Sensio's Symfony web framework is one of the most used PHP-based MVC web development framework that powers a lot of well-known websites and web applications on the Internet. This framework comes with dedicated debugging tools, providing the developer with useful information about what happens when the framework renders a page. This feature is widely used on development systems but should not be available on production servers.
Cette année se déroulait à Mildenberg en Allemagne le troisième "Chaos Communication Camp" organisé par le Chaos Computer Club de Berlin (CCC). Il s'agit d'un des plus grands rassemblements en Europe de hackers et bidouilleurs qui campent sur le terrain d'une ancienne usine de briques, auquel certains membres de Sysdream ont participé (moi-même, et Julien).
We discovered two critical vulnerabilities in OSSIM (versions prior to 5.0.1) that may be abused to take control of an OSSIM system and escalate privileges from an unprivileged local user access. A vulnerability affecting the asset discovery scanner allowed any authenticated user to execute arbitrary commands remotely (CVE-2015-4046). It was then possible to escalate privileges thanks to a specifically crafted Nmap script, and gain root access on the machine (CVE-2015-4045). Both were responsibly disclosed.
=============================================== User enumeration vulnerability in Proxmox < 3.2 ===============================================
============================================= Multiple vulnerabilities in Plogger <= 1.0RC1 =============================================
================================================ Multiple vulnerabilities in POSH web application ================================================ Description =========== Multiple Cross-Site Scripting vulnerabilities, a design vulnerability and an SQL vulnerability have been found in the last version of POSH
The Genlock driver does not properly initialize all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls.
Multiple issues have been identified in the Goodix gt915 touchscreen driver for Android. The issues were found in the write handler of the procfs entry created by the driver, which by default is readable and writeable to users without any specific privileges.
A stack-based buffer overflow and a kernel memory disclosure vulnerability have been discovered in the system call handlers of the camera driver.