Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 6 min 5 sec ago

New Release: UFONet v1.2 - "Armageddon!"

8 January, 2019 - 13:02

Posted by psy on Jan 08

Hi FD,

I am glad to present a new release of this tool:

- https://ufonet.03c8.net

"UFONet - is a toolkit designed to launch DDoS and DoS attacks."

See these links for more info:

- CWE-601:Open Redirect [1]
- OWASP:URL Redirector Abuse [2]
- Botnet requests schema [3]

---------

Main options are:

* DDoS (botnet) + DoS
* Auto-update
* Clean code
* Documentation with examples
* Web/GUI Interface
* Proxy to...

Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14

8 January, 2019 - 13:01

Posted by Daniel Bishtawi on Jan 08

Hello,

We are glad to inform you about the vulnerabilities we reported in ZenPhoto
1.4.14.

Here are the details:

Advisory by Netsparker
Name: Multiple Cross-Site Scripting Vulnerabilities in ZenPhoto 1.4.14
Affected Software: ZenPhoto
Affected Versions: 1.4.14
Homepage: http://www.zenphoto.org/
Vulnerability: Cross-Site Scripting
Severity: Medium
Status: Fixed
CVE-ID: CVE-2018-20140
CVSS Score (3.0):...

Reflected Cross-site Scripting in Mantis 2.11.1

8 January, 2019 - 13:01

Posted by Daniel Bishtawi on Jan 08

Hello,

We are glad to inform you about the vulnerabilities we reported in Mantis
2.11.1.

Here are the details:

Advisory by Netsparker
Name: Reflected Cross-site Scripting in Mantis 2.11.1
Affected Software: Mantis
Affected Versions: 2.11.1
Homepage: https://www.mantisbt.org/
Vulnerability: Cross-site Scripting
Severity: Medium
Status: Fixed
CVE-ID: CVE-2018-13055
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Netsparker...

Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8

8 January, 2019 - 13:01

Posted by Daniel Bishtawi on Jan 08

Hi Henri,

There was no response after the details had been sent to
peter () microweber com as requested by Microweber (info () microweber com).
They did not follow up with an update on the status of the fix once the
technical details has been sent, as requested and did not respond when we
tried to contact them. This is case closed from our point of view as the
technical details had been sent in April for a older version.

Regards,

Daniel...

CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin)

8 January, 2019 - 05:03

Posted by dxw Security on Jan 08

Details
================
Software: MapSVG Lite
Version: 3.2.3
Homepage: https://en-gb.wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/
Advisory report: https://advisories.dxw.com/advisories/csrf-mapsvg-lite/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description
================
CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can

Vulnerability
================
The plugin uses...

DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

4 January, 2019 - 13:52

Posted by secure on Jan 04

DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

Dell EMC Identifier:DSA-2018-226

CVE Identifier: CVE-2018-15782

Severity: 7.7 (AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

Severity Rating: High

Affected Products: RSA Authentication Manager versions prior to 8.4

Summary: RSA Authentication Manager contains a fix for a relative path traversal vulnerability that could potentially
be exploited by malicious users to...

BMC Network Automation v8.7 - remote session hijacking.

4 January, 2019 - 13:52

Posted by Filip Palian on Jan 04

Hejkum kejkum,

Intro:
The BMC Network Automation allows authenticated users to hijack
established remote sessions of other users, version v8.7.00.000 b383
u038 was confirmed to be vulnerable.

Details:
Authenticated users of the BMC Network Automation web application with
assigned “viewer” role are able to hijack SSH/Telnet sessions
initiated by other, privileged users.
In order to hijack an established session, the only requirement is to...

BMC Remedy + ITAM - multiple security issues.

4 January, 2019 - 13:52

Posted by Filip Palian on Jan 04

Hejkum kejkum,

Intro:
Multiple security related issues were identified in the BMC Remedy +
ITAM, versions 7.1.00 and 9.1.02.003 were confirmed to be vulnerable.

Issues:
1. Authenticated users can access ITAM forms using forceful browsing,
i.e. the forms are not accessible in the ITAM web user interface.
The list of available forms in the given ITAM deployment can be found
using the following URL:...

Open-Xchange Security Advisory 2018-12-31

4 January, 2019 - 13:51

Posted by martin . heiland . lists on Jan 04

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 58880 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable...

CWE-80 XSS Bose Soundtouch App

4 January, 2019 - 13:51

Posted by ProSec on Jan 04

Hi guys,

happy new year we would like to inform you about the following security issue.

CWE-80 XSS Bose Soundtouch App

Internal reference: -
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 18.1.4 and maybe older versions, too (not tested)
Vulnerable component: IOS Frontend of the application
Report confidence: Unconfirmed
Solution status: Could be fixed by vendor?
Fixed version: -
Vendor notification: 2018-06-21...

