Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 1 min 48 sec ago

/bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212)

4 January, 2019 - 13:50

Posted by zzt0907 on Jan 04

# bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212)

## Vulnerability Type
Cross Site Scripting (XSS)

## Vendor of Product:
twiki

## Affected Product Version
twiki - 6.0.2

## Affected Component
twiki/bin/statistics

## Attack Type
Remote

## Attack Vectors
/twiki/bin/statistics?webs=<script>alert(1)</script>

## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China...

Re: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials

1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the file dirary0.js" should be "An unauthenticated user can visit the file dirary0.js"
________________________________
From: Tyler Cui
Sent: Monday, 17 December 2018 12:11 AM
To: fulldisclosure () seclists org
Subject: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to
discover admin credentials

[Vendor]...

Re: [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials

1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the page spaces.htm" should be "An unauthenticated user can visit the page spaces.htm"
________________________________
From: Fulldisclosure <fulldisclosure-bounces () seclists org> on behalf of Tyler Cui <tyler.cui () live com>
Sent: Monday, 17 December 2018 12:10 AM
To: fulldisclosure () seclists org
Subject: [FD] [CVE-2018-18008] spaces.htm on multiple...

Re: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials

1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the page atbox.htm" should be "An unauthenticated user can visit the page atbox.htm"
________________________________
From: Tyler Cui
Sent: Monday, 17 December 2018 12:09 AM
To: fulldisclosure () seclists org
Subject: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover
admin credentials

[Vendor]
us.dlink.com...

DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability

1 January, 2019 - 15:19

Posted by secure on Jan 01

DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability

Dell EMC Identifier:DSA-2018-224

CVE Identifier: CVE-2018-15780

Severity: Medium

Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products:
RSA Archer versions prior to 6.5 P1 (6.5.0.1)

Summary:
RSA Archer GRC versions prior to 6.5.0.1 contain an improper access control vulnerability that could potentially be...

Chrome Browser for Android Reveals Sensitive Hardware Information

1 January, 2019 - 15:12

Posted by Nightwatch Cybersecurity Research on Jan 01

[NOTE: This is an expanded version of an earlier post from 2015 with
updated information and fix from the vendor. Full blog post here:
https://wwws.nightwatchcybersecurity.com/2018/12/25/chrome-browser-for-android-reveals-hardware-information/]

SUMMARY

Google’s Chrome browser, WebView and Chrome Tabs for Android discloses
information about the hardware model, firmware version and security
patch level of the device on which it is running....

Call for Papers for ShmooCon Epilogue Closes Jan 1

1 January, 2019 - 15:12

Posted by Rob Fuller on Jan 01

The 7th Annual(ish) ShmooCon Epilogue presented to you by the NoVA Hackers
Association. It is an all-day con that is held the day after ShmooCon
(Monday - Jan 21 2019). The event goes from 9 AM to 9 PM with breakfast,
catered lunch and dinner, a CTF, a HAM Radio class and testing just for the
cost of the ticket. (the HAM Radio tests have testing fees not included in
admission)

You can submit your CFP here: http://bit.ly/epiloguecfp2019

What do...

Multiple Stored Cross-site Scripting Vulnerabilities in ForkCMS 5.0.6

1 January, 2019 - 15:09

Posted by Daniel Bishtawi on Jan 01

Hello,

We are glad to inform you about the vulnerabilities we reported in ForkCMS
5.0.6.

Here are the details:

Advisory by Netsparker
Name: Stored Cross-site Scripting in ForkCMS
Affected Software: ForkCMS
Affected Versions: 5.0.6
Homepage: https://www.fork-cms.com/
Vulnerability: Stored Cross-site Scripting
Severity: Medium
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Netsparker Advisory Reference:...

[KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability

31 December, 2018 - 13:48

Posted by Egidio Romano on Dec 31

--------------------------------------------------------------
SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.5.0, 8.0.2, and 8.2.0.

[-] Vulnerability Description:

User input passed through the "webhook_target_module" parameter is not properly sanitized
before...

[KIS-2018-07] SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability

31 December, 2018 - 13:48

Posted by Egidio Romano on Dec 31

------------------------------------------------------------------
SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability
------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.5.0, 8.0.2, and 8.2.0.

[-] Vulnerability Description:

User input passed through the "trigger_event" parameter is not properly sanitized...

[KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability

31 December, 2018 - 13:47

Posted by Egidio Romano on Dec 31

-----------------------------------------------------
SugarCRM (addLabels) PHP Code Injection Vulnerability
-----------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.5.0, 8.0.2, and 8.2.0.

