Legal Robot: 2 vulns

the first report is concerning AWS S3 bucket Readable for authenticated aws users , the same as this report 163476 the bucket is sdk.amazonaws.com , i believe it's yours because i found it in a Head request to https://app.legalrobot.com/ : F115189 listing the bucket : 115190 i don't have any...

Vanderbilt Industries Siemens IP CCTV Cameras Vulnerability

OVERVIEW Siemens reports that there is a vulnerability in Siemens-branded IP cameras from Vanderbilt Industries. Vanderbilt has released updates to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the...

HackerOne: Non-secure requests are not automatically upgraded to HTTPS

Non-secure requests to hackerone.com e.g. http://hackerone.com are not automatically upgraded to HTTPS. This is not something you would notice when you use the latest version of modern web browsers such as Google Chrome or Firefox, because hackerone.com is HSTS preloaded. When a domain is...

Veris: Internal server error 500 at log.veris.in

INTRO: i have discovered an internal server error 500 at log.veris.in in sentry app & possible DoS injection with data garbage EXPLOITABILITY: Steps: 1After Sending this request Sentry is crash with an internal server error showing version of sentry and the capability of sending the issue with a...

Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities

OVERVIEW Siemens has released a new version of SIMATIC STEP 7 TIA Portal to mitigate information disclosure vulnerabilities. These vulnerabilities were reported directly to Siemens by Dmitry Sklyarov and Gleb Gritsai from Positive Technologies. Siemens has produced a new version to mitigate these...

lisa.py - An Exploit Dev Swiss Army Knife

lisa.py An Exploit Dev Swiss Army Knife. Installation Copy lisa.py and .lldbinit to / Use the following commands: ant4g0nist$ cp lisa.py /lisa.py ant4g0nist$ cp lldbinit /.lldbinit ant4g0nist$ lldb lllllll iiii l:::::l i::::i l:::::l iiii l:::::l l::::l iiiiiii ssssssssss aaaaaaaaaaaaa l::::l...

PHP serialize/object injection vulnerability exploit-vulnerability warning-the black bar safety net

! This article is about PHP serialize/object injection vulnerability analysis of the short story, which tells about how to get the host of the remote shell. If you want to learn more about PHP serialized content, please visit this link. If you want to test this vulnerability, you can by XVWA and...

WECON LeviStudio Buffer Overflow Vulnerabilities

OVERVIEW Independent security researchers Rocco Calvi and Brian Gorenc, working with Trend Micro’s Zero Day Initiative, have identified buffer overflow vulnerabilities in WECON’s LeviStudio software. WECON has not released a product fix to addresses the buffer overflow vulnerabilities in the...

Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption Vulnerability

OVERVIEW Rockwell Automation has identified a resource management vulnerability in Rockwell Automation’s Allen-Bradley Stratix 5400 and Allen-Bradley Stratix 5410 industrial networking switches. Rockwell Automation has produced a new firmware version to mitigate this vulnerability. This...

MS16-015: Security Update for Microsoft Office to Address Remote Code Execution (3134226) (Mac OS X)

The version of Microsoft Office installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft...

Triaging the exploitability of IE/EDGE crashes

Introduction Both Internet Explorer IE and Edge have seen significant changes in order to help protect customers from security threats. This work has featured a number of mitigations that together have not only rendered classes of vulnerabilities not-exploitable, but also dramatically raised the...

Server: Reflected XSS in OCS provider discovery

A Cross-site scripting XSS vulnerability in the OCS discovery provider in ownCloud Servers allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting. Since ownCloud employs a strict Content-Security-Policy that forbids inline script...

F5 Networks BIG-IP : QEMU vulnerability (SOL51841514)

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WINREADNATIVEMAX command to an empty drive, which triggers a...

Oracle Linux 6 : libpng (ELSA-2015-2594)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2594 advisory. - Security fix for CVE-2015-7981 and CVE-2015-8126 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Dimofinf 3.0.0 SQL Injection

Dimofinf CMS Automatic Cookie SQL Injection exploit Google Dork: intext:"Powered by Dimofinf" Date: 19/11/2015 Author: D35m0nd142 Software link: http://www.dimofinf.net Version: 3.0.0 Tested on: Dimofinf version 3.0.0 Sometimes it happens that the vulnerability allow you to get moderators' userna...

Yokogawa HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in Yokogawa’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which both companies have begun t...

Magnetrol HART DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input validation vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library extension utilized by some Magnetrol products. CodeWrights GmbH has updated its software library to mitigate this vulnerability...

Cross-Site Scripting in subscribetocalendar.action

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-48910. panel The contents of the 'subCalendarId' parameter is not validated in POST requests to 'subscribetocalendar.action' and...

VuFind 1.0 Cross Site Scripting

VuFind 1.0 Web Application Reflected XSS Cross-site Scripting 0-Day Bug Security Issue Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability Product: VuFind Vendor: VuFind Vulnerable Versions: 1.0 Tested Version: 1.0 Advisory Publication: September 20, 2015...

Stagefrightened?

Posted by Mark Brand, Bypasser of Mitigations There’s been a lot of attention recently around a number of vulnerabilities in Android’s libstagefright. There’s been a lot of confusion about the remote exploitability of the issues, especially on modern devices. In this blog post we will demonstrate...