Re: [FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]

Dawid Golunski wrote on 26/12/2016 03:31: Patching: Responsibly disclosed to PHPMailer team. They've released a critical security release. If you are using an affected release update to the 5.2.18 security release as advised at: https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md A

Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

> > res = apr_crypto_passphrase(&key, &ivSize, passphrase, > > strlen(passphrase), (unsigned char *) (&salt), sizeof(apr_uuid_t), > > *cipher, APR_MODE_CBC, 1, 4096, f, r->pool); > > CBC. Again. > > The earliest mention of CFB which I know is dated 1989. > The earliest mention of CTR which I

[FD] PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)

PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Discovered by Dawid Golunski (@dawid_golunski) https://legalhackers.com Desc: I discovered that the current PHPMailer versions (< 5.2.20) were still vulnerable to RCE as it is possible

[FD] PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]

PHPMailer < 5.2.18 Remote Code Execution CVE-2016-10033 Attaching an updated version of the advisory with more details + simple PoC. Still incomplete. There will be more updates/exploits soon at: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html and

Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

On 2016-12-23 13:28:33 +0100, RedTeam Pentesting GmbH wrote: > res = apr_crypto_passphrase(&key, &ivSize, passphrase, > strlen(passphrase), (unsigned char *) (&salt), sizeof(apr_uuid_t), > *cipher, APR_MODE_CBC, 1, 4096, f, r->pool); CBC. Again. The earliest mention of CFB which I know is dat

[FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]

PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Severity: CRITICAL Discovered by: Dawid Golunski (@dawid_golunski) https://legalhackers.com PHPMailer "Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCR

[FD] kernel vuln status question - how can I be protected

Dear kernel maintainers, specialists, Regarding latest kernel vulns, like CVE-2016-8655, there were some reports how and where ubuntu/debian/redhat distributions fixed the problem. However, I could not find clear indications about fixes in plain vanilla kernel sources. No indication on LTS, and o

[FD] Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin)

Details Software: Image Slider Version: 1.1.41,1.1.89 Homepage: http://wordpress.org/plugins/image-slider-widget/ Advisory report: https://security.dxw.com/advisories/arbitrary-file-deletion-vulnerability-in-image-slider-allows-authenticated-users-to-delete-files/ CVE: Awaiting as

[FD] BlackArch Linux OVA Image released!

Dear list, We've released the new BlackArch Linux OVA image. It includes the complete BlackArch Linux environment together with all tools. The image size is about ~13GB and ready to use for Virtualbox, VMware and Qemu. If you're not already familiar with BlackArchLinux, please read the DESCRIPTIO