Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 9 min 41 sec ago

SQL Injection Vulnerabilities found in European Commisssion & European Parliament

8 June, 2016 - 09:55

Posted by Vulnerability Lab on Jun 08

Press|News: (SecurityWeek) Researchers have discovered several SQL
injection vulnerabilities in the websites of the European Parliament and
the European Commission — both hosted on the official domain of the
European Union (europa.eu).

URL:
http://www.securityweek.com/sql-injection-flaws-found-european-union-websites

Microsoft Education - Code Execution Vulnerability

7 June, 2016 - 10:15

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Microsoft Education - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1669

MSRC Case: 32314
TRK: 0001002809

Research Article: http://www.kieranclaessens.be/uncategorized/microsoft-education-remote-code-execution/

Release Date:
=============
2016-06-07

Vulnerability Laboratory ID (VL-ID):
====================================
1669...

Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability

7 June, 2016 - 10:14

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1854

Release Date:
=============
2016-06-07

Vulnerability Laboratory ID (VL-ID):
====================================
1854

Common Vulnerability Scoring System:
====================================
7.5

Product & Service Introduction:...

Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability

7 June, 2016 - 10:12

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1855

Release Date:
=============
2016-06-06

Vulnerability Laboratory ID (VL-ID):
====================================
1855

Common Vulnerability Scoring System:
====================================
2.5

Product & Service Introduction:...

Mapbox (API) - Filter Bypass & Persistent Vulnerability

7 June, 2016 - 10:09

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Mapbox (API) - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1787

ID: #119802

Release Date:
=============
2016-06-06

Vulnerability Laboratory ID (VL-ID):
====================================
1787

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...

XML External Entity XXE vulnerability in OpenID component of Liferay

2 June, 2016 - 18:30

Posted by Sandro Gauci on Jun 02

# XML External Entity XXE vulnerability in OpenID component of Liferay

- Author: Sandro Gauci <sandro () enablesecurity com>
- Vulnerable version: Liferay 6.2.3 CE GA4 and earlier
- Liferay reference: LPS-58014
- Advisory URL:
<https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-liferay-xxe>
- Timeline:
- Report date: March 16 2015
- Liferay patch: August 26 2015
- Liferay advisory: January 18...

rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion

2 June, 2016 - 18:30

Posted by Gregory Pickett on Jun 02

Title
===================
rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion

Summary
===================
rConfig, the open source network device configuration management tool, is vulnerable to local file inclusion in
/lib/crud/downloadFile.php. downloadFile.php allows authenticated users to download any file on the server.

Affected Products
===================
rConfig 3.1.1 and earlier...

Multiple XSS in Babylon

2 June, 2016 - 18:30

Posted by Francisco Javier Santiago Vázquez on Jun 02

I. VULNERABILITY
-------------------------
Vulnerability Cross-Site Scripting (XSS)

II. PROOF OF CONCEPT
-------------------------*URL: *

1. http://espanol.babylon-software.com/bht/index.html?trid=
2. http://traductor.babylon-software.com/ingles/a-espanol/
3. http://traduccion.babylon-software.com/?trid=

*Vector:* <img src=1 onerror=alert("n0ipr0cs");>/

*State:* unpathed

III. SYSTEMS AFFECTED...

Nagios XI Multiple Vulnerabilities

2 June, 2016 - 18:29

Posted by Francesco Oddo on Jun 02

( , ) (,
. '.' ) ('. ',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_=''"''=....

Force allow access button to Bypass windows firewall

2 June, 2016 - 18:29

Posted by Raiden lol on Jun 02

Title: Force allow access to Bypass windows firewall
Vulnerability: Missing Authorization
Wednesday, May 18, 2016
Credit: CoolerVoid

Technical Details
===========
Windows has the function *SendInput()*
<https://msdn.microsoft.com/pt-br/library/windows/desktop/ms646310%28v=vs.85%29.aspx>
to
simulate a keystroke. This function accepts as argument an array of INPUT
structures. The INPUT structures can be either a mouse or a keyboard event....

SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway

2 June, 2016 - 07:34

Posted by SEC Consult Vulnerability Lab on Jun 02

SEC Consult Vulnerability Lab Security Advisory < 20160602-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Ubee EVW3226 Advanced wireless voice gateway
vulnerable version: Firmware EVW3226_1.0.20
fixed version: -
CVE number: -
impact: critical
homepage: http://www.ubeeinteractive.com...

