[FD] Broken, Abandoned, and Forgotten Code, Part 13

Part 13 (the penultimate installment) of Broken, Abandoned, and Forgotten Code is up. In this first of two parts covering post exploitation, we cover how to customize the stage 1 firmware image the exploit will flash onto the target. It is the job of this minimized firmware image to bootstrap a ful

[FD] Veeam Backup & Replication Local Privilege Escalation Vulnerability

discovered 20150724 Vulnerability disclosed to ISGroup's Partners 20150805 Request for CVE to Mitre 20150805 Got CVE-2015-5742 from cve-assign (fast!) 20150806 Details disclosure to Support/Denis Bodnar and CVE 20150806 Escalation to Fred Bozhanov (fast!) will fix in Veeam B&R v8 20150818

[FD] [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass

Advisory: Buffalo LinkStation Authentication Bypass An authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage (NAS) device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the

Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome

Lee "cant afford a surname" wrote: > Haifei Li, changing the default behavior to open a window asking the > user where to save the file would change nothing. A "normal user" > would just click the "save" button to save the file in the default > folder. I also don't think it should be the browse

Re: [FD] DDos Attack To Drop The Internet

Given enough bandwidth and a unique idea, anything is possible, it is true. You provided a 2MB text list of DNS servers, approximately 200,000 of them. They sit across most of the v4 IP ranges available (and some IPV6 ones). This means upstream links won't likely be saturated, and filtering can l

Re: [FD] DDos Attack To Drop The Internet

This used to be a problem, 10+ years ago, since then there has been a lot of work done to protect larger DNS services (root servers in particular) against DDoS: https://en.wikipedia.org/wiki/Distributed_denial-of-service_attacks_on_root_nameservers P. -Original Message- From: Fulldiscl

[FD] A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE

Hello, Please find a text-only version below sent to security mailing-lists. The html version on analysing the vulnerabilities in Huawei 3G routers is posted here: https://pierrekim.github.io/blog/2015-10-07-Huawei-routers-vulnerable-to-multiple-threats.html === text-version of the adviso

Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability

On Mon, Oct 5, 2015 at 8:16 AM, Stefan Kanthak wrote: > > That's why giving unsuspecting users *.EXE to install a software package > or to unpack an archive and thus training them to run almost anything > they get their hands on is a BLOODY STUPID idea in the first place. > > ALWAYS use the platf

[FD] Drupal 8.0.0-beta14 Vendor Script Vulnerable to XSS

*Overview* Recently, I was playing around with the Drupal CMS application code. Drupal is an open source CMS application widely used for blog posting purpose, Further details, to know more about Drupal here . Open source application advantage being, the source

[FD] CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.

*Introduction* *Oracle E*–*Business Suite* is a fully integrated, comprehensive suite of business applications for the enterprise. Following purposes most of organization uses Oracle E-business. 1. Customer Relationship Management 2. Financial Management 3. Human Capital Management 4.

[FD] TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391

Information Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status : Fi

[FD] TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390

Information Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed CVE-I

[FD] CSRF vulnerabilities in Callisto 821+R3 ADSL Router

Hello list! After all my advisories about vulnerabilities in Callisto 821+ (http://seclists.org/fulldisclosure/2011/Aug/1) and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new d

[FD] [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Revive Adserver Security Advisory REVIVE-SA-2015-001 http://www.revive-adserver.com/

Re: [FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

Hi Joe, Thanks for your feedback. Daniel, who discovered the issue and liaised with Netgear to get the issue patched, is in CC of this email. Would you mind to share some further details? This may help putting pressure on Netgear to release the patch they actually developed beginning of S

Re: [FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

I can confirm that this is actively being exploited in the wild as we speak. I got owned last week. On Tue, Oct 6, 2015 at 7:59 AM, Alexandre Herzog wrote: > # > # > # COMPASS SECURITY ADVISORY > # http://www.csnc.ch/en/downloads/adviso

[FD] Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: Netgear Router Firmware N300_1.1.0.31_1.0.1.img # and N300-1.