Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome

I didn't mean that enterprise windows was different from other editions with respect to security. I just meant that in an enterprise environment, windows would most likely be attached to an active directory and the user would login with active directory credentials. So unless they had a local admi

Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome

Hi Haifei, FYI, something similar was presented in 2012: http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html Thanks, Mitja > -Original Message- > From: Fulldisclosure [mailto:fulldisclosure-boun...@seclists.org] On Behalf Of > Haifei Li > Sent: Saturday, October

[FD] Mozilla extensions: a security nightmare (part 2)

Hi @ll, Mozilla Firefox 38 (both standard and ESR) and newer installs and per default activates Cisco's OpenH264 video codec; see Firefox 33 to 37 downloaded this codec and installed it on demand; see This extension come

[FD] Full Path Disclosure vulnerability in JM Twitter Cards reveals the location of the WordPress installation on the server (WordPress plugin)

Details Software: JM Twitter Cards Version: 6.0 Homepage: https://wordpress.org/plugins/jm-twitter-cards Advisory report: https://security.dxw.com/advisories/full-path-disclosure-vulnerability-in-jm-twitter-cards-reveals-the-location-of-the-wordpress-installation-on-the-server/ CV

[FD] IntelliSec Advisory - Multiple Vulnerabilities in Kerio Control Firewall

IntelliSec Security Advisory == Title: Multiple Vulnerabilities in Kerio Control (Virtual Appliance) Vulnerabilities:XSS, SQL Injection, Remote Code Execution through CSRF Product:

[FD] Vantage Point Security Advisory 2015-002

Vantage Point Security Advisory 2015-002 Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A (24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models) Versions affected: < S3.0.501

[FD] Vantage Point Security Advisory 2015-003

Vantage Point Security Advisory 2015-003 Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A (24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models) Versions affected: < S3

[FD] Buffer overflow in tiny-AES128-C

The library tiny-AES128-C, available from https://github.com/kokke/tiny-AES128-C , contains a buffer overflow in its AES128_CBC_encrypt_buffer() function, where 15 bytes beyond the end of the input buffer can be overwritten. For instance, if the function is invoked with an input buffer of lengt

[FD] JScript 5.7 (MSIE 8) RegExpBase::FBadHeader regular expression use-after-free

Recompiling the regular expression pattern during a replace can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size. CVE-2015-2482: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482 ZDI-1