Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 40 sec ago

DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities

9 April, 2019 - 13:24

Posted by secure on Apr 09

DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities

Dell EMC Identifier: DSA-2019-031

CVE Identifier: CVE-2019-3708, CVE-2019-3709

Severity: High

Severity Rating: Please refer to the Details section below of individual CVSS Scores for each CVE.

Affected products:
Dell EMC IsilonSD Management Server 1.1.0

Summary:
Dell EMC IsilonSD Management Server 1.1.1 contains fixes for two cross-site...

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

9 April, 2019 - 13:24

Posted by Rodrigo Rubira Branco (BSDaemon) on Apr 09

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

The call for papers for H2HC 16th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, on 26th and 27th of
October 2019.

[ - INTRODUCTION - ]

For another consecutive year and past success we have been having, the
annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
on 26 and 27 of october of 2019 and aims to get together industry,...

GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload

9 April, 2019 - 11:23

Posted by gionreale on Apr 09

GAT-Ship Web Module before the current version (1.40) suffers from a vulnerability allowing authenticated attackers to
upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"

Fix:
Upgrade to 1.40

EasyIO 30P: CVE-2018-15820 (Stored XSS) and CVE-2018-15819 (Authentication bypass)

9 April, 2019 - 11:21

Posted by Daniel dos Santos on Apr 09

INFORMATION

Product: EasyIO 30P (http://www.easyio.com)
Affected versions: < 2.0.5.27 (tested on version 2.0.5.16)
CVE IDs: CVE-2018-15820 (Stored XSS) and CVE-2018-15819 (Authentication bypass)
Remote-exploit: yes

TIMELINE

Vendor notification: 3rd August, 2018
Vendor acknowledgment: 22nd August, 2018
Patch available: 8th October, 2018
Public disclosure: 7th April, 2019

INTRODUCTION

The EasyIO-30P controllers are rugged, network centric,...

Loytec LGATE-902: Multiple Vulnerabilities (XSS, Path traversal and File Deletion)

9 April, 2019 - 11:21

Posted by Daniel dos Santos on Apr 09

INFORMATION

Product: Loytec LGATE-902 (https://www.loytec.com/)
Affected versions: < 6.4.2 (tested on version 6.3.2)
CVE IDs: CVE-2018-14919 (Stored and reflected XSS), CVE-2018-14918 (Path
traversal), and CVE-2018-14916 (Arbitrary file deletion).
Remote-exploit: yes

TIMELINE

Vendor notification: 26th July, 2018
Vendor acknowledgment: 1st August, 2018
Patch available: 13th November, 2018
Public disclosure: 7th April, 2019

INTRODUCTION

The...

WordPress plugin Contact Form by WD [CSRF → LFI]

5 April, 2019 - 12:37

Posted by Panagiotis Vagenas on Apr 05

# Exploit Title: Contact Form by WD [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/contact-form-maker
# Version: 1.13.1
# Tested on: WordPress 5.1.1

Description
-----------

Plugin implements the following AJAX actions:

- `manage_fm`
- `get_stats`
- `generete_csv`
- `generete_xml`
- `formmakerwdcaptcha`
- `nopriv_formmakerwdcaptcha`...

WordPress Plugin Form Maker by WD [CSRF → LFI]

5 April, 2019 - 12:37

Posted by Panagiotis Vagenas on Apr 05

# Exploit Title: Form Maker by WD [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/form-maker
# Version: 1.13.2
# Tested on: WordPress 5.1

Description
-----------

Plugin implements the following AJAX actions:

- `generete_csv`
- `generete_xml`
- `formmakerwdcaptcha`
- `formmakerwdmathcaptcha`
- `product_option`
-...

Arris Touchstone TG1672 Administrative Login Vulnerabilities

5 April, 2019 - 12:34

Posted by Harley A.W. Lorenzo via Fulldisclosure on Apr 05

================================================================================
Title: Arris Touchstone TG1672 Administrative Login Vulnerabilities
Product: Arris Touchstone TG1672
Version: TS0901103AS_092216_16XX.GW_SIP (most likely other versions
affected by unconfirmed)
Product Page: https://www.arris.com/products/
touchstone-telephony-gateway-tg1672/
Published: 2019-04-05...

Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845]

5 April, 2019 - 12:34

Posted by gionreale on Apr 05

An issue was discovered in Uniqkey Password Manager 1.14.
When entering new credentials to a site that isn't registered within
this product, a pop-up window will appear asking the user if
they want to save these new credentials. The code of the pop-up window
can be read and, to some extent, manipulated by remote servers. This
pop-up window will stay on any page the user visits within the browser
until a decision is made. A malicious web...

hardwear.io 2019 Call For Papers is Open - USA & Netherlands

5 April, 2019 - 00:36

Posted by Yuliya Pliavaka on Apr 04

Dear InfoSec Gurus,

Hardwear.io Security Conference and Training is a platform for hardware and
security community where researchers showcase and discuss their innovative
research on attacking and defending hardware.

