Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 16 min 48 sec ago

Stack Overflow in BLAT

16 June, 2016 - 10:36

Posted by vishnu raju on Jun 16

Hi Hackers,

Greetings from Vishnu (@dh4wk)

1. Vulnerable Product Version:

*Blat v3.2.14*
Link: blat.net

2. Vulnerability Information

Impact: Attacker may gain administrative access / can perform a DOS

Remotely Exploitable: No

Locally Exploitable: May be possible

3. Product Details

An open source Windows (32 & 64 bit) command line SMTP mailer. We can use
it to automatically email logs, the contents of a html FORM, or...

Papouch TME Temperature & Humidity Thermometers - Multiple Vulnerabilities

16 June, 2016 - 10:35

Posted by Karn Ganeshen on Jun 16

+++++
*Vulnerable Products*
1. Papouch TME Ethernet thermometer
2. Papouch TME multi: Temperature and humidity via Ethernet

*All versions affected*

*TME - Ethernet Thermometer*
http://www.papouch.com/en/shop/product/tme-ip-ethernet-thermometer/

*TME multi: Temperature and humidity via Ethernet*
http://www.papouch.com/en/shop/product/tme-multi-temperature-humidity-via-ethernet/

*Vulnerability Details*

*1. Weak Credentials Management*

Device...

HP StoreEver MSL6480 Tape Library v4.10 - Multiple Vulnerabilities

16 June, 2016 - 10:35

Posted by Karn Ganeshen on Jun 16

*HP StoreEver MSL6480 Tape Library v4.10 - Multiple Vulnerabilities*

*Confirmed on firmware version 4.10*

*HPE PSRT response*: Upgrade to MSL6480 is 4.90 (current version)

*Weak Credentials Management*

The device comes with weak, default login credentials - security/security -
and the application does not enforce a mandatory, password change from
default to strong password values.

*Access Control Issues*

An unauthenticated user can download...

Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0)

16 June, 2016 - 10:35

Posted by Ian Ling on Jun 16

[+] Credits: Ian Ling
[+] Website: iancaling.com

Vendor:
=================
www.ceragon.com

Product:
======================
-FibeAir IP-10

Vulnerability Type:
===================
Default Root Account

CVE Reference:
==============
N/A

Vulnerability Details:
=====================
Ceragon FibeAir IP-10 devices do not properly ensure that a user has
authenticated before granting them access to the web interface of the
device. The attacker simply...

Blindspot Advisory: HTTP Header Injection in Python urllib

16 June, 2016 - 10:35

Posted by Timothy D. Morgan on Jun 16

Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x)
is vulnerable to protocol stream injection attacks (a.k.a. "smuggling"
attacks) via the http scheme. If an attacker could convince a Python
application using this library to fetch an arbitrary URL, or fetch a
resource from a malicious web server, then these injections could
allow for a great deal of access to certain internal services.

URLs of...

Microsoft Visio multiple DLL side loading vulnerabilities

15 June, 2016 - 11:29

Posted by Securify B.V. on Jun 15

------------------------------------------------------------------------
Microsoft Visio multiple DLL side loading vulnerabilities
------------------------------------------------------------------------
Yorick Koster, August 2015

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple DLL side loading vulnerabilities were found in...

Face Authentication Bypassing – KeyLemon

15 June, 2016 - 09:26

Posted by omarbv on Jun 15

Application
-----------
KeyLemon offers convenient, secure and continuous biometric
authentication solutions based on face and speaker recognition.

To improve robustness to illumination and pose, as well as to provide
enhanced security against photo/video spoofing attacks, KeyLemon's
latest face recognition algorithms take full benefit of 3D depth sense
cameras by efficiently combining depth, near-infrared and color
information....

Siklu EtherHaul Hidden ‘root’ Account

15 June, 2016 - 09:26

Posted by Ian Ling on Jun 15

[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/145309944453/

Vendor:
=================
www.siklu.com/

Product:
======================
-EtherHaul EH-1200F/FX/TX, EH-2200F/FX, EH-600T/TL
-EtherHaul EH-1200/TL

Vulnerability Type:
===================
Default Root Account

CVE Reference:
==============
N/A

Vulnerability Details:
=====================

Siklu EtherHaul radios have a built-in, hidden root...

