[FD] Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details

2016-11-01 Thread Berend-Jan Wever
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the first entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161101001.html. There you can find a repro that

[FD] CVE-2016-8580 - Alienvault OSSIM/USM Object Injection Vulnerability

2016-11-01 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8580 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details = A PHP object injection vulnerability exists in multiple

[FD] CVE-2016-8581 - Alienvault OSSIM/USM Stored XSS Vulnerability

2016-11-01 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details = A stored XSS vulnerability exists in the User-Agent

[FD] CVE-2016-8582 - Alienvault OSSIM/USM SQL Injection Vulnerability

2016-11-01 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8582 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details = A SQL injection vulnerability exists in the value parameter of

[FD] CVE-2016-8583 - Alienvault OSSIM/USM Reflected XSS

2016-11-01 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: Reflected XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8583 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details = Multiple GET parameters in the vulnerability scan scheduler of

[FD] MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]

2016-11-01 Thread Dawid Golunski
CVE-2016-6663 / OCVE-2016-5616 Vulnerability: MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Discovered by: Dawid Golunski @dawid_golunski http://legalhackers.com Affected versions: MariaDB < 5.5.52 < 10.1.18 < 10.0.28 MySQL <= 5.5.51 <= 5.6.32 <= 5.7.14 Percona Server

Re: [FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)

2016-11-01 Thread Brandon Perry
> On Oct 31, 2016, at 2:41 PM, Elar Lang wrote: > > Title: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) > Credit: Elar Lang / https://security.elarlang.eu > Vendor/Product: dotCMS (http://dotcms.com/) > Vulnerability: SQL injection > Vulnerable version: before

[FD] Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards

2016-11-01 Thread Vulnerability Lab
Topic: Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards Source: http://www.securityweek.com/researchers-claim-wickr-patched-flaws-didnt-pay-rewards Wickr Inc Secret Messenger - Bug Bounty Program Vulnerabilities by Design - Wickr Inc - When honesty disappears behind the VCP Mountain

[FD] Vulnerabilities in D-Link DIR-300

2016-11-01 Thread MustLive
Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DIR-300. - Affected products: - Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All previous versions also must

[FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)

2016-11-01 Thread Elar Lang
Title: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Credit: Elar Lang / https://security.elarlang.eu Vendor/Product: dotCMS (http://dotcms.com/) Vulnerability: SQL injection Vulnerable version: before 3.5; 3.3.1 and 3.3.2 (depends on CVE) CVE: CVE-2016-8902, CVE-2016-8903,