Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 6 min 40 sec ago

SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr

25 July, 2016 - 04:02

Posted by SEC Consult Vulnerability Lab on Jul 25

SEC Consult Vulnerability Lab Security Advisory < 20160725-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus (former Novell) Filr Appliance
vulnerable version: Filr 2 <=2.0.0.421, Filr 1.2 <= 1.2.0.846
fixed version: Filr 2 v2.0.0.465, Filr 1.2 v1.2.0.871
CVE number: CVE-2016-1607, CVE-2016-1608, CVE-2016-1609...

Cross-Site Scripting in Code Snippets WordPress Plugin

24 July, 2016 - 10:59

Posted by Summer of Pwnage on Jul 24

------------------------------------------------------------------------
Cross-Site Scripting in Code Snippets WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A reflected Cross-Site Scripting (XSS) vulnerability has been found...

Cross-Site Scripting in Contact Form to Email WordPress Plugin

24 July, 2016 - 10:59

Posted by Summer of Pwnage on Jul 24

------------------------------------------------------------------------
Cross-Site Scripting in Contact Form to Email WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A reflected Cross-Site Scripting (XSS) vulnerability has...

Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF)

20 July, 2016 - 11:17

Posted by Summer of Pwnage on Jul 20

------------------------------------------------------------------------
Persistent Cross-Site Scripting in WooCommerce using image metadata
(EXIF)
------------------------------------------------------------------------
Han Sahin, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A persistent Cross-Site Scripting (XSS)...

Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin

20 July, 2016 - 11:17

Posted by Summer of Pwnage on Jul 20

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress
Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found...

Multiple SQL injection vulnerabilities in WordPress Video Player

19 July, 2016 - 14:57

Posted by Summer of Pwnage on Jul 19

------------------------------------------------------------------------
Multiple SQL injection vulnerabilities in WordPress Video Player
------------------------------------------------------------------------
David Vaartjes & Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that WordPress...

Cross-Site Request Forgery in Icegram WordPress Plugin

19 July, 2016 - 14:56

Posted by Summer of Pwnage on Jul 19

------------------------------------------------------------------------
Cross-Site Request Forgery in Icegram WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Request Forgery vulnerability was found in the Icegram...

Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin

19 July, 2016 - 11:40

Posted by Summer of Pwnage on Jul 19

------------------------------------------------------------------------
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress
Plugin
------------------------------------------------------------------------
Han Sahin, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple reflected Cross-Site Scripting (XSS)...

Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

19 July, 2016 - 04:30

Posted by Vulnerability Lab on Jul 19

Document Title:
===============
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1869

Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6186

CVE-ID:
=======
CVE-2016-6186

Release Date:
=============
2016-07-19

Vulnerability...

x-originating-ip: [25.162.68.132]

15 July, 2016 - 12:34

Posted by bashis on Jul 15

Would be interesting to know why my 'x-originating-ip' is [25.162.68.132] while using Office 365 OWA...

Especially when it belongs to UK Ministry of Defence.
https://apps.db.ripe.net/search/query.html?searchtext=25.162.68.132#resultsAnchor

I hope that FD don't filter and remove my 'x-originating-ip' now... otherwise i think you would be able to see it..

Snip from my own test e-mails to external mail address.
-...

opensshd - user enumeration

15 July, 2016 - 12:34

Posted by Harari, Eddie on Jul 15

Sorry for the resend, I change the format of the email to better fit the list...

--------------------------------------------------------------------
User Enumeration using Open SSHD (<=Latest version).
-------------------------------------------------------------------

Abstract:
-----------
By sending large passwords, a remote user can enumerate users on system that runs SSHD. This problem exists in most
modern configuration due to the...

Blind SQL Injection PivotX <= v2.3.11

15 July, 2016 - 12:34

Posted by Manuel Garcia Cardenas on Jul 15

=============================================
MGC ALERT 2016-003
- Original release date: April 14, 2016
- Last revised: July 14, 2016
- Discovered by: Manuel García Cárdenas
- Severity: 7,1/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
-------------------------
Blind SQL Injection PivotX <= v2.3.11

II. BACKGROUND
-------------------------
PivotX is an open source blog software written in PHP using...

Re: RCE by abusing NAC to gain Domain Persistence.

15 July, 2016 - 12:34

Posted by Joey Maresca on Jul 15

Congratulations...2013 called and they want their attack back:
https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python/

On Sat, Jul 9, 2016 at 7:45 AM, Alexander Korznikov <nopernik () gmail com>
wrote:

missing input validation in pmount: arbitrary mount as non-root

15 July, 2016 - 12:34

Posted by Imre RAD on Jul 15

Summary:
--------
pmount is a wrapper around the standard mount program which permits
normal users to mount removable devices without a matching /etc/fstab
entry.
Due to a missing input validation check local users could mount devices
to arbitrary destinations and thus taking over the targeted system
completely.

Prerequisites:
--------------
Local user access to the target
Pmount 0.9.23 or older to be installed (any version at time of writing...

Re: RCE by abusing NAC to gain Domain Persistence.

15 July, 2016 - 12:34

Posted by Kurt Buff on Jul 15

This seems more like an argument to not use DA accounts for NAC,
rather than a sure-fire method to undermine NAC.

I've not used NAC, but I'd have to guess that the machine wanting
access to the network has to announce itself by name, at least.

If that's the case, how hard would it be to use the local
administrator account of the machine requesting admission? Assuming
that MSFT LAPS (or some similar system, such as the one from...

[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability

15 July, 2016 - 10:15

Posted by ERPScan inc on Jul 15

Application: SAP xMII

Versions Affected: SAP xMII 15

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2201295

Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP xMII – Reflected XSS vulnerability

Advisory ID: [ERPSCAN-16-021]

Risk: medium

Advisory...

[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability

15 July, 2016 - 10:15

Posted by ERPScan inc on Jul 15

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA UDDI component – XXE vulnerability

Advisory ID: [ERPSCAN-16-020]

Risk:...

[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability

15 July, 2016 - 10:15

Posted by ERPScan inc on Jul 15

Application: SAP NetWeaver Enqueue Server

Versions Affected: SAP NetWeaver Enqueue Server 7.4

Vendor URL: http://SAP.com

Bug: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2258784

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver Enqueue Server – DoS vulnerability

Advisory ID:...

Cross-Site Scripting vulnerability in Google Forms WordPress Plugin

13 July, 2016 - 13:39

Posted by Summer of Pwnage on Jul 13

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...

Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin

13 July, 2016 - 13:39

Posted by Summer of Pwnage on Jul 13

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in WP No External Links WordPress
Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found...