Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 12 min 54 sec ago

ObiHai ObiPhone - Multiple Vulnerabilities

22 August, 2016 - 10:59

Posted by David Tomaschik on Aug 22

ObiHai ObiPhone - Multiple Vulnerabilities
------------------------------------------

Introduction
============
Multiple vulnerabilities were discovered in the web management
interface of the ObiHai ObiPhone products. The Vulnerabilities were
discovered during a black box security assessment and therefore the
vulnerability list should not be considered exhaustive.

Affected Devices and Versions
=============================
ObiPhone 1032/1062...

New release: UFONet v0.7 - "Big Crunch!"

22 August, 2016 - 10:59

Posted by psy on Aug 22

Hi FD,

I am glad to present a new release of this tool.

http://ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct
different attacks using; GET/POST, multithreading, proxies, origin
spoofing methods, cache evasion techniques, etc.

---------

Screenshots:

http://ufonet.03c8.net/ufonet/ufonet-gui.png

http://ufonet.03c8.net/ufonet/ufonet-gui4.png

---------

Video:...

The continuing problem of a third party resources in web applications.

22 August, 2016 - 10:59

Posted by x ksi on Aug 22

$ cat ./3rdparty.txt

Release (08.06.2015): Writeup with PHP PoC released

Update #1 (04.02.2016): JavaScript PoC created

Update #2 (16.06.2016): W3C SRI information added

Update #3 (01.08.2016): Added reference about the AdGholas

Update #4 (20.08.2016): Added reference about D. Trump site

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT

22 August, 2016 - 10:59

Posted by Mevied, Matias on Aug 22

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information
disclosure in EXPORT

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could access business
information indexed by the SAP system.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-038
- Onapsis SVS ID: ONAPSIS-00235
- CVE:...

Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write

22 August, 2016 - 10:59

Posted by Gary Baribault on Aug 22

Hey Onapsis, you are copying and pasting a timeline with errors in it.

Gary B

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

22 August, 2016 - 10:59

Posted by Justin Bull on Aug 22

Good evening everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
1.2.0 - 4.1.0 (all versions but latest patch supporting token revocation)

Fixed Versions:
-------------
4.2.0 or apply this commit[0]

Problem:
--------
Doorkeeper failed to implement OAuth...

Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform

22 August, 2016 - 10:59

Posted by Francisco Amato on Aug 22

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

New BlackArch Linux ISOs (2016.08.19) released

22 August, 2016 - 10:56

Posted by Black Arch on Aug 22

Dear list,

We've released the new BlackArch Linux ISOs along with many
improvements. They include more than 1500 tools now. The armv6h and
armv7h repositories are filled with about 1400 tools.

A short ChangeLog of the Live-ISOs:

- updated the BlackArch Linux installer
- include linux kernel 4.7.1
- added more than 100 new tools
- updated all blackarch tools
- updated all system packages
- updated menu entries for the...

Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability

22 August, 2016 - 08:02

Posted by Vulnerability Lab on Aug 22

Document Title:
===============
Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1923

Release Date:
=============
2016-08-22

Vulnerability Laboratory ID (VL-ID):
====================================
1923

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...

phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability

22 August, 2016 - 08:00

Posted by Vulnerability Lab on Aug 22

Document Title:
===============
phpCollab v2.5 CMS - Privilege Escalate CSRF Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1911

Release Date:
=============
2016-08-17

Vulnerability Laboratory ID (VL-ID):
====================================
1911

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...

AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability

22 August, 2016 - 07:58

Posted by Vulnerability Lab on Aug 22

Document Title:
===============
AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1920

Release Date:
=============
2016-08-22

Vulnerability Laboratory ID (VL-ID):
====================================
1920

Common Vulnerability Scoring System:
====================================
6.3

Product & Service Introduction:...

ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability

22 August, 2016 - 07:56

Posted by Vulnerability Lab on Aug 22

Document Title:
===============
ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1909

Release Date:
=============
2016-08-16

Vulnerability Laboratory ID (VL-ID):
====================================
1909

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Path traversal vulnerability in WordPress Core Ajax handlers

20 August, 2016 - 04:04

Posted by Summer of Pwnage on Aug 20

------------------------------------------------------------------------
Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A path traversal vulnerability was found in the Core Ajax...

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT

19 August, 2016 - 11:38

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information
disclosure in EXPORT

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could access business
information indexed by the SAP system.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-038
- Onapsis SVS ID: ONAPSIS-00235
- CVE:...

Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption

19 August, 2016 - 10:24

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-040
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution

19 August, 2016 - 10:19

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote
Code Execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-037
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution

19 August, 2016 - 10:15

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-034
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer

19 August, 2016 - 10:13

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information
Disclosure in NameServer

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could discover
information relating to servers. This information could be used to
allow the attacker to specialize their attacks.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
-...

Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure

19 August, 2016 - 10:11

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure

1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could obtain valid usernames that could be helpful to support more
complex attacks.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-027
-...

Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack

19 August, 2016 - 10:09

Posted by Onapsis Research on Aug 19

Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute
force attack

1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could get high privilleges on the HANA system with unrestricted
access to any business information.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory...