Posted by Michael Lazin on Jul 14Could you please provide more detail. I am not seeing how this is an
attack. The Debian apt system which predates the play store seems to work
under the same principle. You have a core set of default packages and you
can install your own packages from the store, in this case debian apt. The
debian security team pushes updates which not only install software with
patches but the dependencies as well. The vulnerability you appear to be… …

Posted by Fabio on Jul 14Il 10/07/20 13:16, Enrico Weigelt, metux IT consult ha scritto:

I'm sorry, but what's your point?
Looks like you just discovered a documented feature that exists since years.

As long as you attach a Google account to your android device, you give
up control of that device to that Google account.
You can even track or remotely wipe the device (android.com/find).
If the Google account is compromised, the same applies to the device.

Do… …

Posted by Larry W. Cashdollar via Fulldisclosure on Jul 14Title: Insecure /tmp file use in Oracle Solaris 11 Device Driver Utility v1.3.1 leads to root

Author: Larry W. Cashdollar, @_larry0

Date: 2020-02-02

CVE-2020-14724

Download Site: https://docs.oracle.com/cd/E37838_01/html/E69250/useddu.html

Vendor: Oracle, fixed in July 14 2020 CPU https://www.oracle.com/security-alerts/cpujul2020.html.

Vendor Notified: 2020-02-02

Vendor Contact: secalert_us () oracle com

Advisory:… …

Posted by ghost on Jul 14Exploit Title: NEProfile – Remote Code Execution
Date: 5/13/2020
Vendor Homepage: https://seczetta.com
Software Link: https://seczetta.com/product/ne-profile
Version: 3.3.11
Tested on: 3.3.11
Exploit Author: Josh Sheppard
Exploit Contact: ghost () a t undervurse dot_com
Exploit Technique: Remote
CVE ID: CVE-2020-12854

1. Description

A remote code execution vulnerability was identified in SecZetta's NEProfile product. Authenticated remote… …

Posted by Ryan Delaney on Jul 13<!–
# Exploit Title: Verint Impact 360 login CSRF
# Date: 7-13-2020
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: https://www.verint.com/
# Software Link:
https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/
# Version: Impact 360 v15.1
# Tested on: Impact 360 v15.1
# CVE: CVE-2019-12784

1. Description

An… …

Posted by Ryan Delaney on Jul 13<!–
# Exploit Title: Verint Impact 360 onLogin open redirect
# Date: 7-13-2020
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: https://www.verint.com/
# Software Link:
https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/
# Version: Impact 360 v15.1
# Tested on: Impact 360 v15.1
# CVE: CVE-2019-12783

1…. …

Posted by Ryan Delaney on Jul 13<!–
# Exploit Title: Verint Impact 360 Open iFrame
# Date: 7-13-2020
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: https://www.verint.com/
# Software Link:
https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/
# Version: Impact 360 v15.1
# Tested on: Impact 360 v15.1
# CVE: CVE-2019-12773

1. Description

An… …

Posted by Pierre Kim on Jul 13## Advisory Information

Title: Multiple vulnerabilities found in V-SOL OLTs
Advisory URL: https://pierrekim.github.io/advisories/2020-v-sol-0x00-olt.txt
Blog URL: https://pierrekim.github.io/blog/2020-07-14-v-sol-olt-0day-vulnerabilities.html
Date published: 2020-07-14
Vendors contacted: None
Release mode: Full-Disclosure
CVE: None yet assigned

## Product Description

The V-SOL OLTs are FTTH OLTs allowing to provide FTTH connectivity to
a large… …

Posted by Pierre Kim on Jul 13Hello,

Please note the advisory has been updated: we removed V-SOL as an
affected vendor as we mistakenly included them (V-SOL OLTs were not in
the list in the advisory).

Latest versions are available at:
– https://pierrekim.github.io/advisories/2020-cdata-0x00-olt.txt
– https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

On a side note, an advisory – Multiple vulnerabilities found in V-SOL
OLTs – will be sent… …

Posted by Marcin Kozlowski on Jul 13Hi List,

Would like you to present a ptrace based fuzzer to fuzz (also distributed
across multiple cores) closed sources or open source binaries at high
speed.

