Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 7 min 33 sec ago

[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET

18 November, 2016 - 05:11

Posted by ERPScan inc on Nov 18

Application: SAP NetWeaver AS ABAP

Versions Affected: SAP NetWeaver AS ABAP 7.4

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2312966

Author: Daria Prosochkina (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal
using READ DATASET...

FUDforum 3.0.6: LFI

18 November, 2016 - 05:11

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: FUDforum 3.0.6
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://fudforum.org/forum/
Vulnerability Type: LFI
Remote Exploitable: Yes
Reported to vendor: 04/11/2016
Disclosed to public: 11/10/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview

FUDforum is...

Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags

18 November, 2016 - 05:11

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: Jaws 1.1.1
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://jaws-project.com/
Vulnerability Type: Object Injection, Open Redirect, Cookie Flags
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to public: 11/10/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of...

FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF

18 November, 2016 - 05:11

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: FUDforum 3.0.6
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://fudforum.org/forum/
Vulnerability Type: XSS, Login CSRF
Remote Exploitable: Yes
Reported to vendor: 04/11/2016
Disclosed to public: 11/10/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview...

Jaws 1.1.1: Code Execution

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: Jaws 1.1.1
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://jaws-project.com/
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to public: 11/10/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview

Jaws is a...

Lepton 2.2.2: Code Execution

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: LEPTON 2.2.2 stable
Fixed in: 2.3.0
Fixed Version Link: http://www.lepton-cms.org/posts/
important-lepton-2.3.0-101.php
Vendor Website: http://www.lepton-cms.org/
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to 11/10/2016
public:
Release mode: Coordinated Release
CVE:...

Lepton 2.2.2: CSRF, Open Redirect, Insecure Bruteforce Protection & Password Handling

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: LEPTON 2.2.2 stable
Fixed in: 2.3.0
Fixed Version http://www.lepton-cms.org/posts/
Link: important-lepton-2.3.0-101.php
Vendor Website: http://www.lepton-cms.org/
Vulnerability CSRF, Open Redirect, Insecure Bruteforce Protection &
Type: Password Handling
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:...

Lepton 2.2.2: SQL Injection

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: LEPTON 2.2.2 stable
Fixed in: 2.3.0
Fixed Version Link: http://www.lepton-cms.org/posts/
important-lepton-2.3.0-101.php
Vendor Website: http://www.lepton-cms.org/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to 11/10/2016
public:
Release mode: Coordinated Release
CVE:...

MoinMoin 1.9.8: XSS

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: MoinMoin 1.9.8
Fixed in: 1.9.9
Fixed Version Link: http://static.moinmo.in/files/moin-1.9.9.tar.gz
Vendor Website: https://moinmo.in
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to public: 11/10/2016
Release mode: Coordinated Release
CVE: CVE-2016-7148, CVE-2016-7146
Credits...

MyLittleForum 2.3.6.1: CSRF

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: MyLittleForum 2.3.6.1
Fixed in: 2.3.7beta
Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/
v2.3.7beta
Vendor Website: http://mylittleforum.net/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to 11/10/2016
public:
Release mode: Coordinated Release
CVE:...

Mezzanine 4.2.0: XSS

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: Mezzanine 4.2.0
Fixed in: 4.2.1
Fixed Version Link: https://github.com/stephenmcd/mezzanine/releases/tag/4.2.1
Vendor Website: http://mezzanine.jupo.org/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to public: 11/10/2016
Release mode: Coordinated Release
CVE: n/a
Credits...

SPIP 3.1: XSS & Host Header Injection

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected SPIP 3.1
Product:
Fixed in: 3.1.2 / 3.0.23
Fixed Version http://www.spip.net/en_download
Link:
Vendor Website: http://www.spip.net/
Vulnerability Reflected & Persistent XSS, Host Header Injection, httpOnly
Type: Cookie disclosure
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 11/10/2016
public:
Release...

MyLittleForum 2.3.6.1: XSS & RPO

18 November, 2016 - 05:10

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory - Curesec Research Team

1. Introduction

Affected Product: MyLittleForum 2.3.6.1
Fixed in: 2.3.7beta
Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/
v2.3.7beta
Vendor Website: http://mylittleforum.net/
Vulnerability Type: XSS & RPO
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to 11/10/2016
public:
Release mode: Coordinated...

Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread use-after-free details

18 November, 2016 - 05:09

Posted by Berend-Jan Wever on Nov 18

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
thirteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161117001.html.

Follow me...

CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details

18 November, 2016 - 05:09

Posted by Berend-Jan Wever on Nov 18

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twelfth entry in that series. Unfortunately I won't be able to publish
everything within one month at the current rate, so I may continue to
publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161116001.html.

Follow me on...

CVE request - Samsumg Mobile Phone SVE-2016-6343: Unauthorized API access via system service call

18 November, 2016 - 05:09

Posted by 0xr0ot on Nov 18

Hi,

I'd like to request CVE for the following vulnerability fixed in NOV,2016.

Fix:
http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016

Description of the security vulnerability:

Severity: Medium
Affected versions: M(6.0)
Reported on: May 26, 2016
Disclosure status: Privately disclosed.
The vulnerability allowing unauthorized access to system APIs from system
service with improper access control enables attackers to control...

Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability

18 November, 2016 - 05:06

Posted by Vulnerability Lab on Nov 18

Document Title:
===============
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2003

Release Date:
=============
2016-11-14

Vulnerability Laboratory ID (VL-ID):
====================================
2003

Common Vulnerability Scoring System:
====================================
4

Product & Service Introduction:...

EditMe CMS - CSRF Privilege Escalate Web Vulnerability

18 November, 2016 - 05:02

Posted by Vulnerability Lab on Nov 18

Document Title:
===============
EditMe CMS - CSRF Privilege Escalate Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1996

Release Date:
=============
2016-11-14

Vulnerability Laboratory ID (VL-ID):
====================================
1996

Common Vulnerability Scoring System:
====================================
2.8

Product & Service Introduction:...

Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability

18 November, 2016 - 05:00

Posted by Vulnerability Lab on Nov 18

Document Title:
===============
Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1999

Release Date:
=============
2016-11-09

Vulnerability Laboratory ID (VL-ID):
====================================
1999

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Apple iOS 10.1 - Multiple Access Permission Vulnerabilities

18 November, 2016 - 04:43

Posted by Vulnerability Lab on Nov 18

Document Title:
===============
Apple iOS 10.1 - Multiple Access Permission Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2012

Apple Security ID: 648680301

Video1: https://www.youtube.com/watch?v=fY2Obtxk_Dg
Video2: https://www.youtube.com/watch?v=46CHjQxkKxk

Release Date:
=============
2016-11-17

Vulnerability Laboratory ID (VL-ID):
====================================
2012...