Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen Cross-site scripting
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen digital...

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen Blind SQL injection
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------...

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen v4.5 Authentication bypass
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen...

Posted by Salvatore Bonaccorso on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3626-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
CVE ID : CVE-2016-6210
Debian Bug :...

Posted by mgill on Jul 25

Observation:
Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third
parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within
another browser's context.

Proof of Concept:
The following will set
```
class OriginCheckServerFactory(WebSocketServerFactory):
protocol = ...arbitrary entry here...

def...

Posted by Stefan Kanthak on Jul 25

Hi @ll,

Windows 7 introduced the "Deployment Image Servicing and Management"
tool DISM.exe; this command line program is called for example by
its predecessor PkgMgr.exe (a GUI program which requests elevated
privileges), or by Windows Update (which runs under SYSTEM account).

DISM.exe needs to be run with administrative privileges:
this condition is met in both cases named above.

When called with valid arguments, DISM.exe creates a...

Posted by Stefan Kanthak on Jul 25

Hi @ll,

this is a followup to "case 36" (posted as "case 35" by mistake),
<http://seclists.org/bugtraq/2016/Jul/82>.

Proof of concept #1:
~~~~~~~~~~~~~~~~~~~~

1. On a 64-bit edition of Windows download the 32-bit and 64-bit
executable installers "eclipse-inst-win32.exe" and
"eclipse-inst-win64.exe", save them in an arbitrary directory.

2. Create the (empty) files...

Posted by Slackware Security Team on Jul 25

[slackware-security] bind (SSA:2016-204-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.10.4_P2-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue:
getrrsetbyname with a non absolute name could trigger an infinite
recursion bug in lwresd and named...

Posted by Kotas, Kevin J on Jul 25

CA20160721-01: Security Notice for CA eHealth

Issued: 2016-07-21
Last Updated: 2016-07-21

CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these...

Posted by Tim Allison on Jul 25

CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: POI 3.5-3.13

Description:

Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and users that use
XLSX2CSV and accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allow remote...

Tor 0.2.1.29 continues our recent code security audit work. The main fix resolves a remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.29 - 2011-01-15 o Major bugfixes (security): - Fix a heap overflow bug where an adversary could cause heap corruption. This bug probably allows remote code execution attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on 0.1.2.10-rc. - Prevent a denial-of-service attack by disallowing any zlib-compressed data whose compression factor is implausibly high. Fixes part of bug 2324; reported by "doorss". - Zero out a few more keys in memory before freeing them. Fixes bug 2384 and part of bug 2385. These key instances found by "cypherpunks", based on Andrew Case's report about being able

Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely exploitable bugs. Thanks to Willem Pinckaers for notifying us of the issue. The Common Vulnerabilities and Exposures project has assigned CVE-2010-1676 to this issue. We also took this opportunity to change the IP address for one of our directory authorities, and to update the geoip database we ship. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.28 - 2010-12-17 o Major bugfixes: - Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. Bugfix on the 0.1.1 series and later. o Directory authority changes: - Change IP address and ports for gabelmoo (v3 directory authority). o Minor features: - Update to the December 1 2010 Maxmind GeoLite Country database. ----------------------------------------------