Full Disclosure

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Posted by SEC Consult Vulnerability Lab on Feb 25

SEC Consult Vulnerability Lab Security Advisory < 20200225-0 >
=======================================================================
title: Multiple Cross-site Scripting (XSS) Vulnerabilities
product: PHP-Fusion CMS
vulnerable version: 9 – 9.03
fixed version: 9.03.30
CVE number: –
impact: Medium
homepage: https://www.php-fusion.co.uk
found: 2019-12-09…

Posted by Open-Xchange GmbH via Fulldisclosure on Feb 20

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite / OX Documents
Vendor: OX Software GmbH

Internal reference: 67871, 68258 (Bug ID)
Vulnerability type: Server-Side Request…

Posted by Harry Sintonen via Fulldisclosure on Feb 20

D-Link DGS-1250 header injection vulnerability
==============================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt

Overview
——–

D-Link DGS-1250 switch is susceptible to a header injection vulnerability enabling
attacker to steal the switch configuration.

Description
———–

D-Link DGS-1250 switch web user interface fails to sanitize…

Posted by Thierry Zoller on Feb 18

This was assigned CVE-2020-9264

Posted by Thierry Zoller on Feb 18

Posted by Thierry Zoller on Feb 18

Posted by Red Team on Feb 18

Hello,

We are informing you about some vulnerabilities we found in SmartClient_v120.

1. Description
During an analysis on the Isomorphic Smartclient v12 LGPL version, we found multiple security flaws that are here
described.
The application we tested (SmartClient_v120p_2019-06-13_LGPL) can be downloaded from official website.
(https://www.smartclient.com/product/download.jsp)
As today is the latest version.

1) Information Disclosure on…

Posted by RedTimmy Security on Feb 18

Hi,
we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a
different security appliance and win bug bounties".

We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF
detection, hit an HTTP endpoint vulnerable to RCE and pop out a shell.

Full story is here:…

Posted by Imre Rad on Feb 18

The TrustedInstaller service running on the Windows operating system
hosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users with administrative privileges only, but the
logic was unintentionally exposed to anyone on the system due to
improper implementation of the authorization…

Posted by Thierry Zoller on Feb 14

Posted by Thierry Zoller on Feb 14

Posted by Thierry Zoller on Feb 14

Posted by RedTimmy Security on Feb 14

Hi,
we have just released EnumJavaLibs to perform java classes enumeration against java services.

To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding
calls to readObject() and finding a way for user input to reach that function. In case we don’t have source code
available, we can spot serialized objects on the wire by looking for binary blobs or base64 encoded objects (recognized…

Posted by omarbv on Feb 14

______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|

Rooted CON 2020 will be held from 5th to 7th 2020 in Kinepolis cinemas
in Madrid (Spain). All talks are both in English and Spanish as there is
simultaneous translation (…

Posted by Marcin Kozlowski on Feb 14

OK, I think I got it the condition

Below is Mobile (Android) Bluetooth subsystem log:

02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch reassemble_and_dispatch
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch partial_packet->offset 21 packet->len 683
HCI_ACL_PREAMBLE_SIZE 4
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch projected_offset…