Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 9 min 13 sec ago

[RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor

31 May, 2016 - 06:46

Posted by RedTeam Pentesting GmbH on May 31

Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor

Authenticated users who can create new HTTP XML/REST Value sensors in
PRTG Network Monitor can read local files on the PRTG host system via
XML external entity expansion.

Details
=======

Product: Paessler PRTG Network Monitor
Affected Versions: 14.4.12.3282
Fixed Versions: 16.2.23.3077/3078
Vulnerability Type: XML External Entity Expansion
Security Risk: medium
Vendor...

Re: Teampass v2.1.26 - Stored Cross Site Scripting Vulnerability

26 May, 2016 - 08:31

Posted by Peter Kok on May 26

Hi Ulisses,

The XSS found is a different one. The one mentioned on
https://github.com/nilsteampassnet/TeamPass/issues/1244 has a screenshot
where the XSS is inserted when creating a new role and by preventing the
javascript filters to execute. A new role can only be created by the
admin user. This XSS is also performed by inserting the <script> tag,
this tag does not work in the new found bug.

The new found
XSS(...

Re: CVE-2015-3854 Battery permission leakage in Android

26 May, 2016 - 08:31

Posted by flanker on May 26

The Credit of this vulnerability is to
Qidan He (@flanker_hqd) from KeenLab(http://keenlab.tencent.com), Tencent.

------------------
Sincerely
Qidan (a.k.a Flanker)

------------------ Original ------------------
From: "flanker"<i () flanker017 me>;
Date: Thu, May 26, 2016 03:27 PM
To: "fulldisclosure"<fulldisclosure () seclists org>;

Subject: CVE-2015-3854 Battery permission leakage in Android

Hi:...

CVE-2015-3854 Battery permission leakage in Android

26 May, 2016 - 08:31

Posted by flanker on May 26

Hi: I'm posting some vulnerabilities I reported to Android and fixed last year prior to the Android Security Bounty
program launch. Since there're no public bulletins for these ancient reports, I'm writing to the maillist for the
record. Details ======= A permission leakage exists in Android 5.x that enables a malicious application to acquire the
system-level protected permission of DEVICE_POWER. There exists a permission...

Re: Teampass v2.1.26 - Stored Cross Site Scripting Vulnerability

25 May, 2016 - 23:10

Posted by Ulisses Montenegro on May 25

This looks very similar to the persistent XSS reported a while ago on the
Teampass github, is it the same vulnerability?

https://github.com/nilsteampassnet/TeamPass/issues/1244

On 25 May 2016 at 19:10, Vulnerability Lab <research () vulnerability-lab com>
wrote:

CVE-2016-4803 dotCMS - Email Header Injection

25 May, 2016 - 23:10

Posted by Elar Lang on May 25

Title: CVE-2016-4803 dotCMS - Email Header Injection
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: Email Header Injection
Vulnerable version: before 3.5 / 3.3.2
CVE: CVE-2016-4803
Vendor: dotCMS (http://dotcms.com/)

# Description
dotCMS has an email sending functionality at path /dotCMS/sendEmail/
Some parameters are vulnerable to Email Header Injection.

# Preconditions
There is no pre-condition on authentication or on...

[RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections

25 May, 2016 - 23:10

Posted by Julien Ahrens on May 25

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenAPI for XenForo
Vendor URL: github.com/Contex/XenAPI
Type: SQL Injection [CWE-89]
Date found: 2016-05-20
Date published: 2016-05-23
CVSSv3 Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE...