[FD] Avast SandBox Escape via IOCTL Requests

2016-04-20 Thread Kyriakos Economou
* CVE: CVE-2016-4025 * Vendor: Avast * Reported by: Kyriakos Economou * Date of Release: 19/04/2016 * Affected Products: Multiple * Affected Version: Multiple * Fixed Version: N/A Description: A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect th

[FD] Lock Browser 5.3 (Browser Security, Open Source, Python)

2016-04-20 Thread David Leo
SUMMARY This open source tool strictly controls what web browser can access, which stops web browser from loading harmful content - Phishing, Non-Secure HTTP, or whatever that's not in your whitelist. SITUATION "Security flaws in Google Chrome, Microsoft Edge, and Apple Safari were all successf

[FD] Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1

2016-04-20 Thread resea...@rv3lab.org
### 01. ### Advisory Information ### Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 Date published: 2016-15-04 Date of last update: 2014-03-04 Vendors contacted: Oliver (formerly Webshare) v1.3.1 Discovered by:

[FD] [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability

2016-04-20 Thread ERPScan inc
Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://SAP.com Bugs: DoS Sent: 28.09.2015 Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli (ERPScan) Description 1. ADVISORY INFORMATION

[FD] [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability

2016-04-20 Thread ERPScan inc
Application: SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://SAP.com Bugs: Cross-Site Scripting Sent: 01.09.2015 Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2234918 Author: Vahagn Vardanyan (E

[FD] Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege

2016-04-20 Thread Stefan Kanthak
Hi @ll, the executable installers of G-Data's "security" products for Windows, available from , allow escalation of privilege! The downloadable executables are self-extractors containing the real executable installer as resource: they create the subdirectory %