Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 5 min 41 sec ago

[RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow

31 May, 2016 - 06:51

Posted by RedTeam Pentesting GmbH on May 31

Advisory: Websockify: Remote Code Execution via Buffer Overflow

RedTeam Pentesting discovered a buffer overflow vulnerability in the C
implementation of Websockify, which allows attackers to execute
arbitrary code.

Details
=======

Product: Websockify C implementation
Affected Versions: all versions <= 0.8.0
Fixed Versions: versions since commit 192ec6f (2016-04-22) [0]
Vulnerability Type: Buffer Overflow
Security Risk: high
Vendor URL:...

[RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor

31 May, 2016 - 06:46

Posted by RedTeam Pentesting GmbH on May 31

Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor

Authenticated users who can create new HTTP XML/REST Value sensors in
PRTG Network Monitor can read local files on the PRTG host system via
XML external entity expansion.

Details
=======

Product: Paessler PRTG Network Monitor
Affected Versions: 14.4.12.3282
Fixed Versions: 16.2.23.3077/3078
Vulnerability Type: XML External Entity Expansion
Security Risk: medium
Vendor...

Re: Teampass v2.1.26 - Stored Cross Site Scripting Vulnerability

26 May, 2016 - 08:31

Posted by Peter Kok on May 26

Hi Ulisses,

The XSS found is a different one. The one mentioned on
https://github.com/nilsteampassnet/TeamPass/issues/1244 has a screenshot
where the XSS is inserted when creating a new role and by preventing the
javascript filters to execute. A new role can only be created by the
admin user. This XSS is also performed by inserting the <script> tag,
this tag does not work in the new found bug.

The new found
XSS(...

Re: CVE-2015-3854 Battery permission leakage in Android

26 May, 2016 - 08:31

Posted by flanker on May 26

The Credit of this vulnerability is to
Qidan He (@flanker_hqd) from KeenLab(http://keenlab.tencent.com), Tencent.

------------------
Sincerely
Qidan (a.k.a Flanker)

------------------ Original ------------------
From: "flanker"<i () flanker017 me>;
Date: Thu, May 26, 2016 03:27 PM
To: "fulldisclosure"<fulldisclosure () seclists org>;

Subject: CVE-2015-3854 Battery permission leakage in Android

Hi:...

CVE-2015-3854 Battery permission leakage in Android

26 May, 2016 - 08:31

Posted by flanker on May 26

Hi: I'm posting some vulnerabilities I reported to Android and fixed last year prior to the Android Security Bounty
program launch. Since there're no public bulletins for these ancient reports, I'm writing to the maillist for the
record. Details ======= A permission leakage exists in Android 5.x that enables a malicious application to acquire the
system-level protected permission of DEVICE_POWER. There exists a permission...

Re: Teampass v2.1.26 - Stored Cross Site Scripting Vulnerability

25 May, 2016 - 23:10

Posted by Ulisses Montenegro on May 25

This looks very similar to the persistent XSS reported a while ago on the
Teampass github, is it the same vulnerability?

https://github.com/nilsteampassnet/TeamPass/issues/1244

On 25 May 2016 at 19:10, Vulnerability Lab <research () vulnerability-lab com>
wrote:

CVE-2016-4803 dotCMS - Email Header Injection

25 May, 2016 - 23:10

Posted by Elar Lang on May 25

Title: CVE-2016-4803 dotCMS - Email Header Injection
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: Email Header Injection
Vulnerable version: before 3.5 / 3.3.2
CVE: CVE-2016-4803
Vendor: dotCMS (http://dotcms.com/)

# Description
dotCMS has an email sending functionality at path /dotCMS/sendEmail/
Some parameters are vulnerable to Email Header Injection.

# Preconditions
There is no pre-condition on authentication or on...

[RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections

25 May, 2016 - 23:10

Posted by Julien Ahrens on May 25

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenAPI for XenForo
Vendor URL: github.com/Contex/XenAPI
Type: SQL Injection [CWE-89]
Date found: 2016-05-20
Date published: 2016-05-23
CVSSv3 Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE...

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

25 May, 2016 - 04:26

Posted by Vulnerability Lab on May 25

Document Title:
===============
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852

Release Date:
=============
2016-05-25

Vulnerability Laboratory ID (VL-ID):
====================================
1852

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:...

Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability

25 May, 2016 - 04:24

Posted by Vulnerability Lab on May 25

Document Title:
===============
Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1830

ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b

Release Date:
=============
2016-05-10

Vulnerability Laboratory ID (VL-ID):
====================================
1830

Common Vulnerability Scoring System:
====================================...

