Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 9 min 16 sec ago

BACKDOOR.WIN32.BNLITE / Remote Heap Corruption

3 January, 2021 - 17:55

Posted by malvuln on Jan 03

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
http://malvuln.com/advisory/f78cef7588f9c32609a4932d10c67f95.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: BACKDOOR.WIN32.BNLITE
Vulnerability: Remote Heap Corruption
Description: When sending a specially crafted payload to TCP Port
5000, the backdoor malware will suffer a Heap Corruption.

Type: PE32
MD5: f78cef7588f9c32609a4932d10c67f95
Vuln ID:...

Stored XSS In Hyland's Enterprise Search

3 January, 2021 - 17:14

Posted by johnkennedy on Jan 03

The admin console's event viewer displays logged event data inside of
<pre></pre> tags. An attack string like
"</pre><script>alert('hi')</script>" in any place across Enterprise
Search that will cause an error, like instead of a number or for the
username on the login page or through the new Federated Authentication,
will then be stored in the event log. The payload will execute each...

Multiple vulnerabilities found in Rock RMS including RCE and account takeover

3 January, 2021 - 17:13

Posted by Cyber Security Research Group via Fulldisclosure on Jan 03

Title
=========================
Multiple vulnerabilities found in Rock RMS including RCE and account takeover. A total of three CVEs were issued for
the vulnerabilities (CVE-2019-18641, CVE-2019-18642, CVE-2019-18643)

Product Description
=========================
Rock RMS is an open source CRM. Although the product is free, they request a paid subscription based on number of
users. In some cases, early access to patches require a paid...

Multiple vulnerabilities in Gotenberg <= 6.2.0

3 January, 2021 - 17:12

Posted by Błażej Adamczyk on Jan 03

1 Multiple vulnerabilities in Gotenberg <= 6.2.0
════════════════════════════════════════════════

Multiple vulnerabilities in Gotenberg (a Docker-powered stateless API
for converting HTML, Markdown and Office documents to PDF used as a
microservice) version <=6.2.0 allow a remote unauthenticated attacker
to execute any command within...

survey on reliability of CVSS

29 December, 2020 - 03:51

Posted by Zinaida Benenson on Dec 29

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to test the reliability of CVSS (Common Vulnerability Scoring
System). If you are currently assessing vulnerabilities using CVSS, we
would greatly appreciate your participation which contributes to the
improvement of vulnerability management. This survey takes approx. 45
minutes:

https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857

There has...

Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

29 December, 2020 - 03:49

Posted by Mark E. Jeftovic on Dec 29

Is there a transposition typo in the Mac OSX version number?

*Fixed Version:* |7.0.1.433| (Windows) and |7.1.0.434| (macOS)

My OSX Backblaze is reporting 7.0.2.470 as most recent version

Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

29 December, 2020 - 03:48

Posted by Jason Geffner on Dec 29

The message I received on April 17th, 2020 was as follows: "We recently
released a Win fix and Mac build from this code base should have the same
fix (Mac version 7.1.0.434)."

Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0

29 December, 2020 - 03:48

Posted by Daniel Bishtawi via Fulldisclosure on Dec 29

Hello,

We are informing you about Cross-Site Scripting Vulnerabilities in SEOPanel
4.6.0.

Information
--------------------

Advisory by Netsparker
Name: Cross-Site Scripting Vulnerabilities in SEOPanel
Affected Software: SEOPanel
Affected Versions: 4.6.0
Vendor Homepage: https://www.seopanel.org/
Vulnerability Type: Cross-Site Scripting
Severity: Important
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-20-005...

Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

25 December, 2020 - 20:06

Posted by Reed Loden on Dec 25

Due to a process fail, this CVE ID was accidentally reused for another
vulnerability.

The updated CVE ID for this issue is CVE-2020-8289.

We apologize to Jason and others for the inconvenience caused by this error.

Happy holidays,
~reed
(for HackerOne)

Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze

25 December, 2020 - 20:06

Posted by Reed Loden on Dec 25

Due to a process fail, this CVE ID was accidentally reused for another
vulnerability.

The updated CVE ID for this issue is CVE-2020-8290.

We apologize to Jason and others for the inconvenience caused by this error.

Happy holidays,
~reed
(for HackerOne)

CarolinaCon Online CFP

25 December, 2020 - 20:06

Posted by CarolinaCon on Dec 25

We hope this email finds you well.