Was able to bear other fuzzers incl. AFL with snapshots with this approach.

This is a Work in Progress (WIP), personal and experimental project.

If you would like to contribute, feel free to submit a PR request.

More info in the repository:

https://github.com/marcinguy/fuzzer

Have… …

Posted by Enrico Weigelt, metux IT consult on Jul 13=======================================================================
Advisory: Google's Android (play services) built-in backdoor for remote
app installation.
=======================================================================

Google's PlayServices has a built-in backdoor which allows Google Inc,
or anybody who has access to some device owner's Google account to
remotely silently deploy any apps (at least those listed in… …

Posted by SEC Consult Vulnerability Lab on Jul 10SEC Consult Vulnerability Lab Security Advisory < 20200708-0 >
======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Rittal Products based on same software, e.g. CMC III PU Compact, CMC III PU 7030.000 PDU (whole portfolio), LCP-CW, IoT Interface 3124.300 vulnerable version:… …

Posted by Securify B.V. via Fulldisclosure on Jul 09————————————————————————
Microsoft OneDrive client for Windows Qt QML module hijack
————————————————————————
Yorick Koster, July 2020

————————————————————————
Abstract
————————————————————————
A file hijacking vulnerability was found in the Microsoft… …

Posted by X41 D-Sec GmbH Advisories on Jul 09X41 D-SEC GmbH Security Advisory: X41-2020-006

Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch
=================================================================
Severity Rating: High
Confirmed Affected Versions: Colin Percival's bsdiff 4.3
Confirmed Patched Versions: FreeBSD's bsdiff
(https://svnweb.freebsd.org/base/head/usr.bin/bsdiff/bspatch/bspatch.c)
Vendor: Colin Percival
Vendor URL:… …

Posted by Pierre Kim on Jul 07## Advisory Information

Title: Multiple vulnerabilities found in CDATA OLTs
Advisory URL: https://pierrekim.github.io/advisories/2020-cdata-0x00-olt.txt
Blog URL: https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html
Date published: 2020-07-07
Vendors contacted: None
Release mode: Full-Disclosure
CVE: None yet assigned

## Product Description

The CDATA OLTs are OEM FTTH OLTs, sold under different brands (Cdata,… …

Posted by Q C on Jul 07Advisory: four vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Affected Versions: through stable 6.47
Fixed Versions: stable 6.47
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: –
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch,… …

Posted by hyp3rlinx on Jul 07[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]www.microsoft.com

[Product]
Windows MSHTA.EXE .HTA File

An HTML Application (HTA) is a Microsoft Windows program whose source
code consists of HTML, Dynamic HTML, and one or more… …

Posted by Sivanesh Ashok on Jul 03##########################################################################
# Bolt CMS <= 3.7.0 Multiple Vulnerabilities #
##########################################################################

Author – Sivanesh Ashok | @sivaneshashok | stazot.com

Date : 2020-03-24
Vendor : https://bolt.cm/
Version : <= 3.7.0
CVE : CVE-2020-4040, CVE-2020-4041
Last Modified: 2020-07-03

–[ Table… …

Posted by Philipp Buchegger on Jul 03Advisory ID: SYSS-2020-011
Product: Apple iOS
Manufacturer: Apple Inc.
Affected Version(s): 13.3.1, 13.5.1
Tested Version(s): 13.3.1, 13.5.1
Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2020-03-23
Solution Date: –
Public Disclosure: 2020-07-02
CVE Reference: Not yet assigned
Author of Advisory: Philipp Buchegger, SySS GmbH… …

Posted by Julien Ahrens (RCE Security) on Jul 03RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: o2 Business for Android
Vendor URL: https://play.google.com/store/apps/details?id=telefonica.de.o2business
Type: Open Redirect [CWE-601]
Date found: 2020-04-16
Date published: 2020-07-01
CVSSv3 Score: 3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVE: CVE-2020-11882

2. CREDITS
==========
This… …

X