Teampass v2.1.26 - Stored Cross Site Scripting Vulnerability

25 May, 2016 - 04:10

Posted by Vulnerability Lab on May 25

Document Title:
===============
Teampass v2.1.26 - Stored Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1845

Release Date:
=============
2016-05-24

Vulnerability Laboratory ID (VL-ID):
====================================
1845

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:...

Teampass v2.1.25 - Unauthenticated Access Vulnerability

25 May, 2016 - 03:48

Posted by Vulnerability Lab on May 25

Document Title:
===============
Teampass v2.1.25 - Unauthenticated Access Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1844

Release Date:
=============
2016-05-18

Vulnerability Laboratory ID (VL-ID):
====================================
1844

Common Vulnerability Scoring System:
====================================
6.8

Product & Service Introduction:...

Teampass v2.1.25 - Arbitrary File Download Vulnerability

25 May, 2016 - 03:47

Posted by Vulnerability Lab on May 25

Document Title:
===============
Teampass v2.1.25 - Arbitrary File Download Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1843

Release Date:
=============
2016-05-17

Vulnerability Laboratory ID (VL-ID):
====================================
1843

Common Vulnerability Scoring System:
====================================
8.1

Product & Service Introduction:...

MSA-2016-01: PowerFolder Remote Code Execution Vulnerability

24 May, 2016 - 04:00

Posted by Advisories Advisories on May 24

Mogwai Security Advisory MSA-2016-01
----------------------------------------------------------------------
Title: PowerFolder Remote Code Execution Vulnerability
Product: PowerFolder Server
Affected versions: 10.4.321 (Linux/Windows) (Other version might be also
affected)
Impact: high
Remote: yes
Product link: https://www.powerfolder.com
Reported: 02/03/2016
by:...

poisoning / hijacking DNS locally of a third party domain: in shared and custom web hosting and in ISP, in automated /custom control panel software

23 May, 2016 - 11:11

Posted by Bipin Gautam on May 23

Hi,

vulnerability summary : a design / process flaw

Severity : Moderate / High

In most automated control pannel software, for shared and custom web
hosting and in ISP, anyone can register / signup any domain after you
have a paid account for website hosting

- and the dns record of the added domain gets synced indiscriminately
in the local / ISP master DNS name server /resolver (for that
webhosting and ISP locally)

when any local website in...

MediaLink router MWN-WAPR300N - Several Vulnerabilities

23 May, 2016 - 11:11

Posted by David Spector on May 23

*MediaLink router MWN-WAPR300N - Several Vulnerabilities*

The vulnerabilities reported here are for the firmware version currently
being shipped by Amazon.com. This is hardware version 2.0, firmware
version V5.07.51_en_MDL01 . I have no knowledge of the behavior of
previous versions of this router. U.S. CERT/CC states that the
vulnerabilities I am reporting here have not previously been reported to
them.

*About*

The MediaLink wireless...

[RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries

23 May, 2016 - 11:11

Posted by Julien Ahrens on May 23

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Postfix Admin
Vendor URL: sourceforge.net/projects/postfixadmin/
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-04-23
Date published: 2016-05-21
CVSSv3 Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien...

Multiple Reflected XSS vulnerabilities in Infobae Website

23 May, 2016 - 11:11

Posted by Niemand Nie on May 23

ADVISORY INFORMATION

===================

Title: Multiple Reflected XSS vulnerabilities in Infobae Website
Date published: 2016-20-05
Vendors contacted: No answer received
Vendors website: http://www.infobae.com/
Discovered by: Joel Noguera [Independent Security Researcher]
Severity: Medium

AFFECTED PRODUCT

===================
Infobae it is a website of a famous newspaper from Argentina. It is well
known and has thousand of readers per day....

Linknat VOS2009/VOS3000 SQL injection

23 May, 2016 - 11:11

Posted by Osama Khalid on May 23

A SQL injection was found in Linknat VOS3000/VOS2009, a popular VoIP
softswitch, that could allow remote attackers to gain access to the
credentials stored in plain-text.

Application: Linknat VOS3000/VOS2009
Versions Affected: 2.1.1.5, 2.1.1.8, 2.1.2.0
Vendor URL: http://www.linknat.com/
Bug: SQLi (with DBA privileges)
Type: Remote
Resolution: Fixed, upgrade to 2.1.2.4
Reference: WooYun-2015-145458 -...

[ERPSCAN-16-011] SAP NetWeaver AS JAVA – SQL injection vulnerability

23 May, 2016 - 11:08

Posted by ERPScan inc on May 23

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: SQL injection

Send: 04.12.2015

Reported: 04.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2101079

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA – SQL injection vulnerability

Advisory...