[-] Vulnerability Description:

User input passed through key values of the 'labels_' parameters is not properly sanitized
before being used to save PHP code...

[KIS-2018-05] SugarCRM (SaveDropDown) PHP Code Injection Vulnerability

31 December, 2018 - 13:47

Posted by Egidio Romano on Dec 31

--------------------------------------------------------
SugarCRM (SaveDropDown) PHP Code Injection Vulnerability
--------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.5.0, 8.0.2, and 8.2.0.

[-] Vulnerability Description:

User input passed through key values of the 'list_value' JSON parameter is not properly
sanitized before being used...

[KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability

31 December, 2018 - 13:46

Posted by Egidio Romano on Dec 31

-------------------------------------------------------------------------
SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability
-------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.4.0 and 7.11.0.0.

[-] Vulnerability Description:

The vulnerability is located within the...

[KIS-2018-03] SugarCRM (portal_get_related_notes) SQL Injection Vulnerability

31 December, 2018 - 13:45

Posted by Egidio Romano on Dec 31

---------------------------------------------------------------
SugarCRM (portal_get_related_notes) SQL Injection Vulnerability
---------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.4.0 and 7.11.0.0.

[-] Vulnerability Description:

The vulnerability is located within the SOAP API, specifically into the
"portal_get_related_notes()"...

[KIS-2018-02] SugarCRM (WorkFlow module) PHP Code Injection Vulnerability

31 December, 2018 - 13:45

Posted by Egidio Romano on Dec 31

-----------------------------------------------------------
SugarCRM (WorkFlow module) PHP Code Injection Vulnerability
-----------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.4.0 and 7.11.0.0.

[-] Vulnerability Description:

User input passed through the $_POST['base_module'] parameter to the "Save" action
of the WorkFlow...

[KIS-2018-01] Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability

31 December, 2018 - 13:44

Posted by Egidio Romano on Dec 31

------------------------------------------------------------------------------------
Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability
------------------------------------------------------------------------------------

[-] Software Link:

https://apex.oracle.com/

[-] Affected Versions:

All versions prior to 5.1.4.00.08.

[-] Vulnerability Description:

The vulnerability is located in the OracleAnyChart.swf...

Re: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)

21 December, 2018 - 14:42

Posted by Henri Salo on Dec 21

I'm curious why do you post about minor memory leak after over year from fix,
from old version and tool (not the library)? Also note that
http://www.libtiff.org/tools.html says "Many of them however are more intended
to serve as programming examples for using the TIFF library."

You might want to test the latest version of the library. Their git can be
found from https://gitlab.com/libtiff/libtiff.

[CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials

21 December, 2018 - 04:47

Posted by Tyler Cui on Dec 21

[Vendor]
us.dlink.com

[Product]
DIR-140L (version 1.02)
DIR-640L (version 1.01RU)
Other versions might also be affected.

[Vulnerability Type]
admin credentials disclosure

[Affected Component]
Web Interface

[CVE Reference]
CVE-2018-18009

[Security Issue]
An authenticated user can visit the file dirary0.js, for example, http://victime_ip/dirary0.js, and obtain clear text
password of user admin at the line:

gosave_ok =...

[CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials

21 December, 2018 - 04:46

Posted by Tyler Cui on Dec 21

[Vendor]
us.dlink.com

[Product]
D-Link DSL-2770L (version ME_1.01, ME_1.02, AU_1.06)
D-Link DIR-140L, DIR-640L (version 1.00, 1.01RU, 1.02)
D-Link DWR-116, DWR-512, DWR-555, DWR-921 (version V1.03, V1.05, V2.01, V2.02)

[Vulnerability Type]
admin credentials disclosure

[Affected Component]
Web Interface

[CVE Reference]
CVE-2018-18008

[Security Issue]
An authenticated user can visit the page spaces.htm, for example,...

[CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials

21 December, 2018 - 04:46

Posted by Tyler Cui on Dec 21

[Vendor]
us.dlink.com

[Product]
D-Link DSL-2770L (version ME_1.01, ME_1.02, AU_1.06)

[Vulnerability Type]
admin credentials disclosure

[Affected Component]
Web Interface

[CVE Reference]
CVE-2018-18007

[Security Issue]
An authenticated user can visit the page atbox.htm, for example, http://victime_ip/atbox.htm, and obtain clear text
password of user admin at the line:

else if(ff.curpd.value != "__password__")...