Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 5 min 23 sec ago

Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities

7 March, 2019 - 06:00

Posted by Vulnerability Lab on Mar 07

Document Title:
===============
Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2173

Release Date:
=============
2019-03-07

Vulnerability Laboratory ID (VL-ID):
====================================
2173

Common Vulnerability Scoring System:
====================================
4.6

Vulnerability Class:
====================...

Sagemcom router insufficient default PSK entropy

5 March, 2019 - 13:10

Posted by Ryan Delaney on Mar 05

<!--
# Exploit Title: Sagemcom router insufficient default PSK entropy
# Date: 4-3-2019
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: https://www.sagemcom.com/
# Software Link: N/A
# Version: 0.4.39
# Tested on: 0.4.39
# CVE: CVE-2019-9555

1. Description

Sagemcom F@st 5260 routers on firmware version 0.4.39 (and possibly
others), in WPA...

Open Redirection vulnerability in Babel (CMSMS Module)

5 March, 2019 - 13:09

Posted by Jan Kopriva on Mar 05

Affected Software: Babel: Multilingual Site module for CMS Made Simple
Affected Version: 0.4.1 and earlier
Patched Version: None - project is no longer under development
CVE Identifier: TBD
Vulnerability type: CWE-601: URL Redirection to Untrusted Site ('Open
Redirect')
Severity Rating: CVSS v3 Base Score: 6.1
(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Security Researcher: Jan Kopriva @ Alef Nula

Summary:
The Babel multi-language module...

Re: Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin)

5 March, 2019 - 13:07

Posted by Henri Salo on Mar 05

Please use CVE-2019-9567 for XSS vulnerability and CVE-2019-9568 for
SQL-injection vulnerability.

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

5 March, 2019 - 13:07

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
Use CVE-2018-17865

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from...

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

5 March, 2019 - 13:07

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17864

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from Biznet...

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

5 March, 2019 - 13:07

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17864

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from Biznet...

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

5 March, 2019 - 13:07

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17862

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from Biznet...

SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS)

5 March, 2019 - 13:03

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Portal/EPP
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17862

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from...

SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS)

5 March, 2019 - 13:03

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Portal/EPP
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17861

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from...

DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability

1 March, 2019 - 15:20

Posted by secure on Mar 01

DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability

Dell EMC Identifier: DSA-2019-038

CVE Identifier: CVE-2019-3711

Severity Rating: 5.8 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)

Affected Products:

• RSA® Authentication Manager version 8.4 and earlier

Summary:
RSA Authentication Manager contains a vulnerability associated with insecure credential management.
Details:
The Operations Console...

DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities

1 March, 2019 - 15:20

Posted by secure on Mar 01

DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities

Dell EMC Identifier: DSA-2019-025

CVE Identifier: CVE-2019-3705, CVE-2019-3706

Severity Rating: See below for scores of individual CVEs

Affected Products:

RSA Archer versions prior to 6.5 P1 (CVE-2019-3705)
RSA Archer versions prior to 6.5 P2 (CVE-2019-3706)

Summary:
RSA Archer has fixes available for multiple security vulnerabilities that could potentially be exploited by...

[CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor v7.1.3.3378

1 March, 2019 - 15:20

Posted by Rafael Pedrero on Mar 01

In 2009...

<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9206
# Category: webapps

1. Description

PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,
errormsg or...

Apache UNO API RCE

1 March, 2019 - 15:10

Posted by Axel Boesenach on Mar 01

Dear reader,

I am not sure if I am contacting through the right email address but someone said I should e-mail you guys.

I found an RCE functionality in the Apache UNO API which could give an attacker control over a machine, or use a
machine already compromised in the network to exfiltrate data, etc.

The company that posted this issue on their blog is the company I did my internship. Copy-paste from the advisory on
there:

[START OF...

SHAREit for Android Authentication Bypass and Remote File Download

1 March, 2019 - 15:03

Posted by RedForce Advisory on Mar 01

RedForce Advisory
https://redforce.io

## ِAdvisory Information
Title: SHAREit For Android <= 4.0.38 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
Date published: 2019-02-25
Date of last update: 2019-02-25
Vendors contacted: Beijing Shareit Information Technology Co., Ltd.

## Introduction

SHAREit for Android is a popular application used for file...

[CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

1 March, 2019 - 15:03

Posted by advisories on Mar 01

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

1. *Advisory Information*

Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
Advisory ID: CORE-2018-0012
Advisory URL:
http://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27...

AST-2019-001: Remote crash vulnerability with SDP protocol violation

28 February, 2019 - 15:33

Posted by Asterisk Security Team on Feb 28

Asterisk Project Security Advisory - AST-2019-001

Product Asterisk
Summary Remote crash vulnerability with SDP protocol
violation
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions...

Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!

26 February, 2019 - 15:31

Posted by Stefan Kanthak on Feb 26

Hi @ll,

Microsoft just announced the general availability of their
"Windows Defender Advanced Threat Protection/Endpoint Protection & Response"
for their "downlevel" operating systems Windows 7 and Windows 8.1:
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Windows-Defender-ATP-s-EDR-capability-for-Windows-7-and-Windows/ba-p/355535

This announcement ends in

| For more information on how you can onboard...

[CVE-2019-9083] Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4)

26 February, 2019 - 15:31

Posted by Rafael Pedrero on Feb 26

<!--
# Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4)
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.sqlitemanager.org/
# Software Link: http://www.sqlitemanager.org/
# Version: SQLiteManager 1.2.0 (and 1.2.4)
# Tested on: All
# CVE : CVE-2019-9083
# Category: webapps

1. Description

SQLiteManager 1.2.0 (and 1.2.4) allows SQL injection via the
/sqlitemanager/main.php dbsel parameter....

CVE-2019-1000032: Memory corruption / DoS in nanosvg

26 February, 2019 - 15:00

Posted by Sebastian Neef on Feb 26

The SVG library nanosvg [0] suffers from a memory corruption bug that can lead to at least DoS.

The bug exists in the `nsvg__parseColorRGB` function, which can be reached by parsing a malicious SVG file through
`nsvgParseFromFile` or `nsvgParse`. This should also affect libraries/packages that provide bindings to nanosvg, for
example:

- Lua: https://github.com/iongion/lunavg
- Python: https://github.com/ethanhs/pynanosvg
- Java:...