Security News

Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Security Focus Vulnerabilities - 11 min 5 sec ago
Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Bugtraq: [SECURITY] [DSA 4633-1] curl security update

Security Focus Vulnerabilities - 11 min 5 sec ago
[SECURITY] [DSA 4633-1] curl security update

Bugtraq: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Security Focus Vulnerabilities - 11 min 5 sec ago
LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793)

Security Focus Vulnerabilities - 11 min 5 sec ago
Local information disclosure in OpenSMTPD (CVE-2020-8793)

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 11 min 5 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Avian JVM vm::arrayCopy() silent return on negative length

Full Disclosure - 11 August, 2020 - 14:55

Posted by Pietro Oliva via Fulldisclosure on Aug 11

Vulnerability title: Avian JVM vm::arrayCopy() silent return on negative length
Author: Pietro Oliva
CVE: CVE-2020-17361
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0

Description:
The issue is located in the vm::arrayCopy method defined in classpath-common.h,
where multiple boundary checks are performed to prevent out-of-bounds memory
read/write. One of these boundary checks makes the code return silently when a
negative length...

Avian JVM vm::arrayCopy() Multiple Integer Overflows

Full Disclosure - 11 August, 2020 - 14:55

Posted by Pietro Oliva via Fulldisclosure on Aug 11

Vulnerability title: Avian JVM vm::arrayCopy() Multiple Integer Overflows
Author: Pietro Oliva
CVE: CVE-2020-17360
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0

Description:
The issue is located in the vm::arrayCopy method defined in classpath-common.h,
where multiple boundary checks are performed to prevent out-of-bounds memory
read/write. Two of those boundary checks contain an integer overflow which leads
to those same checks...

SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

Full Disclosure - 11 August, 2020 - 14:55

Posted by Egidio Romano on Aug 11

SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

*• Software Link:*

https://www.sugarcrm.com

*• Affected Versions:*

All versions prior to 10.1.0 (Q3 2020).

*• Vulnerability Description:*

User input passed through the encoded “current_post” parameter to
‘index.php’ (when “entryPoint” is set to “export” and “module” is set to
“Reports”) is not properly sanitized before being used to construct a...

SugarCRM < 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities

Full Disclosure - 11 August, 2020 - 14:55

Posted by Egidio Romano on Aug 11

SugarCRM < 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities

*• Software Link:*

https://www.sugarcrm.com/

*• Affected Versions:*

All versions prior to 10.1.0 (Q3 2020).

*• Vulnerabilities Description:*

1) User input passed through the “do” parameter when action is set to
“metadata” is not properly sanitized before being used to generate HTML
output. This can be exploited by malicious users to carry out...

Re: [FD] ManageEngine ADSelfService Plus – Unauthenticated Remote Code Execution Vulnerability

Full Disclosure - 11 August, 2020 - 14:55

Posted by Bhdresh on Aug 11

Hello,

Please find the below updated vulnerability details,

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Exploit Title: ManageEngine ADSelfService Plus – Unauthenticated Remote
Code Execution Vulnerability
# Date: 08/08/2020
# Exploit Author: Bhadresh Patel
# Version: < ADSelfService Plus build 6003
# CVE :...

Remote Code Execution 0day in vBulletin 5.x

Full Disclosure - 11 August, 2020 - 14:55

Posted by Zenofex via Fulldisclosure on Aug 11

vBulletin 5.5.4 through 5.6.2 are vulnerable to a remote code execution
vulnerability caused by incomplete patching of the previous
"CVE-2019-16759" RCE. This logic bug allows for a single pre-auth request
to execute PHP code on a target vBulletin forum.

More info can be found at:
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/

Exploits below.

Thank you,
Zenofex

BASH Exploit:

#!/bin/bash
#
# vBulletin...

Dino-VSS

Daily Dave - 10 August, 2020 - 18:41

Posted by Dave Aitel via Dailydave on Aug 10

[image: image.png]

Bistahieversor or MS08-067?

If you had to list out the problems with CVSS it would be like analyzing
the anatomical issues of a children's drawing. No part of it fits together
properly. Here's a problem: Scoring of threats is not one dimensional, and
numbers can't carry the whole story. We need a vulnerability scoring system
that's extensible, and programable.

But I have an alternative: Take each...

ManageEngine ADSelfService Plus – Unauthenticated Remote Code Execution Vulnerability

Full Disclosure - 8 August, 2020 - 00:30

Posted by Bhdresh on Aug 07

Hello,

Please find the below vulnerability details,

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Exploit Title: ManageEngine ADSelfService Plus – Unauthenticated Remote
Code Execution Vulnerability
# Date: 08/08/2020
# Exploit Author: Bhadresh Patel
# Version: < ADSelfService Plus build 6003
# CVE :...

