[FD] CVE-2016-5399: php: out-of-bounds write in bzread()

2016-07-25 Thread Hans Jerry Illikainen
PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in its `bzread()' function: php-7.0.8/ext/bz2/bz2.c , | 364 static PHP_FUNCTION(bzread) | 365 { | ... | 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data)); | 383 ZSTR_VAL(data)[ZSTR_LEN(dat

[FD] Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities

2016-07-25 Thread James McLean
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities Reported By: == James McLean - Primary: james dot mclean at gmail dot com Secondary: labs at juicedigital dot net Device Overview: == >From http://www.supercook.me/en/su

[FD] XSS and SQLi in huge IT gallery v1.1.5 for Joomla

2016-07-25 Thread Larry W. Cashdollar
Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor No

[FD] Amazon’s Silk Browser on the Kindle Didn’t Use SSL for Google Search

2016-07-25 Thread Nightwatch Cybersecurity
[Original here: https://wwws.nightwatchcybersecurity.com/2016/07/21/advisory-amazons-silk-browser-on-the-kindle-didnt-use-ssl-for-google-search/] Overview Amazon supplies the Silk Browser for their line of Kindle tablets. The browser includes a selection of three search engines, of which Google w

[FD] Reflected XSS in LinkedIn

2016-07-25 Thread Elar Lang
Title: Reflected XSS in LinkedIn Credit: Elar Lang / https://security.elarlang.eu Vulnerability: Reflected XSS Vendor: LinkedIn (https://www.linkedin.com/) # Background LinkedIn had reflected XSS vulnerability. It was at the end of 2013. I made fulldisclosure now (middle of 2016) to point out an

[FD] CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]

2016-07-25 Thread Programa STIC
Fundación Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar Heap memory corruption in ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++ 1. *Advisory Information* Title: Heap memory corruption in ASN.1 pa

[FD] [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Cisco EPC3925 UPC modem/router default passphrase vulnerabilities - Platforms / Firmware confirmed affected: - Cisco EPC3925, ESIP-12-v302r125573-131230c_upc Vulnerabilities --- Default SSID and passphrase can be calculat

[FD] [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Compal CH7465LG-LC modem/router multiple vulnerabilities The following vulnerabilities are the result of a quick check (~3 hours) of the Mercury modem. We performed a systematic and deeper evaluation of this device also, which result will be

[FD] [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Hitron CGNV4 modem/router multiple vulnerabilities -- Platforms / Firmware confirmed affected: - Hitron CGNV4, 4.3.9.9-SIP-UPC - Product page: http://www.hitrontech.com/en/cable_detail.php?id=62 Vulnerabilities --- Insecure session manag

[FD] [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Technicolor TC7200 modem/router multiple vulnerabilities Platforms / Firmware confirmed affected: - Technicolor TC7200, STD6.02.11 - Product page: http://www.technicolor.com/en/solutions-services/connected-home/broadband-devices/cable-modems

[FD] [SEARCH-LAB advisory] Ubee EVW3226 modem/router multiple vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Ubee EVW3226 modem/router multiple vulnerabilities -- Platforms / Firmware confirmed affected: - Ubee EVW3226, 1.0.20 - Product page: http://www.ubeeinteractive.com/products/cable/evw3226 Vulnerabilities --- Insecure session management T

[FD] [SEARCH-LAB advisory] UPC Hungary network problems

2016-07-25 Thread Gergely Eberhardt
UPC network problems Platforms / Firmware confirmed affected: - UPC Hungary network Problems Network and device configuration problems Administration password is sent to the device in plain in the configuration file Administration password, which is used also for the

[FD] Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design

2016-07-25 Thread Stefan Kanthak
Hi @ll, Windows 7 introduced the "Deployment Image Servicing and Management" tool DISM.exe; this command line program is called for example by its predecessor PkgMgr.exe (a GUI program which requests elevated privileges), or by Windows Update (which runs under SYSTEM account). DISM.exe needs to b

[FD] Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking

2016-07-25 Thread Stefan Kanthak
Hi @ll, this is a followup to "case 36" (posted as "case 35" by mistake), . Proof of concept #1: 1. On a 64-bit edition of Windows download the 32-bit and 64-bit executable installers "eclipse-inst-win32.exe" and "eclipse-inst-

[FD] SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr

2016-07-25 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 > === title: Multiple vulnerabilities product: Micro Focus (former Novell) Filr Appliance vulnerable version: Filr 2 <=2.0.0.421,