CVE-2018-19509-19513: multiple vulnerabilities (incl. critical pre-auth RCE) in Webgalamb

4 January, 2019 - 13:51

Posted by Daniel Jones via Fulldisclosure on Jan 04

Summary
-------

Vendor: E.N.S. Zrt (www.ens.hu)
Product: Webgalamb (www.webgalamb.hu, www.facebook.com/webgalamb)

Webgalamb is a commercial email marketing software for managing subscription lists and sending out bulk emails. It is
not SaaS but a PHP based web application that is typically hosted next to the company website of Webgalamb customers.

Webgalamb is prone to be vulnerable to multiple security flaws that could be exploited by threat...

Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0

4 January, 2019 - 13:51

Posted by Daniel Bishtawi on Jan 04

Hello,

We are glad to inform you about the vulnerabilities we reported in Family
Connections 3.7.0.

Here are the details:

Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting Vulnerabilities in Family
Connections
Affected Software: Family Connection
Affected Versions: 3.7.0
Homepage: http://familyconnections.org/
Vulnerability: Multiple Reflected XSS
Severity: High
Status: Not Fixed
CVSS Score (3.0):...

Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5

4 January, 2019 - 13:51

Posted by Daniel Bishtawi on Jan 04

Hello,

We are glad to inform you about the vulnerabilities we reported in GeniXCMS
1.1.5.

Here are the details:

Advisory by Netsparker
Name: Cross-site Scripting Vulnerabilities in GeniXCMS
Affected Software: GeniXCMS
Affected Versions: 1.1.5
Homepage: https://github.com/semplon/GeniXCMS
Vulnerability: Cross-site Scripting
Severity: High
Status: Not Fixed
CVE-ID: 2018-14476
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N (7.4)...

Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8

4 January, 2019 - 13:51

Posted by Daniel Bishtawi on Jan 04

Hello,

We are glad to inform you about the vulnerabilities we reported in
Microweber 1.0.8.

Here are the details:

Advisory by Netsparker
Name: Reflected Cross-site Scripting in Microweber
Affected Software: Microweber
Affected Versions: 1.0.8
Homepage: https://github.com/microweber/microweber
Vulnerability: Cross-site Scripting
Severity: High
Status: Not Fixed
CVE-ID: CVE-2018-19917
CVSS Score (3.0): 7.4
Netsparker Advisory Reference:...

Vulnerabilities in Zurmo 2.3.4

4 January, 2019 - 13:51

Posted by Daniel Bishtawi on Jan 04

Hello,

We are glad to inform you about the vulnerabilities we reported in Zurmo
2.3.4.

Here are the details:

Advisory by Netsparker
Name: Code Evolution (PHP) in Zurmo 2.3.4
Affected Software: Zurmo
Affected Versions: 2.3.4
Homepage: http://zurmo.org/
Vulnerability: Code evolution (PHP)
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): 8.8
Netsparker Advisory Reference: NS-18-034

For more information and the Technical Details:...

Multiple Cross-site Scripting Vulnerabilities in ImpressCMS 1.3.10

4 January, 2019 - 13:51

Posted by Daniel Bishtawi on Jan 04

Hello,

We are glad to inform you about the vulnerabilities we reported in
ImpressCMS 1.3.10.

Here are the details:

Advisory by Netsparker
Name: Reflected and Stored XSS Vulnerabilities in ImpressCMS
Affected Software: ImpressCMS
Affected Versions: 1.3.10
Homepage: https://www.impresscms.org/
Vulnerability: Reflected and Stored XSS Vulnerabilities
Severity: High
Status: Fixed
CVE-ID: CVE-2018-13983
Netsparker Advisory Reference: NS-18-033

For...

/bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212)

4 January, 2019 - 13:50

Posted by zzt0907 on Jan 04

# bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212)

## Vulnerability Type
Cross Site Scripting (XSS)

## Vendor of Product:
twiki

## Affected Product Version
twiki - 6.0.2

## Affected Component
twiki/bin/statistics

## Attack Type
Remote

## Attack Vectors
/twiki/bin/statistics?webs=<script>alert(1)</script>

## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China...

Re: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials

1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the file dirary0.js" should be "An unauthenticated user can visit the file dirary0.js"
________________________________
From: Tyler Cui
Sent: Monday, 17 December 2018 12:11 AM
To: fulldisclosure () seclists org
Subject: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to
discover admin credentials

[Vendor]...

Re: [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials

1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the page spaces.htm" should be "An unauthenticated user can visit the page spaces.htm"
________________________________
From: Fulldisclosure <fulldisclosure-bounces () seclists org> on behalf of Tyler Cui <tyler.cui () live com>
Sent: Monday, 17 December 2018 12:10 AM
To: fulldisclosure () seclists org
Subject: [FD] [CVE-2018-18008] spaces.htm on multiple...

Re: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials

1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the page atbox.htm" should be "An unauthenticated user can visit the page atbox.htm"
________________________________
From: Tyler Cui
Sent: Monday, 17 December 2018 12:09 AM
To: fulldisclosure () seclists org
Subject: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover
admin credentials

[Vendor]
us.dlink.com...