Security
Neoscreen v4.5 Cross-site scripting
Posted by alex_haynes on Jul 25
Exploit Title: Neoscreen Cross-site scriptingProduct: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes
Advisory Details:
(1) Vendor & Product Description
--------------------------------
Vendor:
Cube Digital Media
Product & Version:
Neoscreen digital...
Categories: Security
Neoscreen v4.5 Blind SQL injection
Posted by alex_haynes on Jul 25
Exploit Title: Neoscreen Blind SQL injectionProduct: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: NONE
Credit: Alex Haynes
Advisory Details:
(1) Vendor & Product Description
--------------------------------...
Categories: Security
Neoscreen v4.5 Authentication bypass
Posted by alex_haynes on Jul 25
Exploit Title: Neoscreen v4.5 Authentication bypassProduct: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes
Advisory Details:
(1) Vendor & Product Description
--------------------------------
Vendor:
Cube Digital Media
Product & Version:
Neoscreen...
Categories: Security
[SECURITY] [DSA 3626-1] openssh security update
Posted by Salvatore Bonaccorso on Jul 25
-------------------------------------------------------------------------Debian Security Advisory DSA-3626-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : openssh
CVE ID : CVE-2016-6210
Debian Bug :...
Categories: Security
Autobahn|Python Insecure allowedOrigins validation >= 0.14.1
Posted by mgill on Jul 25
Observation:Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third
parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within
another browser's context.
Proof of Concept:
The following will set
```
class OriginCheckServerFactory(WebSocketServerFactory):
protocol = ...arbitrary entry here...
def...
Categories: Security
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
Posted by Stefan Kanthak on Jul 25
Hi @ll,Windows 7 introduced the "Deployment Image Servicing and Management"
tool DISM.exe; this command line program is called for example by
its predecessor PkgMgr.exe (a GUI program which requests elevated
privileges), or by Windows Update (which runs under SYSTEM account).
DISM.exe needs to be run with administrative privileges:
this condition is met in both cases named above.
When called with valid arguments, DISM.exe creates a...
Categories: Security
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
Posted by Stefan Kanthak on Jul 25
Hi @ll,this is a followup to "case 36" (posted as "case 35" by mistake),
<http://seclists.org/bugtraq/2016/Jul/82>.
Proof of concept #1:
~~~~~~~~~~~~~~~~~~~~
1. On a 64-bit edition of Windows download the 32-bit and 64-bit
executable installers "eclipse-inst-win32.exe" and
"eclipse-inst-win64.exe", save them in an arbitrary directory.
2. Create the (empty) files...
Categories: Security
[slackware-security] bind (SSA:2016-204-01)
Posted by Slackware Security Team on Jul 25
[slackware-security] bind (SSA:2016-204-01)New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.10.4_P2-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue:
getrrsetbyname with a non absolute name could trigger an infinite
recursion bug in lwresd and named...
Categories: Security
CA20160721-01: Security Notice for CA eHealth
Posted by Kotas, Kevin J on Jul 25
CA20160721-01: Security Notice for CA eHealthIssued: 2016-07-21
Last Updated: 2016-07-21
CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these...
Categories: Security
[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example
Posted by Tim Allison on Jul 25
CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV ExampleSeverity: Important
Vendor: The Apache Software Foundation
Versions Affected: POI 3.5-3.13
Description:
Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and users that use
XLSX2CSV and accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allow remote...
Categories: Security
Tor 0.2.1.29 is released (security patches)
Tor 0.2.1.29 continues our recent code security audit work. The main
fix resolves a remote heap overflow vulnerability that can allow remote
code execution. Other fixes address a variety of assert and crash bugs,
most of which we think are hard to exploit remotely.
All Tor users should upgrade.
https://www.torproject.org/download/download
Changes in version 0.2.1.29 - 2011-01-15
o Major bugfixes (security):
- Fix a heap overflow bug where an adversary could cause heap
corruption. This bug probably allows remote code execution
attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
0.1.2.10-rc.
- Prevent a denial-of-service attack by disallowing any
zlib-compressed data whose compression factor is implausibly
high. Fixes part of bug 2324; reported by "doorss".
- Zero out a few more keys in memory before freeing them. Fixes
bug 2384 and part of bug 2385. These key instances found by
"cypherpunks", based on Andrew Case's report about being able
Categories: Security
Tor 0.2.1.28 is released (security patches)
Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
exploitable bugs. Thanks to Willem Pinckaers for notifying us of the
issue. The Common Vulnerabilities and Exposures project has assigned
CVE-2010-1676 to this issue.
We also took this opportunity to change the IP address for one of our
directory authorities, and to update the geoip database we ship.
All Tor users should upgrade.
https://www.torproject.org/download/download
Changes in version 0.2.1.28 - 2010-12-17
o Major bugfixes:
- Fix a remotely exploitable bug that could be used to crash instances
of Tor remotely by overflowing on the heap. Remote-code execution
hasn't been confirmed, but can't be ruled out. Everyone should
upgrade. Bugfix on the 0.1.1 series and later.
o Directory authority changes:
- Change IP address and ports for gabelmoo (v3 directory authority).
o Minor features:
- Update to the December 1 2010 Maxmind GeoLite Country database.
----------------------------------------------
Categories: Security