CVE-2016-3642 - Java Deserialization in Solarwinds Virtualization Manager 6.3.1

15 June, 2016 - 09:26

Posted by Nate Kettlewell on Jun 15

Java Deserialization in Solarwinds Virtualization Manager 6.3.1

Product: Solarwinds Virtualization Manager
Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Deserialization of Untrusted Data [CWE-502]
CVE Reference: CVE-2016-3642
Risk Level: High
CVSSv2 Base Score: 10...

CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager

15 June, 2016 - 09:26

Posted by Nate Kettlewell on Jun 15

Product: Solarwinds Virtualization Manager

Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Security Misconfiguration
CVE Reference: CVE-2016-3643
Risk Level: High
CVSSv3 Base Score: 7.8...

[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers

15 June, 2016 - 09:25

Posted by Stefan Kanthak on Jun 15

Hi @ll,

<https://bugzilla.mozilla.org/show_bug.cgi?id=961676> should
have fixed CVE-2014-1520 in Mozilla's executable installers for
Windows ... but does NOT!

JFTR: this type of vulnerability (really: a bloody stupid trivial
beginner's error!) is well-known and well-documented as
<https://cwe.mitre.org/data/definitions/379.html>.

Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

0. download...

CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager

15 June, 2016 - 09:25

Posted by Nate Kettlewell on Jun 15

Product: Solarwinds Virtualization Manager

Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Security Misconfiguration
CVE Reference: CVE-2016-3643
Risk Level: High
CVSSv2 Base Score: 7.8...

Java Deserialization in Solarwinds Virtualization Manager 6.3.1

15 June, 2016 - 09:25

Posted by Nate Kettlewell on Jun 15

Java Deserialization in Solarwinds Virtualization Manager 6.3.1

Product: Solarwinds Virtualization Manager
Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Deserialization of Untrusted Data [CWE-502]
CVE Reference: CVE-2016-3642
Risk Level: High
CVSSv2 Base Score: 10...

FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

15 June, 2016 - 02:58

Posted by Vulnerability Lab on Jun 15

Document Title:
===============
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fortios-5.4.0-release-notes.pdf
Release Notes #2: http://docs.fortinet.com/uploaded/files/2861/fortios-v5.2.6-release-notes.pdf
Release Notes #3:...

CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder

14 June, 2016 - 08:55

Posted by ljj on Jun 14

Title: CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder
Author: lukasz.juszczyk at ingservicespolska.pl
Date: 25.03.2016

Affected software :
=============
nGrinder v3.3
http://naver.github.io/ngrinder/

Description :
=============
nGrinder is a platform for stress tests that enables you to execute script creation, test execution, monitoring, and
result report generator simultaneously. The open-source nGrinder offers easy...

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

14 June, 2016 - 08:07

Posted by Vulnerability Lab on Jun 14

Document Title:
===============
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852

Release Date:
=============
2016-05-25

Vulnerability Laboratory ID (VL-ID):
====================================
1852

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:...

Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability

13 June, 2016 - 11:51

Posted by Benjamin Gnahm on Jun 13

Blue Frost Security GmbH
https://www.bluefrostsecurity.de/
research(at)bluefrostsecurity.de
BFS-SA-2016-003
25-April-2016

nagios phishing vector & xss

13 June, 2016 - 11:51

Posted by randomsec guy on Jun 13

corewindow can be used to phish users:
http://jdoe:jdoe () nagioscore demos nagios com/nagios/index.php?corewindow=http://wikipedia.com

also to perform xss:
http://jdoe:jdoe () nagioscore demos nagios
com/nagios/index.php?corewindow=javascript://zz%250a;onload=alert(document.domain)//

FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability

13 June, 2016 - 09:50

Posted by Vulnerability Lab on Jun 13

Document Title:
===============
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1853

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
====================================
1853

Common Vulnerability Scoring System:
====================================
5.1

Product & Service Introduction:...

CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability

13 June, 2016 - 09:44

Posted by Vulnerability Lab on Jun 13

Document Title:
===============
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1856

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
====================================
1856

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...