Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 10 min 50 sec ago

[CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor v7.1.3.3378

1 March, 2019 - 15:20

Posted by Rafael Pedrero on Mar 01

In 2009...

<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9206
# Category: webapps

1. Description

PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,
errormsg or...

Apache UNO API RCE

1 March, 2019 - 15:10

Posted by Axel Boesenach on Mar 01

Dear reader,

I am not sure if I am contacting through the right email address but someone said I should e-mail you guys.

I found an RCE functionality in the Apache UNO API which could give an attacker control over a machine, or use a
machine already compromised in the network to exfiltrate data, etc.

The company that posted this issue on their blog is the company I did my internship. Copy-paste from the advisory on
there:

[START OF...

SHAREit for Android Authentication Bypass and Remote File Download

1 March, 2019 - 15:03

Posted by RedForce Advisory on Mar 01

RedForce Advisory
https://redforce.io

## ِAdvisory Information
Title: SHAREit For Android <= 4.0.38 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
Date published: 2019-02-25
Date of last update: 2019-02-25
Vendors contacted: Beijing Shareit Information Technology Co., Ltd.

## Introduction

SHAREit for Android is a popular application used for file...

[CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

1 March, 2019 - 15:03

Posted by advisories on Mar 01

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

1. *Advisory Information*

Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
Advisory ID: CORE-2018-0012
Advisory URL:
http://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27...

AST-2019-001: Remote crash vulnerability with SDP protocol violation

28 February, 2019 - 15:33

Posted by Asterisk Security Team on Feb 28

Asterisk Project Security Advisory - AST-2019-001

Product Asterisk
Summary Remote crash vulnerability with SDP protocol
violation
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions...

Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!

26 February, 2019 - 15:31

Posted by Stefan Kanthak on Feb 26

Hi @ll,

Microsoft just announced the general availability of their
"Windows Defender Advanced Threat Protection/Endpoint Protection & Response"
for their "downlevel" operating systems Windows 7 and Windows 8.1:
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Windows-Defender-ATP-s-EDR-capability-for-Windows-7-and-Windows/ba-p/355535

This announcement ends in

| For more information on how you can onboard...

[CVE-2019-9083] Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4)

26 February, 2019 - 15:31

Posted by Rafael Pedrero on Feb 26

<!--
# Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4)
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.sqlitemanager.org/
# Software Link: http://www.sqlitemanager.org/
# Version: SQLiteManager 1.2.0 (and 1.2.4)
# Tested on: All
# CVE : CVE-2019-9083
# Category: webapps

1. Description

SQLiteManager 1.2.0 (and 1.2.4) allows SQL injection via the
/sqlitemanager/main.php dbsel parameter....

CVE-2019-1000032: Memory corruption / DoS in nanosvg

26 February, 2019 - 15:00

Posted by Sebastian Neef on Feb 26

The SVG library nanosvg [0] suffers from a memory corruption bug that can lead to at least DoS.

The bug exists in the `nsvg__parseColorRGB` function, which can be reached by parsing a malicious SVG file through
`nsvgParseFromFile` or `nsvgParse`. This should also affect libraries/packages that provide bindings to nanosvg, for
example:

- Lua: https://github.com/iongion/lunavg
- Python: https://github.com/ethanhs/pynanosvg
- Java:...

CVE-2019-8939: XSS in Tautulli

22 February, 2019 - 13:20

Posted by Geeknik Labs via Fulldisclosure on Feb 22

Tautulli (https://tautulli.com/) is a Python based monitoring and tracking tool for Plex Media Server.

We discovered that an authenticated Plex Media Server user could change their Plex username to include JavaScript and
Tautulli would fail to sanitize the username so that when the Plex Media Server administrator viewed certain pages
generated by Tautulli, the JavaScript would be executed in the context of the server administrator.

This was...

Kanboard 1.2.7 Multiple Vulnerabilities

21 February, 2019 - 03:57

Posted by Will Boucher via Fulldisclosure on Feb 21

Kanboard 1.2.7 Multiple Vulnerabilities

Kanboard 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request
forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA
deactivation, allowing an unauthenticated attacker to disable an account's 2FA configuration. A lack of integrity
checking or transport layer encryption enforced on...

Multiple issues in Teracue ENC-400 including pre-authenticated remote code execution

21 February, 2019 - 03:56

Posted by Stephen Shkardoon on Feb 21

Introduction
============

Multiple vulnerabilities were identified within the Teracue ENC-400,
including pre-authenticated remote code authentication. While the vendor
has released updated firmware after these issues were identified, they are
not all resolved with the latest version of the firmware.

Product
=======

The Teracue ENC-400 is accessible over an HTTP interface, which allows
device configuration (including setting passwords or video...

[CVE-2019-8938] Cross Site Scripting in VertrigoServ 2.17

21 February, 2019 - 03:56

Posted by Rafael Pedrero on Feb 21

<!--
# Exploit Title: Cross Site Scripting in VertrigoServ 2.17
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://vertrigo.sf.net
# Software Link: http://vertrigo.sf.net
# Version: VertrigoServ 2.17
# Tested on: All
# CVE : CVE-2019-8938
# Category: webapps

1. Description

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
NOTE: This product is discontinued.

2. Proof of Concept...

[CVE-2018-18845] Cross Site Scripting in Advanced comment system v1.0

21 February, 2019 - 03:56

Posted by Rafael Pedrero on Feb 21

I thought I had reported it but not, better late than never.

<!--
# Exploit Title: Cross Site Scripting in Advanced comment system v1.0
# Date: 29-10-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.plohni.com
# Software Link:
http://www.plohni.com/wb/content/php/download/Advanced_comment_system_1-0.zip,
https://web.archive.org/web/20120214173003/http://www.plohni.com/wb/content/php/download/Advanced_comment_system_1-0.zip...

[CVE-2019-8925 to CVE-2019-8929] Path traversal and Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone

21 February, 2019 - 03:56

Posted by Rafael Pedrero on Feb 21

<!--
# Exploit Title: Path traversal vulnerability in Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.manageengine.com/products/netflow/?doc
# Software Link: https://www.manageengine.com/products/netflow/?doc
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-8925
# Category: webapps

1. Description...

[CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous)

21 February, 2019 - 03:56

Posted by Rafael Pedrero on Feb 21

<!--
# Exploit Title: SQL injection in XAMPP 5.6.8 (and previous)
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage:
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/
# Software Link:
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/
# Version: XAMPP 5.6.8
# Tested on: All
# CVE : CVE-2019-8923
# Category: webapps

1. Description

XAMPP through 5.6.8 allows SQL injection via the...

CA20190212-01: Security Notice for CA Privileged Access Manager

21 February, 2019 - 03:54

Posted by Kevin Kotas via Fulldisclosure on Feb 21

CA20190212-01: Security Notice for CA Privileged Access Manager

Issued: February 12, 2019
Last Updated: February 12, 2019

CA Technologies Support is alerting customers to a potential risk
with CA Privileged Access Manager. A vulnerability exists that can
allow a remote attacker to access sensitive information or modify
configuration. CA published solutions to address the vulnerabilities.

CVE-2019-7392 describes a vulnerability resulting from...

Re: Reflected Cross-site Scripting Vulnerability in Collabtive 3.1

21 February, 2019 - 03:53

Posted by Henri Salo on Feb 21

CVE-2019-8935 has been assigned for this vulnerability.

Multiple Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4

21 February, 2019 - 03:53

Posted by Daniel Bishtawi on Feb 21

Hello,

We are glad to inform you about the vulnerabilities we reported in HTMLy
2.7.4.

Here are the details:

Advisory by Netsparker
Name: Cross-Site Scripting Vulnerabilities in HTMLy 2.7.4
Affected Software: HTMLy
Affected Versions: 2.7.4
Homepage: https://github.com/danpros/htmly
Vulnerability: Cross-Site Scripting
Severity: High
Status: Not Fixed
CVE-ID: CVE-2019-8349
CVSS Score (3.0): CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Netsparker...

Open Redirection Vulnerability in GetSimpleCMS 3.3.13

21 February, 2019 - 03:53

Posted by Daniel Bishtawi on Feb 21

Hello,

We are glad to inform you about the vulnerabilities we reported in
GetSimpleCMS 3.3.13.

Here are the details:

Advisory by Netsparker
Name: Open Redirection Vulnerability in GetSimpleCMS
Affected Software: GetSimpleCMS
Affected Versions: 3.3.13
Homepage: http://get-simple.info/
Vulnerability: Open Redirection
Severity: Medium
Status: Not Fixed
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Netsparker Advisory Reference: NS-18-056...

[SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities

21 February, 2019 - 03:52

Posted by advisories on Feb 21

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

Micro Focus Filr Multiple Vulnerabilities

1. *Advisory Information*

Title: Micro Focus Filr Multiple Vulnerabilities
Advisory ID: SAUTH-2019-0001
Advisory URL:
https://www.secureauth.com/labs/advisories/micro-focus-filr-multiple-vulnerabilities
Date published: 2019-02-20
Date of last update: 2019-02-20
Vendors contacted: Micro Focus
Release mode: Coordinated release

2....