This year has had its challenges and we had to postpone CarolinaCon 16
do to unforeseen circumstances. We are planning in the upcoming year to
host our conference online. We are also pleased to announce that our CFP
is now open. You can submit prospective presentations here,
https://cfp.carolinacon.org/cc-online/cfp
<https://cfp.carolinacon.org/cc-online/cfp>.

We hope that you take the time submit a...

[CVE-2018-7580] - Philips Hue Denial of Service

25 December, 2020 - 20:05

Posted by Ilia Shnaidman on Dec 25

[+] Credits: Ilia Shnaidman
[+] @0x496c on Twitter
[+] https://www.iliashn.com

Vendor:
=============
Philips Lighting Holding B.V

Product:
=============
Philips Hue Hub - all

Vulnerability Type:
======================
Denial of Service

Security Issue:
===============
Philips Hue is vulnerable to Denial of Service attack.
Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it
will stop responding.
The "hub" will...

Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze

25 December, 2020 - 20:01

Posted by Jason Geffner on Dec 25

Thanks, Reed. I've updated the GitHub repository name to reflect this
change. The detailed write-up can now be found at
https://github.com/geffner/CVE-2020-8290/blob/master/README.md.

Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

25 December, 2020 - 20:01

Posted by Jason Geffner on Dec 25

Thanks, Reed. I've updated the GitHub repository name to reflect this
change. The detailed write-up can now be found at
https://github.com/geffner/CVE-2020-8289/blob/master/README.md.

SYSS-2020-042 Urve - Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

25 December, 2020 - 20:01

Posted by Erik Steltzner on Dec 25

Advisory ID:               SYSS-2020-042
Product:                   URVE Software
Manufacturer:              Eveo Sp. z o.o.
Affected Version(s):       Build "24.03.2020"
Tested Version(s):         Build "24.03.2020"
Vulnerability Type:        Cleartext Storage of Sensitive Information
(CWE-312)
                           Exposure of...

SYSS-2020-041 Urve - Missing Authorization (CWE-862)

25 December, 2020 - 20:01

Posted by Erik Steltzner on Dec 25

Advisory ID:               SYSS-2020-041
Product:                   URVE Software
Manufacturer:              Eveo Sp. z o.o.
Affected Version(s):       Build "24.03.2020"
Tested Version(s):         Build "24.03.2020"
Vulnerability Type:        Missing Authorization (CWE-862)
Risk Level:                High
Solution Status:           Open...

SYSS-2020-040 Urve - Missing Authentication for Critical Function (CWE-306)

25 December, 2020 - 20:01

Posted by Erik Steltzner on Dec 25

Advisory ID:               SYSS-2020-040
Product:                   URVE Software
Manufacturer:              Eveo Sp. z o.o.
Affected Version(s):       Build "24.03.2020"
Tested Version(s):         Build "24.03.2020"
Vulnerability Type:        Missing Authentication for Critical Function
(CWE-306)
Risk Level:                High
Solution...

AST-2020-004: Remote crash in res_pjsip_diversion

22 December, 2020 - 17:32

Posted by Asterisk Security Team on Dec 22

Asterisk Project Security Advisory - AST-2020-004

Product Asterisk
Summary Remote crash in res_pjsip_diversion
Nature of Advisory Denial of service
Susceptibility Remote authenticated sessions
Severity Moderate...

AST-2020-003: Remote crash in res_pjsip_diversion

22 December, 2020 - 17:32

Posted by Asterisk Security Team on Dec 22

Asterisk Project Security Advisory - AST-2020-003

Product Asterisk
Summary Remote crash in res_pjsip_diversion
Nature of Advisory Denial of service
Susceptibility Remote authenticated sessions
Severity Moderate...

Rocket.Chat Path Traversal

21 December, 2020 - 19:14

Posted by Moe Szyslak on Dec 21

Rocket.Chat has fixed a server-side path traversal vulnerability that may
be abused to write files to attacker-controlled locations:

https://github.com/RocketChat/Rocket.Chat/commit/f5c7d94bffb279d7a2f859773935fb5cf70c81cd

Exploitation of this vulnerability requires uploading attachments with
crafted names and requesting a data download.

No release of Rocket.Chat contains these fixes. Users should consider
cherrypicking...