[FD] Bad rolling code in keyfob for many Subaru cars

[Author] me [Description of the vulnerability] The rolling code used by the keyfob and car is predictable in the sense that it is not random. It is simply incremental. [Impact] An attacker can 'clone' the keyfob and, unlock cars and, when increasing the rolling code with a sufficiently high valu

[FD] Executable installers are vulnerable^WEVIL (case 54): escalation of privilege with PostgresSQL installers for Windows

Hi @ll, the executable installers of PostgreSQL 10 for Windows, 1. PostgreSQL-10.0-1-win64-bigsql.exe, available from via , 2. postgresql-10.0-1-windows.exe and postgresql-10.0-1-win

[FD] OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection

(This is re-submission of corrected advisory due to accidental CVE-ID swapping) Title: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: == OpenTe

[FD] SSD Advisory – Vacron NVR Remote Command Execution

SSD Advisory – Vacron NVR Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3445 Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerability Summary The following advisory describes a remote command execution vulnerability. VACRON Specializing in “various typ

Re: [FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-)

I can't provide an authoritative list of similarly affected printers, but I can confirm that every printer firmware image I've actually bothered to inspect (BROTHER, for example) is simply a PS document. (Or, in their case, "BR-Script3", if there's really a difference...) I've used the "print t

Re: [FD] SmartBear SoapUI - Remote Code Execution via Deserialization

For users of the "next" branch, if you've built the project since Feb 3rd, you're probably safe (RMI/Cajo disabled and libraries updated): https://github.com/SmartBear/soapui/commit/42af23fb46d81b4c2121193b9eca9c5fd15f5b6a https://github.com/SmartBear/soapui/commit/0562c0f1357c526711eabf1a87dfb56

Re: [FD] ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE

After playing with this for a few more hours, it turns out that you don't need the victim to be able to reach an attacker-controlled web server if you can take advantage of gadgets already present on the victim server. For example, on the Azure Marketplace image for ArcGIS Server 10.3.1, there are

[FD] ArcGIS Server 10.3.1: RMIClassLoader useCodebaseOnly=false RCE

Using an Esri-provided image on Azure's Marketplace, ArcGIS Server 10.3.1 started Java's rmid on port 1098 and explicitly set the property java.rmi.server.useCodebaseOnly equal to false. Screenshot: https://www.dropbox.com/s/xz9ugal3ixnfh1c/10.3.1_rmid_useCodebaseOnly%3Dfalse.png?dl=0 As discusse

[FD] DefenseCode ThunderScan SAST Advisory: WordPress Ad Widget Plugin Local File Inclusion Security Vulnerability

  DefenseCode ThunderScan SAST Advisory WordPress Ad Widget Plugin Local File Inclusion Security Vulnerability Advisory ID:    DC-2017-01-001 Advisory Title: WordPress Ad Widget Plugin Local file Inclusion  Security Vulnerability Advisory URL:   http://w

[FD] DefenseCode ThunderScan SAST Advisory: WordPress Simple Login Log Plugin Multiple SQL Injection Security Vulnerabilities

DefenseCode ThunderScan SAST Advisory WordPress Simple Login Log Plugin Multiple SQL Injection   Security Vulnerabilities Advisory ID:    DC-2017-01-013 Advisory Title: WordPress Simple Login Log Plugin Multiple SQL  Injection Security Vulnerabilities Advisory UR