Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 8 min 15 sec ago

[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability

15 July, 2016 - 10:15

Posted by ERPScan inc on Jul 15

Application: SAP xMII

Versions Affected: SAP xMII 15

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2201295

Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP xMII – Reflected XSS vulnerability

Advisory ID: [ERPSCAN-16-021]

Risk: medium

Advisory...

[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability

15 July, 2016 - 10:15

Posted by ERPScan inc on Jul 15

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA UDDI component – XXE vulnerability

Advisory ID: [ERPSCAN-16-020]

Risk:...

[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability

15 July, 2016 - 10:15

Posted by ERPScan inc on Jul 15

Application: SAP NetWeaver Enqueue Server

Versions Affected: SAP NetWeaver Enqueue Server 7.4

Vendor URL: http://SAP.com

Bug: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2258784

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver Enqueue Server – DoS vulnerability

Advisory ID:...

Cross-Site Scripting vulnerability in Google Forms WordPress Plugin

13 July, 2016 - 13:39

Posted by Summer of Pwnage on Jul 13

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...

Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin

13 July, 2016 - 13:39

Posted by Summer of Pwnage on Jul 13

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in WP No External Links WordPress
Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found...

Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress

13 July, 2016 - 13:38

Posted by Summer of Pwnage on Jul 13

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for
WordPress
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was...

Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin

13 July, 2016 - 13:37

Posted by Summer of Pwnage on Jul 13

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in...

Hpak - package manager for pentesters. Release announcement

12 July, 2016 - 18:41

Posted by Hypsurus on Jul 12

Hi all!

I am happy to announce hpak 1.0!
(https://github.com/Hypsurus/hpak)

hpak is package manager for pentesters with web-interface:
(https://hypsurus.github.io/hpak)

I created this project for my needs but now the source code is open under GPL license.
We need to create more packages for hpak, I hope the community will help!

Thank you!
---  hypsurus

[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting

12 July, 2016 - 18:41

Posted by Julien Ahrens on Jul 12

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N)
CVE: CVE-2016-5005

2. CREDITS
==========
This vulnerability was discovered and researched by...

[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries

12 July, 2016 - 18:41

Posted by Julien Ahrens on Jul 12

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
CVE: CVE-2016-4469

2. CREDITS
==========
This vulnerability was discovered and researched...

WSO2 SOA Enablement Server - Reflected Cross Site Scripting vulnerability

12 July, 2016 - 18:41

Posted by Paweł Gocyla on Jul 12

Title: WSO2 SOA Enablement Server - Reflected Cross Site Scripting
Authors: Pawel Gocyla
Date: 08. June 2016

Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Vulnerability:
**************

Reflected Cross Site Scripting:
==============================

Proof of Concept:
https://WSO2SOA_IP:6443/invocationConsole?p.wsdlUrl=...

WSO2 SOA Enablement Server - XML External Entity Injection

12 July, 2016 - 18:41

Posted by Paweł Gocyla on Jul 12

Title: WSO2 SOA Enablement Server - XML External Entity Injection
Authors: Pawel Gocyla, Jakub Palaczynski
Date: 08. June 2016

Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Vulnerability:
**************

XML External Entity Injection:
==============================

It must be noted that this vulnerability is exploitable without...

WSO2 SOA Enablement Server - Server Side Request Forgery

12 July, 2016 - 18:41

Posted by Paweł Gocyla on Jul 12

Title: WSO2 SOA Enablement Server - Server Side Request Forgery
Authors: Pawel Gocyla
Date: 10. June 2016

Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Vulnerability:
**************

Server Side Request Forgery (SSRF):
===================================

Using this vulnerability it is possible for example to expose service user
credentials....

RCE by abusing NAC to gain Domain Persistence.

12 July, 2016 - 18:41

Posted by Alexander Korznikov on Jul 12

link:
http://www.korznikov.com/2016/07/rce-by-abusing-nac-to-gain-domain.html

Hi there!
I want to share how to compromise whole enterprise network in less than ONE
minute :)

Let's begin... As security consultants, we often advice to our clients to
implement Network Access Control systems to prevent some nasty people to do
their nasty things...

This article is not about how to bypass Network Access Control systems, but
if you're...

RootExplorer remote code execution

12 July, 2016 - 18:41

Posted by 0x3d5157636b525761 iddqd on Jul 12

Disclosure timeline
=====================
June 11th: discovered issues.
June 12th: contacted App developer.
June 12th: App developer replies that the new App is not ready yet, but
will not download assets from HTTP.
June 13th: asked how much time it'll take to fix, App developer didn't
respond.
July 2nd: App developer queried again, but failed to respond.
July 8th: App developer got his 3rd notice, but failed to respond.
July 9th: full...

[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers

12 July, 2016 - 18:38

Posted by Stefan Kanthak on Jul 12

Hi @ll,

the executable installers of Flash Player released 2016-06-15
fixed CVE-2016-1014 in the second attempt, but another vulnerability
remained: they create(d) and use(d) UNSAFE temporary subdirectories
into which they copy/ied themselves and extract(ed) a file "fpb.tmp"
which they load(ed) and execute(d) later with elevated privileges.

An unprivileged user can/could overwrite both files between creation
and execution and gain...

Easy Forms for MailChimp Local File Inclusion vulnerability

12 July, 2016 - 11:38

Posted by Summer of Pwnage on Jul 12

------------------------------------------------------------------------
Easy Forms for MailChimp Local File Inclusion vulnerability
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that the Easy Forms for MailChimp WordPress...

WP Fastest Cache Member Local File Inclusion vulnerability

12 July, 2016 - 11:37

Posted by Summer of Pwnage on Jul 12

------------------------------------------------------------------------
WP Fastest Cache Member Local File Inclusion vulnerability
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that the WP Fastest Cache WordPress plugin is...

Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin

12 July, 2016 - 11:37

Posted by Summer of Pwnage on Jul 12

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in...

Cross-Site Scripting vulnerability in Master Slider WordPress Plugin

12 July, 2016 - 11:36

Posted by Summer of Pwnage on Jul 12

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...