LG On Screen Phone authentication bypass vulnerability
--
SEARCH-LAB Ltd. discovered a serious security vulnerability in the On
Screen Phone protocol used by LG Smart Phones. A malicious attacker is
able to bypass the authentication phase of the n
w-r-- u0_a6media_rw 13 2014-09-24 01:36 sdf.txt
drwxrwx--x u0_a6u0_a6 2014-07-22 01:06 shared_prefs
Tested on: Android 4.4.4
Reported on: 2014-09-26
Assigned CVE: CVE-2014-7954
Discovered by: Imre Rad / Search-Lab Ltd.
http://www.search-lab
m.
Tested on: Android 4.0.4:
Reported on:2014-07-14
Assigned CVE: CVE-2014-7951
Android bug id: 16298491
Discovered by: Imre Rad / Search-Lab Ltd.
http://www.search-lab.hu
http://www.securecodingacademy.com/
arlier Android versions are.
Tested on: Android 4.4.4:
Reported on:2014-08-15
Assigned CVE: CVE-2014-7951
Android bug id: 15829193
Discovered by: Imre Rad / Search-Lab Ltd.
http://www.search-lab.hu
http://www.securecodingacademy.com/
In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in
Microsec e-Szigno, and Netlock Mokka computer applications that are used to
generate and validate
digital signatures, which are applied within the official Hungarian government
processes. The vulnerability affected the „e-a
The Android operating system offers a backup/restore mechanism of
installed packages through the ADB utility. Full backup of applications
including the private files stored on /data partition is performed by
default, but applications can customize this behavior by implementing a
BackupAgent class.
649e07ed74468f097a28899741eb58f
The fixed versions of PHP are: 5.5.31, 5.6.17 and 7.0.2.
More information:
http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine
Imre Rad
Search-Lab Ltd.
http://www.search-lab.hu/
http://www.scademy.com/
/c60d4b97707c513ee8b554eecf1c5c653cae5998#diff-19cd0c042863b5e723b785a39a866a25
The fixed versions of PHP are: 5.5.31, 5.6.17 and 7.0.2.
More information:
http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine
Imre Rad
Search-Lab Ltd.
http://www.search-lab.hu/
http://www.scademy.com/
mp;action=6&cmd=ls%20-la
Timeline:
2016-01-04: Original report to the developer
2016-01-04: CVE ID requested from MITRE
2016-01-11: Report resent to the developer
2016-01-18: Notification sent to the developer about disclosing the
vulnerability on 25th of January
2016-01-18: Disclosure
I
the SAPI socket is a prerequisite of the attack.
The fix is available with the commit:
https://github.com/php/php-src/commit/08080c18f5f3700af6242a338a2698502207ed45
The fixed versions of PHP are: 5.5.31, 5.6.17 and 7.0.2.
Imre Rad
Search-Lab Ltd.
http://www.search-lab.hu/
http://www.scademy.com/
"PHP is a popular general-purpose scripting language that is
especially suited to web development."
PHP has deployed several features over the years that are prone to
incorrect architectural decisions (safe mode
https://www.php.net/manual/en/features.safe-mode.php or open_basedir
http://news.php.n
Affected product:
WampServer 3.1.4-3.1.8
Offiical description:
"WampServer is a Windows web development environment. It allows you to
create web applications with Apache2, PHP and a MySQL database.
Alongside, PhpMyAdmin allows you to manage easily your databases."
Official website:
http://www.wam
WP Fastest Cache is a Wordpress plugin that creates static html files
from the dynamic WordPress blog in order to speed up operation.
Version 0.8.9.5 and below of the plugin was identified being
vulnerable to directory traversal attacks.
The first two are Windows only, the 3rd one is generic. The
I identified several vulnerabilities in the GNU patch utility, some of
them making it possible to execute arbitrary code if the victim opens
a crafted patch file. It also turned out, some of these
vulnerabilities had been silently addressed by the maintainer back
then in 2018 when CVE-2018-1000156
IcedTeaWeb is an open source implementation of JSR-56 that is better
known as Java Web Start.
It is currently maintained by RedHat and is included into the Windows
packages of OpenJDK by default.
"Three security issues were found in ITW, and have been discussed and
are going to be fixed.
Those are
The TrustedInstaller service running on the Windows operating system
hosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users wit
:
---
Discovered by: Imre Rad
Reported on: 2016-03-21
Disclosure: 2016-07-13
Jackson-databind is a popular library in Java for JSON
marshalling/unmarshalling.
It has a feature called default-typing: when the target class has some
polymorph fields inside (such as interfaces, abstract classes or the
Object base class), the library can include type info into the JSON
structur
18 matches
Mail list logo