SOLDIERX.COM Nobody Can Stop Information Insemination

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

[SECURITY] [DSA 4633-1] curl security update

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Local information disclosure in OpenSMTPD (CVE-2020-8793)

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Posted by Pietro Oliva via Fulldisclosure on Aug 11

Vulnerability title: Avian JVM vm::arrayCopy() silent return on negative length
Author: Pietro Oliva
CVE: CVE-2020-17361
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0

Description:
The issue is located in the vm::arrayCopy method defined in classpath-common.h,
where multiple boundary checks are performed to prevent out-of-bounds memory
read/write. One of these boundary checks makes the code return silently when a
negative length...

Posted by Pietro Oliva via Fulldisclosure on Aug 11

Vulnerability title: Avian JVM vm::arrayCopy() Multiple Integer Overflows
Author: Pietro Oliva
CVE: CVE-2020-17360
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0

Description:
The issue is located in the vm::arrayCopy method defined in classpath-common.h,
where multiple boundary checks are performed to prevent out-of-bounds memory
read/write. Two of those boundary checks contain an integer overflow which leads
to those same checks...

Posted by Egidio Romano on Aug 11

SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

*• Software Link:*

https://www.sugarcrm.com

*• Affected Versions:*

All versions prior to 10.1.0 (Q3 2020).

*• Vulnerability Description:*

User input passed through the encoded “current_post” parameter to
‘index.php’ (when “entryPoint” is set to “export” and “module” is set to
“Reports”) is not properly sanitized before being used to construct a...

Posted by Egidio Romano on Aug 11

SugarCRM < 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities

*• Software Link:*

https://www.sugarcrm.com/

*• Affected Versions:*

All versions prior to 10.1.0 (Q3 2020).

*• Vulnerabilities Description:*

1) User input passed through the “do” parameter when action is set to
“metadata” is not properly sanitized before being used to generate HTML
output. This can be exploited by malicious users to carry out...

Posted by Bhdresh on Aug 11

Hello,

Please find the below updated vulnerability details,

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Exploit Title: ManageEngine ADSelfService Plus – Unauthenticated Remote
Code Execution Vulnerability
# Date: 08/08/2020
# Exploit Author: Bhadresh Patel
# Version: < ADSelfService Plus build 6003
# CVE :...

Posted by Zenofex via Fulldisclosure on Aug 11

vBulletin 5.5.4 through 5.6.2 are vulnerable to a remote code execution
vulnerability caused by incomplete patching of the previous
"CVE-2019-16759" RCE. This logic bug allows for a single pre-auth request
to execute PHP code on a target vBulletin forum.

More info can be found at:
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/

Exploits below.

Thank you,
Zenofex

BASH Exploit:

#!/bin/bash
#
# vBulletin...

Posted by Dave Aitel via Dailydave on Aug 10

[image: image.png]

Bistahieversor or MS08-067?

If you had to list out the problems with CVSS it would be like analyzing
the anatomical issues of a children's drawing. No part of it fits together
properly. Here's a problem: Scoring of threats is not one dimensional, and
numbers can't carry the whole story. We need a vulnerability scoring system
that's extensible, and programable.

But I have an alternative: Take each...

Posted by Bhdresh on Aug 07

Hello,

Please find the below vulnerability details,

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Exploit Title: ManageEngine ADSelfService Plus – Unauthenticated Remote
Code Execution Vulnerability
# Date: 08/08/2020
# Exploit Author: Bhadresh Patel
# Version: < ADSelfService Plus build 6003
# CVE :...

Posted by SEC Consult Vulnerability Lab on Aug 07

SEC Consult Vulnerability Lab Security Advisory < 20200807-0 >
=======================================================================
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: <=1.5.5
fixed version: 1.5.7
CVE number: -
impact: High
homepage: https://flatcore.org/
found: 2020-03-28
by: Farhan Rahman (Office...

Posted by Sivanesh Ashok on Aug 04

##########################################################################
# October CMS <= Build 465 Multiple Vulnerabilities #
##########################################################################

Author - Sivanesh Ashok | @sivaneshashok | stazot.com

Date : 2020-03-31
Vendor : https://octobercms.com/
Version : <= Build 465
Tested on : Build 465
CVE : CVE-2020-5295, CVE-2020-5296,...

Posted by Sebastian Auwärter on Aug 04

Advisory ID: SYSS-2020-030
Product: Jira module "Gantt-Chart for Jira"
Manufacturer: Frank Polscheit - Solutions & IT-Consulting
Affected Version(s): <=5.5.4
Tested Version(s): 5.5.3, 5.5.4
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2020-07-23
Solution Date: 2020-07-31
Public Disclosure: 2020-08-03
CVE Reference: CVE-2020-15944
Author of Advisory:...

Posted by Sebastian Auwärter on Aug 04

Advisory ID: SYSS-2020-029
Product: Jira module "Gantt-Chart for Jira"
Manufacturer: Frank Polscheit - Solutions & IT-Consulting
Affected Version(s): <=5.5.3
Tested Version(s): 5.5.3
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2020-07-23
Solution Date: 2020-07-30
Public Disclosure: 2020-08-03
CVE Reference: CVE-2020-15943
Author of Advisory:...

Posted by Matthias Deeg on Jul 30

Advisory ID: SYSS-2020-015
Product: ABUS Secvest Hybrid module (FUMO50110)
Manufacturer: ABUS
Affected Version(s): N/A
Tested Version(s): N/A
Vulnerability Type: Authentication Bypass Using an Alternate Path or
Channel (CWE-288)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2020-04-03
Solution Date: -
Public Disclosure: 2020-07-30
CVE Reference: CVE-2020-14158
Authors of Advisory: Michael Rüttgers, Thomas...

Posted by SEC Consult Vulnerability Lab on Jul 29

SEC Consult Vulnerability Lab Security Advisory < 20200728-0 >
=======================================================================
title: Stored Cross-Site Scripting (XSS) Vulnerability
product: Namirial SIGNificant SignAnyWhere
vulnerable version: v6.10.60.25434 (SSP v4.22.60.25434)
v6.10.100.25817 (SSP v4.22.100.25817)
fixed version: v19.76.0.26030 (SSP v19.76.0.26030)...

Posted by Nicholas on Jul 24

Hi!

I have discovered a local privilege escalation vulnerability on MAMP PRO
4.2.0 and would like to post it. Please kindly check the attached file.

Best regards,
Nicholas
# Exploit Title: MAMP PRO 4.2.0 Local Privilege Escalation
# Date: 2020-07-08
# Exploit Author: b1nary
# Vendor Homepage: https://www.mamp.info/
# Software Link: https://downloads.mamp.info/MAMP-PRO-WINDOWS/releases/4.2.0/MAMP_MAMP_PRO_4.2.0.exe
# Version: 4.2.0
# Tested on:...