Joomla SecurityCheck extension - Multiple vulnerabilities

1 June, 2016 - 10:00

Posted by Gökmen GÜREŞÇİ on Jun 01

Information
------------------------------
Advisory by ADEO Security Team
Name: Stored XSS and SQL Injection in Joomla SecurityCheck extension
Affected Software : SecurityCheck and SecurityCheck Pro
Vulnerable Versions: 2.8.9 (possibly below)
Vendor Homepage : https://securitycheck.protegetuordenador.com
Vulnerabilities Type : XSS and SQL Injection
Severity : High
Status : Fixed

Technical Details
------------------------------
PoC URLs for SQL...

CVE-2016-3670 Stored Cross Site Scripting in Liferay CE

1 June, 2016 - 10:00

Posted by Fernando Camara on Jun 01

Fernando Câmara @ Integrity S.A
www.integrity.pt
https://twitter.com/overflowy

https://labs.integrity.pt/advisories/cve-2016-3670/

---

CVE-2016-3670 Stored Cross Site Scripting in Liferay CE

1. Vulnerability Properties

Title: Stored Cross-Site Scripting Liferay CE
CVE ID: CVE-2016-3670
CVSSv3 Base Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Vendor: Liferay Inc
Products: Liferay
Advisory Release Date: 27 May 2016
Advisory URL:...

Keystone Assembler Engine is out!

1 June, 2016 - 10:00

Posted by Nguyen Anh Quynh on Jun 01

Greetings,

We are very excited to announce the first public release of Keystone
Engine, the multi-arch, multi-platform, multi-bindings assembler framework
you are all longing for!

Keystone Engine offers some unparalleled features:

- Multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon,
Mips, PowerPC, Sparc, SystemZ & X86 (include 16/32/64bit).
- Clean/simple/lightweight/intuitive architecture-neutral API.
- Implemented...

XSS in CMSimple <= v4.6.2

1 June, 2016 - 10:00

Posted by Manuel Garcia Cardenas on Jun 01

=============================================
MGC ALERT 2016-004
- Original release date: May 28, 2016
- Last revised: June 1, 2016
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
-------------------------
Reflected XSS in CMSimple <= v4.6.2

II. BACKGROUND
-------------------------
CMSimple is a php based Content Managemant System (CMS) , which...

MitM Attack against KeePass 2's Update Check

1 June, 2016 - 10:00

Posted by Bogner Florian on Jun 01

MitM Attack against KeePass 2's Update Check

Metadata
===================================================
Release Date: 02-03-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: all tested version up to the current 2.33
Tested on: Windows 7
CVE : CVE-2016-5119
URL: https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Video: https://youtu.be/gOxcQSbpA-Q
Vulnerability Status:...

Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes!

1 June, 2016 - 10:00

Posted by Francisco Amato on Jun 01

A brand new Faraday version is ready! Faraday v1.0.20 is here,
bringing more functionality to our GTK interface and other cool new
features.

If you've been keeping up with Faraday, on our last release
http://blog.infobytesec.com/2016/04/prepare-warm-welcome-for-faraday-v1019.html
we published a new experimental GTK interface. In this iteration we
added several missing features and fixed a lot of small bugs.

You will probably notice the...

Defense in depth -- the Microsoft way (part 40): seven+ year old "blended" threat still alive and kicking

1 June, 2016 - 09:57

Posted by Stefan Kanthak on Jun 01

Hi @ll,

a looong time ago Microsoft "addressed" a so called "blended"
threat: Internet Explorer loaded and executed DLLs placed on
the user's desktop.

See <https://technet.microsoft.com/en-us/library/953818>
(titled "Blended Threat from Combined Attack Using Apple's
Safari on the Windows Platform") plus
<...

[RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution

31 May, 2016 - 06:53

Posted by RedTeam Pentesting GmbH on May 31

Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager
may Lead to Remote Command Execution

A vulnerability within the Relay Ajax Directory Manager web application
allows unauthenticated attackers to upload arbitrary files to the web
server running the web application.

Details
=======

Product: Relay Ajax Directory Manager
Affected Versions: relayb01-071706, 1.5.1, 1.5.3 were tested, other
versions...

[RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow

31 May, 2016 - 06:51

Posted by RedTeam Pentesting GmbH on May 31

Advisory: Websockify: Remote Code Execution via Buffer Overflow

RedTeam Pentesting discovered a buffer overflow vulnerability in the C
implementation of Websockify, which allows attackers to execute
arbitrary code.

Details
=======

Product: Websockify C implementation
Affected Versions: all versions <= 0.8.0
Fixed Versions: versions since commit 192ec6f (2016-04-22) [0]
Vulnerability Type: Buffer Overflow
Security Risk: high
Vendor URL:...