Hacking

Full Disclosure mailing list archives WordPress audio playlist functionality is affected by Cross-Site Scripting From: Summer of Pwnage <lists () securify nl> Date: Tue, 7 Mar 2017 00:02:41 +0100 ———————————————————————— WordPress audio playlist functionality is affected by Cross-Site Scripting ———————————————————————— Yorick Koster, July 2016 ———————————————————————— Abstract ———————————————————————— Two Cross-Site Scripting…

Read More

Full Disclosure mailing list archives Cross-Site Request Forgery in WordPress Press This function allows DoS From: Summer of Pwnage <lists () securify nl> Date: Tue, 7 Mar 2017 00:00:30 +0100 ———————————————————————— Cross-Site Request Forgery in WordPress Press This function allows DoS ———————————————————————— Sipke Mellema, July 2016 ———————————————————————— Abstract ———————————————————————— A…

Read More

Full Disclosure mailing list archives CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility From: Aromal Raj <ddos2me () gmail com> Date: Mon, 6 Mar 2017 18:29:51 +0530 Document Title: =============== CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility Vendor: ======= Ettercap (http://ettercap.github.io/ettercap/) Product and Versions Affected: ============================== Etterfilter…

Read More

Full Disclosure mailing list archives OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445) From: Wolfgang <lister () feedyourhead at> Date: Mon, 6 Mar 2017 13:32:27 +0100 During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec. == [ OVERVIEW ] == System affected: OpenElec CVE: CVE-2017-6445 Vulnerable…

Read More

Full Disclosure mailing list archives CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility From: Aromal Raj <ddos2me () gmail com> Date: Mon, 6 Mar 2017 17:18:34 +0530 Document Title: =============== CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility Vendor: ======= Appneta (https://www.appneta.com/) Product and Versions Affected: ============================== Tcpreplay 4.1.2 and…

Read More

Full Disclosure mailing list archives Re: 0-Day: Dahua backdoor Generation 2 and 3 From: Chris Holland <frenchy () gmail com> Date: Mon, 6 Mar 2017 02:32:14 -0600 is this different from 2013’s CVE-2013-6117 ? https://depthsecurity.com/blog/dahua-dvr-authentication-bypass-cve-2013-6117 On Mon, Mar 6, 2017 at 1:13 AM, bashis <mcw () noemail eu> wrote: [STX]…

Read More

Full Disclosure mailing list archives Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe From: “Stefan Kanthak” <stefan.kanthak () nexgo de> Date: Mon, 6 Mar 2017 13:00:17 +0100 Hi @ll, InnoSetup is BROKEN, it creates DEFECTIVE “portable executable” image files, for example innosetup-5.5.9.exe itself. JFTR: unfortunately Windows’ module loader covers…

Read More

Full Disclosure mailing list archives Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe From: “Stefan Kanthak” <stefan.kanthak () nexgo de> Date: Mon, 6 Mar 2017 13:00:17 +0100 Hi @ll, InnoSetup is BROKEN, it creates DEFECTIVE “portable executable” image files, for example innosetup-5.5.9.exe itself. JFTR: unfortunately Windows’ module loader covers…

Read More