Category Archives: Full Disclosure

Full Disclosure

Re: CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)

Posted by Henri Salo on Oct 14

Can you confirm that this should be CVE-2014-2021 and not 2013 ID, thank you.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021 says:

“pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial
of service (out-of-bounds-read) via a crafted length value in an encrypted PDF
file.”


Henri Salo

Read more

Re: CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)

Posted by Florian Weimer on Oct 14

* Dirk-Willem van Gulik:

More precisely, anything based on the historic BIND stub resolver code
(which is a lot) will escape certain characters while converting from
wire format to the textual representation, including “(“, *and* also
has a check (res_hnok) which refuses PTR records which do not follow
the rather strict syntactic requirements for host names.

Lack of quoting in a DNS API at this point means that essentially
arbitrary…

Read more

Re: CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)

Posted by Dirk-Willem van Gulik on Oct 14

The production versions of NSD accepts this fine ‘as is’ (FreeBSD-9.3); bind requires a bit of careful escaping.

On te wire one then sees the raw ‘binary’ — which can indeed be very raw:

000001d0 XX XX XX XX 31 28 29 20 7b 20 3a 3b 7d 3b 20 65 () { :;}; e|
000001e0 63 68 6f 20 63 76 65 2d 32 30 31 34 2d 36 32 37 |cho cve-2014-627|
000001f0 31 2c 20 63 76 65 2d 32 30 31 34 30 37 31 36 39 |1, cve-201407169|
00000200 2c…

Read more

Re: CSP Bypass on Android prior to 4.4

Posted by E Boogie on Oct 14

Hello again Full disclosure,

One final email. A couple things to note about this.

I’ve been testing A LOT on A LOT of different browsers and Android
Devices.. The more I test, the more It becomes clear that my u0000
vulnerability is not legit and there is a different much larger CSP issues
at play here. (I did a lot of testing before reporting but there is a lot
going on here that caused me to mess up here).

First – The issue is not that…

Read more

Rooted CON 2015 – Call For Papers

Posted by omarbv on Oct 14

______ _ _ ____ ___ _ _
/ / _ ___ ___ | |_ ___ __| |/ ___/ _ | | |
/ /| |_) / _ / _ | __/ _ / _` | | | | | | | |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | | |
/_/ |_| ____/ ___/ _____|__,_|_______/|_| _|

RootedCON 2015 – ‘Call for Papers’

PLEASE, READ CAREFULLY ALL THE DETAILS IN THIS DOCUMENT.

-=] About RootedCON

RootedCON is a security congress that will take…

Read more

OWASP OWTF 1.0 "Lionheart" released!

Posted by Abraham Aranguren on Oct 14

Dear Full Disclosure friends,

We are pleased to let you know that OWASP OWTF 1.0 “Lionheart” has been released!
Dedicated to the courage and hard work shown by all OWASP OWTF contributors,
mentors, everybody that gave us cool ideas, etc. to make this amazing
release happen, to all of you, thank you!

Some links:
– – Handy redirect: http://owtf.org/
(takes you to: https://www.owasp.org/index.php/OWASP_OWTF)
– – Getting started -…

Read more

CVE-2014-2023 – Tapatalk for vBulletin 4.x – multiple blind sql injection (pre-auth)

Posted by oststrom (public) on Oct 13

Hash: SHA1

*Preliminary VulnNote*

CVE-2014-2023 – Tapatalk for vbulletin 4.x – multiple blind sql injection
(pre-auth)

============================================================================
========

Overview

——–

date : 10/12/2014

cvss : 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) base

cwe : 89

vendor : Tapatalk Inc

product : Tapatalk for vBulletin 4.x

versions affected: latest (to…

Read more

CVE-2014-2022 – vbulletin 4.x – SQLi in breadcrumbs via xmlrpc API (post-auth)

Posted by oststrom (public) on Oct 13

Hash: SHA1

CVE-2014-2022 – vbulletin 4.x – SQLi in breadcrumbs via xmlrpc API
(post-auth)

============================================================================
==

Overview

——–

date : 10/12/2014

cvss : 7.1 (AV:N/AC:H/Au:S/C:C/I:C/A:C) base

cwe : 89

vendor : vBulletin Solutions

product : vBulletin 4

versions affected : latest 4.x (to date); verified <= 4.2.2

*…

Read more

CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)

Posted by oststrom (public) on Oct 13

Hash: SHA1

CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via
xmlrpc API (post-auth)

============================================================================
====================

Overview

——–

date : 10/12/2014

cvss : 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P) base

cwe : 79

vendor : vBulletin Solutions

product : vBulletin 4

versions affected : latest 4.x and 5.x (to date);…

Read more

Re: CSP Bypass on Android prior to 4.4

Posted by E Boogie on Oct 13

I’ve done a little more testing and what I’ve found is pretty startling.

I tested on a Galaxy Note 2 running Android 4.4.2 and the CSP bypass worked.

I also tested on an old version of Safari on an iPad (Safari/7534.48.3) and
the CSP bypass also worked.

If you are so kind, please use ejj.io/test.php to test this for me. If it
worked, please press the “IT WORKED” button.

This way I can compile a large finger print of…

Read more