SEC Consult SA-20200807-0 :: Multiple Vulnerabilities in flatCore CMS

Full Disclosure - 7 August, 2020 - 15:43

Posted by SEC Consult Vulnerability Lab on Aug 07

SEC Consult Vulnerability Lab Security Advisory < 20200807-0 >
=======================================================================
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: <=1.5.5
fixed version: 1.5.7
CVE number: -
impact: High
homepage: https://flatcore.org/
found: 2020-03-28
by: Farhan Rahman (Office...

October CMS <= Build 465 Multiple Vulnerabilities - Arbitrary File Read

Full Disclosure - 4 August, 2020 - 04:41

Posted by Sivanesh Ashok on Aug 04

##########################################################################
# October CMS <= Build 465 Multiple Vulnerabilities #
##########################################################################

Author - Sivanesh Ashok | @sivaneshashok | stazot.com

Date : 2020-03-31
Vendor : https://octobercms.com/
Version : <= Build 465
Tested on : Build 465
CVE : CVE-2020-5295, CVE-2020-5296,...

[SYSS-2020-030]: Jira module "Gantt-Chart for Jira" - Cross-Site Scripting (CWE-79)(CVE-2020-15944)

Full Disclosure - 4 August, 2020 - 04:41

Posted by Sebastian Auwärter on Aug 04

Advisory ID: SYSS-2020-030
Product: Jira module "Gantt-Chart for Jira"
Manufacturer: Frank Polscheit - Solutions & IT-Consulting
Affected Version(s): <=5.5.4
Tested Version(s): 5.5.3, 5.5.4
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2020-07-23
Solution Date: 2020-07-31
Public Disclosure: 2020-08-03
CVE Reference: CVE-2020-15944
Author of Advisory:...

[SYSS-2020-029]: Jira module "Gantt-Chart for Jira" - Improper Privilege Management (CWE-269)(CVE-2020-15943)

Full Disclosure - 4 August, 2020 - 04:41

Posted by Sebastian Auwärter on Aug 04

Advisory ID: SYSS-2020-029
Product: Jira module "Gantt-Chart for Jira"
Manufacturer: Frank Polscheit - Solutions & IT-Consulting
Affected Version(s): <=5.5.3
Tested Version(s): 5.5.3
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2020-07-23
Solution Date: 2020-07-30
Public Disclosure: 2020-08-03
CVE Reference: CVE-2020-15943
Author of Advisory:...

[SYSS-2020-015]: ABUS Secvest Hybrid module (FUMO50110) - Authentication Bypass Using an Alternate Path or Channel (CWE-288) (CVE-2020-14158)

Full Disclosure - 30 July, 2020 - 12:10

Posted by Matthias Deeg on Jul 30

Advisory ID: SYSS-2020-015
Product: ABUS Secvest Hybrid module (FUMO50110)
Manufacturer: ABUS
Affected Version(s): N/A
Tested Version(s): N/A
Vulnerability Type: Authentication Bypass Using an Alternate Path or
Channel (CWE-288)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2020-04-03
Solution Date: -
Public Disclosure: 2020-07-30
CVE Reference: CVE-2020-14158
Authors of Advisory: Michael Rüttgers, Thomas...

SEC Consult SA-20200728-0 :: Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere

Full Disclosure - 29 July, 2020 - 14:22

Posted by SEC Consult Vulnerability Lab on Jul 29

SEC Consult Vulnerability Lab Security Advisory < 20200728-0 >
=======================================================================
title: Stored Cross-Site Scripting (XSS) Vulnerability
product: Namirial SIGNificant SignAnyWhere
vulnerable version: v6.10.60.25434 (SSP v4.22.60.25434)
v6.10.100.25817 (SSP v4.22.100.25817)
fixed version: v19.76.0.26030 (SSP v19.76.0.26030)...

Vulnerability Repot# MAMP PRO 4.2.0 Local Privilege Escalation

Full Disclosure - 24 July, 2020 - 12:27

Posted by Nicholas on Jul 24

Hi!

I have discovered a local privilege escalation vulnerability on MAMP PRO
4.2.0 and would like to post it. Please kindly check the attached file.

Best regards,
Nicholas
# Exploit Title: MAMP PRO 4.2.0 Local Privilege Escalation
# Date: 2020-07-08
# Exploit Author: b1nary
# Vendor Homepage: https://www.mamp.info/
# Software Link: https://downloads.mamp.info/MAMP-PRO-WINDOWS/releases/4.2.0/MAMP_MAMP_PRO_4.2.0.exe
# Version: 4.2.0
# Tested on:...
Syndicate content