Re: [FD] new email; gw22...@hotmail.com | Double-free segfault bypass

2018-03-30 Thread Matthew Fernandez
Maybe I’m misunderstanding something, but what is the vulnerability here? It looks like you are just demonstrating that a program can corrupt its own heap, which it can already do in numerous other ways. > On 26 Mar 2018, at 00:26, keliikoa kirland wrote: > > Tested on: Ubuntu 14.04.5 LTS > V

[FD] Null Pointer Deference (Denial of Service)-Kingsoft Internet Security 9+ Kernel Driver KWatch3.sys

2018-03-30 Thread WTS Research Team
*[ White Team Security (WTS) Security Advisory- ADV-01-03-2018 ]* Kingsoft Internet Security 9+ - Null Pointer Deference Kernel Driver KWatch3.sys -- Author: - Arjun Basnet from

[FD] SSRF(Server Side Request Forgery) in Tpshop <= 2.0.6 (CVE-2017-16614)

2018-03-30 Thread serv...@baimaohui.net
# SSRF(Server Side Request Forgery) in Tpshop <= 2.0.6 (CVE-2017-16614) The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framework. ## Product Download: http://www.tp-shop.cn

[FD] APPLE-SA-2018-3-29-8 iCloud for Windows 7.4

2018-03-30 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-3-29-8 iCloud for Windows 7.4 iCloud for Windows 7.4 is now available and addresses the following: Security Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A buffer ove

[FD] APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows

2018-03-30 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows iTunes 12.7.4 for Windows is now available and addresses the following: Security Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A buff

[FD] APPLE-SA-2018-3-29-6 Safari 11.1

2018-03-30 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-3-29-6 Safari 11.1 Safari 11.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address b

[FD] APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan

2018-03-30 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan Admin Framework Available for: macOS High Sierra 10.13.3 Impact: Passwords supplied to sysadminctl may be exposed to other local

[FD] APPLE-SA-2018-3-29-4 Xcode 9.3

2018-03-30 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-3-29-4 Xcode 9.3 Xcode 9.3 is now available and addresses the following: LLVM Available for: macOS High Sierra 10.13.2 or later Impact: Multiple issues in llvm were addressed in this update Description: Multiple issues were addressed

[FD] APPLE-SA-2018-3-29-3 tvOS 11.3

2018-03-30 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-3-29-3 tvOS 11.3 tvOS 11.3 is now available and addresses the following: CoreFoundation Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A race condit

[FD] APPLE-SA-2018-3-29-2 watchOS 4.3

2018-03-30 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-3-29-2 watchOS 4.3 watchOS 4.3 is now available and addresses the following: CoreFoundation Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was address

[FD] APPLE-SA-2018-3-29-1 iOS 11.3

2018-03-30 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-3-29-1 iOS 11.3 iOS 11.3 is now available and addresses the following: Clock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to s

[FD] Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script

2018-03-30 Thread Mohamed A. Baset
[-] Title: Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script [-] Product Description: Crea8Social is the leading social networking software that helps you build your own custom online community. [-] Vulnerability Type: Multiple Cross-Site Scripting Vulnerabilities

[FD] CVE-2018-5708

2018-03-30 Thread Kevin R
Hello Seclists: Attached is my writeup for the following CVE: CVE-2018-5708 > An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on > the same local network as, but being unauthenticated to, the > administrator's panel, a user can obtain the admin username and > cleartext password

[FD] CA20180328-01: Security Notice for CA API Developer Portal

2018-03-30 Thread Kotas, Kevin J
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CA20180328-01: Security Notice for CA API Developer Portal Issued: March 28, 2018 Last Updated: March 28, 2018 CA Technologies Support is alerting customers to multiple potential risks with CA API Developer Portal. Multiple vulnerabilities exist th

[FD] CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center

2018-03-30 Thread Williams, Ken
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center Issued: March 29, 2018 Last Updated: March 29, 2018 CA Technologies Support is alerting customers to two potential risks with CA Workload Automation AE an