SAP NetWeaver Java AS - multiple XSS vulnerabilities

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: leakage...

nevisAuth Authentication Bypass Vulnerability

nevisAuth versions since 4.13.0.0 2012-11-21 and prior to 4.18.3.1 2015-07-02 suffer from an authentication bypass vulnerability. Product: nevisAuth 1 Vendor: AdNovum 2 CVD ID: CVE-2015-5372 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Antoine Neuenschwander...

Kaspersky AntiVirus - UPX Parsing Memory Corruption

Kaspersky AntiVirus - UPX Parsing Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=527 While fuzzing UPX packed files, this crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for...

Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)

Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=294 Platform: Win7 32-bit. trigger.cpp should fire the issue, with a caveat - PoC might NOT work if compiled as a debug build...

Kaspersky AntiVirus - CHM Parsing Stack Buffer Overflow

Kaspersky AntiVirus - CHM Parsing Stack Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=524 Fuzzing CHM files with Kaspersky Antivirus produced the attached crash. 83c.fec: Access violation - code c0000005 first chance First chance exceptions are report...

Kaspersky: Mo Unpackers, Mo Problems.

Posted by the notorious Tavis Ormandy. We’ve talked before about how we use Google scale to amplify our fuzzing efforts. I’ve recently been working on applying some of these techniques to Antivirus, a vast and highly privileged attack surface. Among the products I’m working on is Kaspersky...

Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)

Source: https://code.google.com/p/google-security-research/issues/detail?id=294 Platform: Win7 32-bit. trigger.cpp should fire the issue, with a caveat - PoC might NOT work if compiled as a debug build. windbg.txt is a sample crash log. Analysis from Nils: --- please find attached a C trigger,...

Crash when using debugger with SavedStacks in JavaScript — Mozilla

Security researcher Spandan Veggalam reported a crash while using the debugger API with SavedStacks in JavaScript. This crash can only occurs when the debugger is in use but may be potentially exploitable...

Use-after-free with shared workers and IndexedDB — Mozilla

Security researcher Looben Yang discovered a use-after-free vulnerability when using a shared worker with IndexedDB due to a race condition with the worker. This results in a potentially exploitable crash that can be triggered through web content...

Buffer overflow in libvpx while parsing vp9 format video — Mozilla

Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library...

Buffer overflow while decoding WebM video — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen discovered a buffer overflow in the nestegg library when decoding a WebM format video with maliciously formatted headers. This leads to a potentially exploitable crash...

Memory safety errors in libGLES in the ANGLE graphics library — Mozilla

Security researcher Ronald Crane reported two issues in the libGLES portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows systems. The first of these is a missing bounds check leading to memory safety errors when manipulating shaders which could result in the writin...

Kaspersky AntiVirus - CHM Parsing Stack Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=524 Fuzzing CHM files with Kaspersky Antivirus produced the attached crash. 83c.fec: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This exception may be...

ADH-Web IP Camera Access Bypass

Advisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions Date published: 2015-09-19 Date of last update: 2015-09-19 Vendors contacted: ADH-Web Author: Glaysson dos Santos Release mode: User release 2. Vulnerability Information Class: Information Exposure CWE-200 Impact:...

ADH-Web Server IP-Cameras - Multiple Vulnerabilities

Adivisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions EDB-ID: 38245 Advisory ID: OLSA-2015-0919 Advisory URL: http://www.orwelllabs.com/2015/10/adh-web-server-ip-cameras-improper.html Date published: 2015-09-19 Date of last update: 2016-02-15 Vendors contacted:...

ZeusCart 4.0 - SQL Injection / CSRF Vulnerability

Exploit for php platform in category web applications ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: email protected Vulnerability Type: SQL Injection Remote...

ZeusCart 4.0 - SQL Injection

ZeusCart 4.0 - SQL Injection ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...

ZeusCart 4.0 - Cross-Site Request Forgery

ZeusCart 4.0 - Cross-Site Request Forgery ZeusCart 4.0: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendo...

ZeusCart 4.0 - SQL Injection

ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed ...

Anchor CMS 0.9.2 Cross Site Scripting / Open Redirect

Anchor CMS 0.9.2: XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Anchor CMS 0.9.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://anchorcms.com/ Vulnerability Type: XSS and Open Redirect Remote Exploitable: Yes Reported to vendor:...