|
|
Colapse all |
Post message
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) 2015-07-01 Pierre Kim (pierre kim sec gmail com) ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability 2015-07-01 Security Alert (Security_Alert emc com) Path Traversal in BlackCat CMS 2015-07-01 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23263 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Version(s): 1.1.1 and probably prior Tested Version: 1.1.1 Advisory Publication: June 10, 2015 [without technical details] Vendor Notification: June 10, 2015 Vendor Patch: June 24, 2015 Public Disclosure: July 1 [ more ] [ reply ] Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability 2015-07-01 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1535 Video: http://www.vulnerability-lab.com/get_content.php?id=1537 Release Date: ============= 2015-06-29 [ more ] [ reply ] ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities 2015-07-01 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities EMC Identifier: ESA-2015-108 CVE Identifier: CVE-2015-0547, CVE-2015-0548 Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs Affected pro [ more ] [ reply ] ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities 2015-07-01 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities CVE Identifier: CVE-2015-0551, CVE-2015-4524 Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs Affected products: ? EMC Documentu [ more ] [ reply ] FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability 2015-07-01 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1538 Release Date: ============= 2015-06-30 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability 2015-07-01 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1463 EIBBP-31602 Release Date: ============= 2015-06-30 Vulnerability Laboratory ID (VL-ID): ======= [ more ] [ reply ] Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability 2015-07-01 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1431 Release Date: ============= 2015-06-30 Vulnerability Laboratory ID (VL-ID): ======================= [ more ] [ reply ] Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects 2015-07-01 andrew panfilov tel Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On April 2014 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to elevate privileges, hijack Content Server filesystem or execute arbitrary command [ more ] [ reply ] APPLE-SA-2015-06-30-6 iTunes 12.2 2015-07-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-6 iTunes 12.2 iTunes 12.2 is now available and addresses the following: WebKit Available for: Windows 8 and Windows 7 Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected appli [ more ] [ reply ] APPLE-SA-2015-06-30-5 QuickTime 7.7.7 2015-06-30 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-5 QuickTime 7.7.7 QuickTime 7.7.7 is now available and addresses the following: QT Media Foundation Available for: Windows 7 and Windows Vista Impact: Processing a maliciously crafted file may lead to an unexpected application [ more ] [ reply ] APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 2015-06-30 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 Mac EFI Security Update 2015-001 is now available and addresses the following: EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application with root p [ more ] [ reply ] APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 2015-06-30 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite [ more ] [ reply ] APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 2015-06-30 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following: Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 t [ more ] [ reply ] APPLE-SA-2015-06-30-1 iOS 8.4 2015-06-30 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-1 iOS 8.4 iOS 8.4 is now available and addresses the following: Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile ap [ more ] [ reply ] Google Chrome Address Spoofing (Request For Comment) 2015-06-30 David Leo (david leo deusen co uk) Impact: The "click to verify" thing is completely broken... Anyone can be "BBB Accredited Business" etc. You can make whitehouse.gov display "We love Islamic State" :-) Note: No user interaction on the fake page. Code: ***** index.html <script> function next() { w.location.replace('http://www.ora [ more ] [ reply ] CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP 2015-06-29 Fernando Muñoz (fernando null-life com) TimeDoctor claims to be a software that helps to improve the productivity of teams, reduce time spent on distractions [1] Vulnerability: TimeDoctor autoupdate feature downloads and executes files over plain HTTP and doesn't perform any check with the files. An attacker with MITM capabilities (i.e., [ more ] [ reply ] [SECURITY] [DSA 3297-1] unattended-upgrades security update 2015-06-29 Alessandro Ghedini (ghedo debian org) novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities 2015-06-29 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0 [ more ] [ reply ] CollabNet Subversion Edge indes local file inclusion 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: Local file inclusion in CollabNet Subversion Edge Management # Frontend via logfile "listViewItem" parameter of the "index" action # # Date: 28.06.2015 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora [ more ] [ reply ] CollabNet Subversion Edge missing single login restriction 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: The CollabNet Subversion Edge management missing single login # restriction # # Date: 28.06.2015 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora Linux # Type: No single login restriction # # Risk: Lo [ more ] [ reply ] CollabNet Subversion Edge weak password storage mechanism 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: The CollabNet Subversion Edge stores passwords as unsalted MD5 hashes # Date: 28.06.2015 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora Linux # Type: Insecure password storage # Risk: Medium # Stat [ more ] [ reply ] CollabNet Subversion Edge missing XSRF protection 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement XSRF protection tokens # # Date: 28.06.2015 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora Linux # Type: XSRF # # Risk: Low # Sta [ more ] [ reply ] CollabNet Subversion Edge weak password policy 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: The CollabNet Subversion Edge Management Frontend does not # implement a strong password policy # # Date: 28.06.2015 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora Linux # Type: Lack of defensive me [ more ] [ reply ] CollabNet Subversion Edge autocomplete on 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: The CollabNet Subversion Edge management frontend login page # password field has autocomplete enabled # # Date: 28.06.2015 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora Linux # Type: Lack of defen [ more ] [ reply ] CollabNet Subversion Edge missing clickjacking protection 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: The CollabNet Subversion Edge Management Frontend does not # implement clickjacking protection # # Date: 28.06.2015 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora Linux # Type: Clickjacking # # Risk [ more ] [ reply ] CollabNet Subversion Edge missing brute force protection 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: The CollabNet Subversion Edge does not protect against brute # forcing accounts # # Date: 28.06.2015 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora Linux # Type: Lack of defensive measures # # Risk: [ more ] [ reply ] CollabNet Subversion Edge show local file inclusion 2015-06-28 Oliver-Tobias Ripka (otr bockcay de) # Vuln Title: Local file inclusion in CollabNet Subversion Edge Management # Frontend via "fileName" parameter of the show action # # Date: 10.10.2014 # Author: otr # Software Link: https://www.open.collab.net/downloads/svnedge # Vendor: CollabNet # Version: 4.0.11 # Tested on: Fedora Linux # Type: [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
Please find a text-only version below sent to security mailing-lists.
The complete version on exploits about my last advisory of ipTIME
products is posted here:
https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-ipt
ime-router-
[ more ] [ reply ]