Submission Topics

hardwear.io accepts papers on any topic that discusses in-depth hardware
and firmware security both from the offensive as well as defensive
perspective. Example topics: IC, Processors, IoT, Automotive,...

SphereFTP 2.0 Denial Of Service

5 April, 2019 - 00:35

Posted by Sachin Wagh on Apr 04

#!/usr/bin/python
# Exploit Title: SphereFTP Server v2.0 Remote Denial of Service
Vulnerability
# Date: 2019-31-03
# Exploit Author: Sachin Wagh (@tiger_tigerboy)
# Software Link: http://www.menasoft.com/sphereftp/sphereftp_win32_v20.zip
# Tested on: Windows 10 64-bit

import socket
import sys

evil = "A"*3000
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.56.1',21))

s.recv(1024)...

DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities

5 April, 2019 - 00:35

Posted by secure on Apr 04

Dell EMC Product Taxonomy IsilonSD Management Server

Role Security Advisory Technically Signed Off by
Product Management John Harr
Engineering Team Phillip Nordwall
Program Management David Geijsbeek
Service Product Lead (SDS) Jeremy Johnson

DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities

Dell EMC Identifier: DSA-2019-031
CVE Identifier: CVE-2019-3708, CVE-2019-3709...

CVE-2019-7727 - JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution

5 April, 2019 - 00:35

Posted by Red Timmy Sec - on Apr 04

Description
===========
NICE Engage is an interaction recording platform. The default configuration in versions <= 6.5 (and possible higher)
binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which
allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed
affected TCP port is 6338 but based on product's configuration a...

c0c0n XII | The cy0ps c0n - Call For Papers & Call For Workshops

5 April, 2019 - 00:35

Posted by Prajwal Panchmahalkar on Apr 04

#################################################################
c0c0n XII | The cy0ps c0n - Call For Papers & Call For Workshops
#################################################################

Sep 25-28, 2019 - Grand Hyatt, Kochi (Cochin), Kerala, India

Buenos Dias from the God's Own Country!

We are extremely delighted to announce the Call for Papers and Call for
Workshops for c0c0n 2019 <http://www.is-ra.org/c0c0n/>, a...

Open-Xchange Security Advisory 2019-04-01

5 April, 2019 - 00:34

Posted by Open-Xchange GmbH via Fulldisclosure on Apr 04

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 61771 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable...

Uniqkey Password Manager 1.14 - Remote Credential Disclosure

5 April, 2019 - 00:31

Posted by gionreale on Apr 04

CVE-2019-10676

Various vulnerabilities in Lupusec XT2 Plus home alarm system

5 April, 2019 - 00:29

Posted by Dan Fabian on Apr 04

=======================================================================
title: Multiple Vulnerabilities
product: Lupusec XT2 Plus Main Panel
version: Firmware 0.0.2.19E
homepage: https://www.lupus-electronics.de/
found: 01/2019
by: D. Fabian
=======================================================================

Vendor description:
-------------------
"The new...

APPLE-SA-2019-3-27-1 watchOS 5.2

29 March, 2019 - 02:15

Posted by Apple Product Security via Fulldisclosure on Mar 29

APPLE-SA-2019-3-27-1 watchOS 5.2

watchOS 5.2 is now available and addresses the following:

CFString
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.

configd
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate...

[SAUTH-2019-0002] - Pydio 8 Multiple Vulnerabilities

29 March, 2019 - 02:12

Posted by SecureAuth Advisories on Mar 29

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

Pydio 8 Multiple Vulnerabilities

1. *Advisory Information*

Title: Pydio 8 Multiple Vulnerabilities
Advisory ID: SAUTH-2019-0002
Advisory URL:
https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities
Date published: 2019-03-28
Date of last update: 2019-03-28
Vendors contacted: Pydio
Release mode: Coordinated release

2. *Vulnerability Information*

Class:...

[RT-SA-2019-005] Cisco RV320 Command Injection Retrieval

27 March, 2019 - 04:58

Posted by RedTeam Pentesting GmbH on Mar 27

Advisory: Cisco RV320 Command Injection

RedTeam Pentesting discovered a command injection vulnerability in the
web-based certificate generator feature of the Cisco RV320 router which
was inadequately patched by the vendor.

Details
=======

Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15 through 1.4.2.20
Fixed Versions: none
Vulnerability Type: Remote Code Execution
Security Risk: medium
Vendor URL:...