail client XSS Vulnerability 2016-07-22 wwiinngd gmail com Title: Dreammail 5 mail client XSS Vulnerability Software : Dreammail Software Version : v5.16 Vendor: www.dreammail.org Vulnerability Published : 2016-03-21 Author:zhenwei_qi Email:wwiinngd (at) gmail (dot) com [email concealed] Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N) Bug Description : Dream [ more ] [ reply ] [slackware-security] gimp (SSA:2016-203-01) 2016-07-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gimp (SSA:2016-203-01) New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] [slackware-security] php (SSA:2016-203-02) 2016-07-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-203-02) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] [security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS) 2016-07-21 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05204371 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05204371 Version: 1 HPSBGN03631 r [ more ] [ reply ] MySQL zero-day vulnerabilities (July 2016 CPU) 2016-07-21 lem nikolas gmail com MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google, Facebook, Twitter just to cite a few.. In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to identify and mitigate thos [ more ] [ reply ] [SECURITY] [DSA 3624-1] mysql-5.5 security update 2016-07-21 Salvatore Bonaccorso (carnil debian org) Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products 2016-07-21 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products Advisory ID: cisco-sa-20160721-asn1c Revision: 1.0 For Public Release: 2016 July 21 19:00 GMT +--------------------------------------------------- [ more ] [ reply ] CVE-2016-5399: php: out-of-bounds write in bzread() 2016-07-21 Hans Jerry Illikainen (hji dyntopia com) PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in its `bzread()' function: php-7.0.8/ext/bz2/bz2.c ,---- | 364 static PHP_FUNCTION(bzread) | 365 { | ... | 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data)); | 383 ZSTR_VAL(data)[ZSTR_LEN(data) [ more ] [ reply ] Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) 2016-07-20 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) ------------------------------------------------------------------------ Han Sahin, July 2016 --------------------------------------------------------- [ more ] [ reply ] Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin 2016-07-20 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ---------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability 2016-07-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability Advisory ID: cisco-sa-20160720-ucsperf Revision 1.0 For Public Release 2016 July 20 16:00 GMT (UTC) +-------------------------------------- [ more ] [ reply ] [SEARCH-LAB advisory] UPC Hungary network problems 2016-07-20 Gergely Eberhardt (gergely eberhardt search-lab hu) UPC network problems -------------------- Platforms / Firmware confirmed affected: - UPC Hungary network Problems -------- Network and device configuration problems Administration password is sent to the device in plain in the configuration file Administration password, which is used also for the [ more ] [ reply ] [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities 2016-07-20 Gergely Eberhardt (gergely eberhardt search-lab hu) Compal CH7465LG-LC modem/router multiple vulnerabilities -------------------------------------------------------- The following vulnerabilities are the result of a quick check (~3 hours) of the Mercury modem. We performed a systematic and deeper evaluation of this device also, which result will be [ more ] [ reply ] [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities 2016-07-20 Gergely Eberhardt (gergely eberhardt search-lab hu) Hitron CGNV4 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Hitron CGNV4, 4.3.9.9-SIP-UPC - Product page: http://www.hitrontech.com/en/cable_detail.php?id=62 Vulnerabilities --------------- Insecure session manage [ more ] [ reply ] [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities 2016-07-20 Gergely Eberhardt (gergely eberhardt search-lab hu) Technicolor TC7200 modem/router multiple vulnerabilities -------------------------------------------------------- Platforms / Firmware confirmed affected: - Technicolor TC7200, STD6.02.11 - Product page: http://www.technicolor.com/en/solutions-services/connected-home/broadban d-devices/cable-modems- [ more ] [ reply ] [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities 2016-07-20 Gergely Eberhardt (gergely eberhardt search-lab hu) Cisco EPC3925 UPC modem/router default passphrase vulnerabilities ----------------------------------------------------------------- Platforms / Firmware confirmed affected: - Cisco EPC3925, ESIP-12-v302r125573-131230c_upc Vulnerabilities --------------- Default SSID and passphrase can be calculate [ more ] [ reply ] CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] 2016-07-19 Programa STIC (stic fundacionsadosky org ar) Fundación Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar Heap memory corruption in ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++ 1. *Advisory Information* Title: Heap memory corruption in ASN.1 parsing code generated by Objective S [ more ] [ reply ] Multiple SQL injection vulnerabilities in WordPress Video Player 2016-07-19 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Multiple SQL injection vulnerabilities in WordPress Video Player ------------------------------------------------------------------------ David Vaartjes & Yorick Koster, July 2016 ---------------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery in Icegram WordPress Plugin 2016-07-19 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery in Icegram WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ [ more ] [ reply ] Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin 2016-07-19 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin ------------------------------------------------------------------------ Han Sahin, July 2016 ------------------------------------------------------ [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking 2016-07-19 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, eclipse-inst-win32.exe (and of course eclipse-inst-win64.exe too) loads and executes multiple DLLs (in version 4.5 also CMD.EXE) from its "application directory". * version 4.5 ("Mars") on Windows 7: UXTheme.dll, WindowsCodecs.dll, AppHelp.dll, SrvCli.dll, Slc.dll, NTMarta.dll, ProfAPI [ more ] [ reply ] Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) 2016-07-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1869 Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases [ more ] [ reply ] |
|
Privacy Statement |
this is a followup to "case 36" (posted as "case 35" by mistake),
<http://seclists.org/bugtraq/2016/Jul/82>.
Proof of concept #1:
~~~~~~~~~~~~~~~~~~~~
1. On a 64-bit edition of Windows download the 32-bit and 64-bit
executable installers "eclipse-inst-win32.exe" and
"eclipse-inst-w
[ more ] [ reply ]