Full Disclosure
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 7 min 35 sec ago
[SRP-2018-02] Details of a vulnerability in STMicroelectronics' chipset
Posted by Adam Gowdiak on Feb 20
Hello All,Technical details of ST chipset vulnerability has been released
and are now included in our technical report pertaining to the
security of NC+ SAT TV platform.
As indicated last week, the release is made as a direct result
of no interest in this research.
Updated version of the report, associated Proof of Concept codes
and tools can be downloaded from SRP-2018-02 project location:...
Re: [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets
Posted by Security Explorations on Feb 13
Hello All,Due to no interest in our SAT TV security research, the remaining
bits of SRP-2018-02 material including the following:
- technical details of a new ST chipset vulnerability,
- Proof of Concept code for the above vulnerability,
- Proof of Concept codes for set-top-box and ST chipset access,
- SLIMCore assembler and compiler stubs generator tools,
- responses (or their lack of) to our inquiries from 20+ companies
(content...
KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset
Posted by Kingkaustubh via Fulldisclosure on Feb 12
=====================================================DoS and gecko reboot in the nokia 8810 4G handset
=====================================================
. contents:: Table Of Content
Overview
========
Title:- DoS and gecko reboot in the nokia 8810 4G handset
Author: Kaustubh G. Padwad
CVE ID: CVE-2019-7386
Vendor: HMD Global, Nokia, KaiOS
Products: Nokia 88104G
Tested Version: :
Model :- Nokia 8810 4G
Software : 10.05...
KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Raisecom GPON Devices
Posted by Kingkaustubh via Fulldisclosure on Feb 12
=====================================Authenticated Shell Command Injection
=====================================
. contents:: Table Of Content
Overview
========
Title:- Authenticated Shell command Injection
Author: Kaustubh G. Padwad
Vendor: Raisecom technology co.,LTD
Product: GPON-ONU HT803G-07 (could be more who shares the same codebase)
Potentially vulnerable
ISCOM HT803G-U
ISCOM HT803G-W
ISCOM HT803G-1GE
ISCOM HT803G
Tested...
KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices
Posted by Kingkaustubh via Fulldisclosure on Feb 12
=====================================Authenticated Shell Command Injection
=====================================
. contents:: Table Of Content
Overview
========
Title:- Authenticated Shell command Injection
Author: Kaustubh G. Padwad
CVE ID: CVE-2019-7384.
Vendor: Raisecom technology co.,LTD
Product: GPON-ONU HT803G-07 (could be more who shares the same codebase)
Potentially vulnerable
ISCOM HT803G-U
ISCOM HT803G-W
ISCOM HT803G-1GE...
KSA-Dev-003:CVE-2019-7383 : Remote Code Execution Via shell upload in all systorme ISG products
Posted by Kingkaustubh via Fulldisclosure on Feb 12
=====================================Authenticated Shell Command Injection
=====================================
. contents:: Table Of Content
Overview
========
Title : Authenticated Shell command Injection
Author: Kaustubh G. Padwad
CVE ID: CVE-2019-7383
Vendor: Systrome Networks (http://systrome.com/about/)
Products:
1.ISG-600C
2.ISG-600H
3.ISG-800W
Tested Version: : ISG-V1.1-R2.1_TRUNK-20181105.bin(Respetive for...
KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall
Posted by Kingkaustubh via Fulldisclosure on Feb 12
=====================================================Authenticated XSRF leads to complete Account Takeover
=====================================================
. contents:: Table Of Content
Overview
========
Title:- Authenticated XSRF leads to complete account takeover in all SYSTORME ISG Products.
CVE ID:- CVE-2018-19525
Author: Kaustubh G. Padwad
Vendor: Systrome Networks (http://systrome.com/about/)
Products:
1.ISG-600C...
KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals.
Posted by Kingkaustubh via Fulldisclosure on Feb 12
========================================================Unauthenticated Stack Overflow in Multiple Gpon Devices
========================================================
. contents:: Table Of Content
Overview
========
Title:- StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals.
CVE-ID :- CVE-2018-19524
Author: Kaustubh G. Padwad
Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(...
