Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 2 min 29 sec ago

SEC Consult SA-20181130-0 :: Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope

30 November, 2018 - 07:11

Posted by SEC Consult Vulnerability Lab on Nov 30

SEC Consult Vulnerability Lab Security Advisory < 20181130-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Siglent Technologies SDS 1202X-E Digital Oscilloscope
vulnerable version: V5.1.3.13
fixed version: -
CVE number: -
impact: High
homepage: http://siglenteu.com/...

CVE-2018-19754 - Security Bypass Access Control Vulnerability in Tarantella Enterprise before 3.11

30 November, 2018 - 03:35

Posted by Rafael Pedrero on Nov 30

Vulnerability found in 2009.

<!--
# Exploit Title: Security Bypass Access Control Vulnerability in Tarantella
Enterprise before 3.11
# Date: 30-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: Homepage: http://www.sun.com/ & http://www.oracle.com/
# Software Link: the product is discontinued (vulnerability found in 2009)
# Version: Tarantella Enterprise before 3.11
# Tested on: All
# CVE : CVE-2018-19754
# Category: webapps

1....

CVE-2018-19753 - Directory Traversal in Tarantella Enterprise before 3.11

30 November, 2018 - 03:35

Posted by Rafael Pedrero on Nov 30

Vulnerability found in 2009.

<!--
# Exploit Title: Directory Traversal in Tarantella Enterprise before 3.11
# Date: 30-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: Homepage: http://www.sun.com/ & http://www.oracle.com/
# Software Link: the product is discontinued (vulnerability found in 2009)
# Version: Tarantella Enterprise before 3.11
# Tested on: All
# CVE : CVE-2018-19753
# Category: webapps

1. Description

Tarantella...

CVE-2017-9732: knc (kerberized netcat) memory exhaustion

30 November, 2018 - 03:34

Posted by Imre Rad on Nov 30

Product:
"KNC is Kerberised NetCat. It works in basically the same way as either
netcat or stunnel except that it is uses GSS-API to secure the
communication. You can use it to construct client/server applications while
keeping the Kerberos libraries out of your programs address space quickly
and easily."

Official page:
http://oskt.secure-endpoints.com/knc.html

Source code repository:
https://github.com/elric1/knc/

Vulnerability:
knc...

Multiple OS Command Injection in Moxa NPort W2x50A products

30 November, 2018 - 03:33

Posted by Maxim Khazov via Fulldisclosure on Nov 30

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS
Command Injection vulnerabilities:

#1 Authenticated OS Command Injection in web server ping functionality

Reserverd CVE ID: CVE-2018-19659

A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root
user. Exploitation required authentication. This is similar to...

New BlackArch Linux ISOs + OVA Image (2018.12.01) with more than 2050 Tools Released.

30 November, 2018 - 03:33

Posted by Black Arch on Nov 30

Black Arch <blackarchlinux () gmail com>
Thu, May 31, 12:47 AM
to fulldisclosure

Dear list,

We've released the new BlackArch Linux ISOs and OVA image (version:
2018.12.01) along with many many improvements. They include more than
2050 tools now. The armv6h, armv7h and aarch64 repositories are filled
with about 1950 tools.

A ChangeLog of the Live-ISO-2018.12.01:

- added more than 150 new tools
- enabled wicd service by default...

CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1

28 November, 2018 - 01:46

Posted by Rafael Pedrero on Nov 27

<!--
# Exploit Title: Impersonation may lead to incorrect user context in Remedy
AR System Server in BMC Remedy 7.1
# Date: 23-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.bmc.com/
# Software Link: http://www.bmc.com/
# Version: Impersonation may lead to incorrect user context in Remedy AR
System Server in BMC Remedy 7.1
# Tested on: all
# CVE : 1CVE-2018-19505
# Category: webapps

1. Description

Remedy AR System...

XSS Fuzzer

28 November, 2018 - 01:46

Posted by Poyo VL via Fulldisclosure on Nov 27

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on
user-defined vectors using multiple placeholders which are replaced with fuzzing lists.
It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside
iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.
XSS Fuzzer is a...

It is not a vulnerability. It is a feature. A Zendesk customer? Act now!

28 November, 2018 - 01:44

Posted by Eitan Caspi via Fulldisclosure on Nov 27

Original, as HTML with images, was posted at LinkedIn -
https://www.linkedin.com/pulse/vulnerability-feature-zendesk-customer-act-now-eitan-caspi/And also at my security blog
- https://fudie.net/it-is-not-a-vulnerability-it-is-a-feature-a-zendesk-customer-act-now/

I am not a Zendesk expert but I have seen enough. Here is my story.
The short version:
If in your ZD settings the check box of “Require authentication to download” (in the site...

[CORE-2018-0011] - Cisco WebEx Meetings Elevation of Privilege Vulnerability

28 November, 2018 - 01:44

Posted by advisories on Nov 27

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

Cisco WebEx Meetings Elevation of Privilege Vulnerability

1. *Advisory Information*

Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability
Advisory ID: CORE-2018-0011
Advisory URL: http://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability
Date published: 2018-11-27
Date of last update: 2018-11-27
Vendors contacted: Cisco
Release...

CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 4.4; Build: 20080807152602

23 November, 2018 - 13:47

Posted by Rafael Pedrero on Nov 23

<!--
# Exploit Title: Cross Site Scripting in Oracle Secure Global Desktop
Administration Console - 4.4; Build: 20080807152602
# Date: 22-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.oracle.com/
# Software Link: http://www.oracle.com/
# Version: Oracle Secure Global Desktop Administration Console - 4.4;
Build: 20080807152602
# Tested on: all
# CVE : CVE-2018-19439
# Category: webapps

1. Description

Cross Site...

CVE-2010-1910 - Multiple Consona Products Password Reset Security Bypass Vulnerability

23 November, 2018 - 13:47

Posted by Rafael Pedrero on Nov 23

Hi!!

8 years ago, I discovered this vulnerability, CVE-2010-1910, and now, you
can see the details.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1910

The login page, "/sdcxuser/asp/login.asp", had a commented access to the
page that allowed to change the password of any user, with a link with text
"Forgot your password".

The link that had the vulnerability was: "/adccommonn/asp/forgotpass.asp".

You...

SEC Consult SA-20181121-0 :: Signature Bypass / Authentication Bypass in Governikus Autent SDK

21 November, 2018 - 08:04

Posted by SEC Consult Vulnerability Lab on Nov 21

An additional blog post has been published on this topic as well:

English version: https://r.sec-consult.com/governikus

German version: https://r.sec-consult.com/gov

SEC Consult Vulnerability Lab Security Advisory < 20181121-0 >
=======================================================================
title: Signature Bypass / Authentication Bypass
product: Governikus Autent SDK
vulnerable version: <=3.8.1...

SEC Consult SA-20181116-0 :: Multiple critical vulnerabilities in Miss Marple Enterprise Edition

21 November, 2018 - 03:54

Posted by SEC Consult Vulnerability Lab on Nov 21

SEC Consult Vulnerability Lab Security Advisory < 20181116-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Miss Marple Enterprise Edition
vulnerable version: <2.0
fixed version: 2.0
CVE number: CVE-2018-19233, CVE-2018-19234
impact: Critical
homepage: www.comparex-group.com
found:...

SEC Consult SA-20181114-0 :: Denial of Service in Microsoft Skype for Business

21 November, 2018 - 03:54

Posted by SEC Consult Vulnerability Lab on Nov 21

SEC Consult Vulnerability Lab Security Advisory < 20181114-0 >
=======================================================================
title: Denial of Service
product: Microsoft Skype for Business 2016 / Lync 2013
vulnerable version: Microsoft Skype for Business 2015 (Lync 2013) before
v15.0.5075.1000
Skype for Business 2016: before v16.0.4756.1000
fixed version:...

Carolina Con CFP

20 November, 2018 - 15:33

Posted by Trvon via Fulldisclosure on Nov 20

We are pleased to announce that Carolina Con 15 will be hosted in Charlotte at the Renaissance Charlotte Suites April
26th through the 28th in 2019.

All interested in speaking to any topic in the realm of hacking, technology, science, robotics or any related field are
invited to submit a proposal to speak at the con.

A proposal should include the following:

- Name or handle/alias
- Presentation name
- A brief abstract about 1-2 paragraphs
-...

Escalation of privilege with Intel Rapid Storage User Interface

20 November, 2018 - 15:32

Posted by Stefan Kanthak on Nov 20

Hi @ll,

this is the second part of
<https://seclists.org/fulldisclosure/2018/Nov/45>

Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver
for Windows 10 and Windows Server 2016, version 16.0.2.1086 (Latest),
released 2/21/2018, available from
<https://downloadcenter.intel.com/download/27681/Intel-Rapid-Storage-Technology-Intel-RST-User-Interface-and-Driver>,
as well as the previous version 15.9.0.1015 (Previously...

DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

20 November, 2018 - 15:32

Posted by secure on Nov 20

Hash: SHA256

DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

Dell EMC Identifier: DSA-2018-155

CVE Identifier: CVE-2018-11077

Severity: Medium

Severity Rating: CVSS v3 Base Score 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected products:

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1

Dell EMC Integrated Data Protection Appliance...

DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability

20 November, 2018 - 15:32

Posted by secure on Nov 20

DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability

Dell EMC Identifier: DSA-2018-154

CVE Identifier: CVE-2018-11076

Severity: High

Severity Rating:
CVSS v3 Base Score: 7.9 (AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

Affected products:
Dell EMC Avamar Server 7.2.0 and 7.2.1
Dell EMC Avamar Server 7.3.0 and 7.3.1
Dell EMC Avamar Server 7.4.0 and 7.4.1
Dell EMC Integrated Data Protection...

DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities

20 November, 2018 - 15:32

Posted by secure on Nov 20

DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities

Dell EMC Identifier: DSA-2018-145

CVE Identifier: CVE-2018-11066, CVE-2018-11067

Severity: Critical

Severity Rating: See Details section below of individual CVSS Scores for each CVE

Affected products:
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1
Dell EMC Integrated Data Protection Appliance (IDPA) 2.0, 2.1 and 2.2

Summary:
Dell EMC...