[FD] CVE-2016-5399: php: out-of-bounds write in bzread()

2016-07-25 Thread Hans Jerry Illikainen
PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in its `bzread()' function: php-7.0.8/ext/bz2/bz2.c , | 364 static PHP_FUNCTION(bzread) | 365 { | ... | 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data)); | 383

[FD] Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities

2016-07-25 Thread James McLean
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities Reported By: == James McLean - Primary: james dot mclean at gmail dot com Secondary: labs at juicedigital dot net Device Overview: == >From

[FD] XSS and SQLi in huge IT gallery v1.1.5 for Joomla

2016-07-25 Thread Larry W. Cashdollar
Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor

[FD] Amazon’s Silk Browser on the Kindle Didn’t Use SSL for Google Search

2016-07-25 Thread Nightwatch Cybersecurity
[Original here: https://wwws.nightwatchcybersecurity.com/2016/07/21/advisory-amazons-silk-browser-on-the-kindle-didnt-use-ssl-for-google-search/] Overview Amazon supplies the Silk Browser for their line of Kindle tablets. The browser includes a selection of three search engines, of which Google

[FD] Reflected XSS in LinkedIn

2016-07-25 Thread Elar Lang
Title: Reflected XSS in LinkedIn Credit: Elar Lang / https://security.elarlang.eu Vulnerability: Reflected XSS Vendor: LinkedIn (https://www.linkedin.com/) # Background LinkedIn had reflected XSS vulnerability. It was at the end of 2013. I made fulldisclosure now (middle of 2016) to point out

[FD] CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]

2016-07-25 Thread Programa STIC
Fundación Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar Heap memory corruption in ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++ 1. *Advisory Information* Title: Heap memory corruption in ASN.1

[FD] [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Cisco EPC3925 UPC modem/router default passphrase vulnerabilities - Platforms / Firmware confirmed affected: - Cisco EPC3925, ESIP-12-v302r125573-131230c_upc Vulnerabilities --- Default SSID and passphrase can be

[FD] [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Compal CH7465LG-LC modem/router multiple vulnerabilities The following vulnerabilities are the result of a quick check (~3 hours) of the Mercury modem. We performed a systematic and deeper evaluation of this device also, which result will

[FD] [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Hitron CGNV4 modem/router multiple vulnerabilities -- Platforms / Firmware confirmed affected: - Hitron CGNV4, 4.3.9.9-SIP-UPC - Product page: http://www.hitrontech.com/en/cable_detail.php?id=62 Vulnerabilities --- Insecure session

[FD] [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Technicolor TC7200 modem/router multiple vulnerabilities Platforms / Firmware confirmed affected: - Technicolor TC7200, STD6.02.11 - Product page:

[FD] [SEARCH-LAB advisory] Ubee EVW3226 modem/router multiple vulnerabilities

2016-07-25 Thread Gergely Eberhardt
Ubee EVW3226 modem/router multiple vulnerabilities -- Platforms / Firmware confirmed affected: - Ubee EVW3226, 1.0.20 - Product page: http://www.ubeeinteractive.com/products/cable/evw3226 Vulnerabilities --- Insecure session management

[FD] [SEARCH-LAB advisory] UPC Hungary network problems

2016-07-25 Thread Gergely Eberhardt
UPC network problems Platforms / Firmware confirmed affected: - UPC Hungary network Problems Network and device configuration problems Administration password is sent to the device in plain in the configuration file Administration password, which is used also for

[FD] Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking

2016-07-25 Thread Stefan Kanthak
Hi @ll, this is a followup to "case 36" (posted as "case 35" by mistake), . Proof of concept #1: 1. On a 64-bit edition of Windows download the 32-bit and 64-bit executable installers "eclipse-inst-win32.exe" and

[FD] SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr

2016-07-25 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 > === title: Multiple vulnerabilities product: Micro Focus (former Novell) Filr Appliance vulnerable version: Filr 2 <=2.0.0.421,