Content Injection in Amazon's FireOS [CVE-2019-7399]
Posted by Nightwatch Cybersecurity Research on Feb 08
[Original blog post here:https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/]
SUMMARY
The FireOS operating system provided by Amazon for Fire tablet devices
can be injected with malicious content by an MITM attacker. An
attacker can also capture the serial number of the device. The root
cause is lack of HTTPS for legal content (terms of use and privacy
policy) within the settings...
[CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
Posted by Rafael Pedrero on Feb 08
<!--# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.manageengine.com/products/netflow/?doc
# Software Link: https://www.manageengine.com/products/netflow/?doc
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-7422
# Category: webapps
1....
[CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service
Posted by Rafael Pedrero on Feb 08
<!--# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System...
[CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3
Posted by Rafael Pedrero on Feb 08
<!--# Exploit Title: Cross Site Scripting in Ericsson Active Library Explorer
Server Version 14.3
# Date: 23-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.ericsson.com
# Software Link: http://www.ericsson.com
# Version: Ericsson Active Library Explorer Server Version 14.3
# Tested on: all
# CVE : CVE-2019-7417
# Category: webapps
1. Description
XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple...
[CVE-2019-7416] Client Side URL Redirect (OTG-CLIENT-004) in OpenText Documentum Webtop 5.3 SP2
Posted by Rafael Pedrero on Feb 08
<!--# Exploit Title: Client Side URL Redirect (OTG-CLIENT-004) in OpenText
Documentum Webtop 5.3 SP2
# Date: 17-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Software Link:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Version:...
APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS
Posted by Apple Product Security via Fulldisclosure on Feb 08
APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOSShortcuts 2.1.3 for iOS is now available and addresses the following:
Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A local user may be able to view senstive user information
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2019-7289: Sem Voigtländer of Fontys Hogeschool ICT
Shortcuts
Available for: Shortcuts 2.1.2 for iOS...
APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update
Posted by Apple Product Security via Fulldisclosure on Feb 08
APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental UpdatemacOS Mojave 10.14.3 Supplemental Update is now available and
addresses the following:
FaceTime
Available for: macOS Mojave 10.14.3
Impact: The initiator of a Group FaceTime call may be able to cause
the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime
calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson...
APPLE-SA-2019-2-07-1 iOS 12.1.4
Posted by Apple Product Security via Fulldisclosure on Feb 08
APPLE-SA-2019-2-07-1 iOS 12.1.4iOS 12.1.4 is now available and addresses the following:
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: The initiator of a Group FaceTime call may be able to cause
the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime
calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson of...
Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702)
Posted by David Coomber on Feb 08
Qkr! with MasterPass iOS Application - MITM SSL CertificateVulnerability (CVE-2019-6702)
YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin)
Posted by Tim Coen on Feb 05
* Vulnerability: XSS* Affected Software: [YOP Poll](https://wordpress.org/plugins/yop-poll/)
* Affected Version: 6.0.2
* Patched Version: 6.0.3
* CVE: not requested
* Risk: Medium
* Vendor Contacted: 10/25/2018
* Vendor Fix: 11/26/2018
* Public Disclosure: 02/05/2019
* Credit: Tim Coen
##### CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](...
WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin)
Posted by Tim Coen on Feb 05
* Vulnerability: XSS* Affected Software: [WP Live Chat
Support](https://wordpress.org/plugins/wp-live-chat-support/)
* Affected Version: 8.0.18
* Patched Version:
* CVE: not requested
* Risk: Medium
* Vendor Contacted: 10/31/2018
* Vendor Fix: 11/01/2018
* Public Disclosure: 02/05/2019
* Credit: Tim Coen
##### CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](...
wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin)
Posted by Tim Coen on Feb 05
* Vulnerability: XSS* Affected Software:
[wpGoogleMaps](https://wordpress.org/plugins/wp-google-maps/)
* Affected Version: 7.10.41
* Patched Version: 7.10.43
* CVE: not requested
* Risk: Medium
* Vendor Contacted: 10/25/2018
* Vendor Fix: 10/31/2018
* Public Disclosure: 02/05/2019
* Credit: Tim Coen
##### CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](...