Security News

Re: Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin)

Full Disclosure - 9 March, 2019 - 13:03

Posted by Henri Salo on Mar 09

MITRE assigned CVE-2019-9575 for this vulnerability.

CVE-2019-6726: Arbitrary File Deletion in WP fastest Cache <= 0.8.9.0

Full Disclosure - 9 March, 2019 - 13:03

Posted by Sebastian Neef on Mar 09

The wordpress plugin "WP Fastest Cache" [0] suffered from an arbitrary file deletion bug.

# Description

A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and
directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and
then uses string concatenation to build an absolute path. This path is then passed to the...

UFONet v-1.3 - [SLY] SingularitY!

Full Disclosure - 9 March, 2019 - 13:02

Posted by psy on Mar 09

Hi,

I have released a new version for UFONet:

https://ufonet.03c8.net/

"UFONet - is a toolkit designed to launch DDoS and DoS attacks."

---------

See these links for more info:

- CWE-601:Open Redirect [1]
- OWASP:URL Redirector Abuse [2]
- Botnet requests schema [3]

---------

Main options are:

* DDoS (botnet) + DoS
* Auto-update
* Clean code
* Documentation with examples
* Web/GUI Interface
* Proxy to connect...

Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities

Full Disclosure - 7 March, 2019 - 06:00

Posted by Vulnerability Lab on Mar 07

Document Title:
===============
Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2173

Release Date:
=============
2019-03-07

Vulnerability Laboratory ID (VL-ID):
====================================
2173

Common Vulnerability Scoring System:
====================================
4.6

Vulnerability Class:
====================...

[SECURITY] [DSA 4402-1] mumble security update

Bug Traq - 6 March, 2019 - 08:25

Posted by Moritz Muehlenhoff on Mar 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4402-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mumble
CVE ID : CVE-2018-20743

It was discovered...

Sagemcom router insufficient default PSK entropy

Full Disclosure - 5 March, 2019 - 13:10

Posted by Ryan Delaney on Mar 05

<!--
# Exploit Title: Sagemcom router insufficient default PSK entropy
# Date: 4-3-2019
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: https://www.sagemcom.com/
# Software Link: N/A
# Version: 0.4.39
# Tested on: 0.4.39
# CVE: CVE-2019-9555

1. Description

Sagemcom F@st 5260 routers on firmware version 0.4.39 (and possibly
others), in WPA...

Open Redirection vulnerability in Babel (CMSMS Module)

Full Disclosure - 5 March, 2019 - 13:09

Posted by Jan Kopriva on Mar 05

Affected Software: Babel: Multilingual Site module for CMS Made Simple
Affected Version: 0.4.1 and earlier
Patched Version: None - project is no longer under development
CVE Identifier: TBD
Vulnerability type: CWE-601: URL Redirection to Untrusted Site ('Open
Redirect')
Severity Rating: CVSS v3 Base Score: 6.1
(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Security Researcher: Jan Kopriva @ Alef Nula

Summary:
The Babel multi-language module...

Re: Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin)

Full Disclosure - 5 March, 2019 - 13:07

Posted by Henri Salo on Mar 05

Please use CVE-2019-9567 for XSS vulnerability and CVE-2019-9568 for
SQL-injection vulnerability.

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

Full Disclosure - 5 March, 2019 - 13:07

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
Use CVE-2018-17865

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from...

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

Full Disclosure - 5 March, 2019 - 13:07

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17864

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from Biznet...

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

Full Disclosure - 5 March, 2019 - 13:07

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17864

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from Biznet...

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

Full Disclosure - 5 March, 2019 - 13:07

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17862

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from Biznet...

SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS)

Full Disclosure - 5 March, 2019 - 13:03

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Portal/EPP
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17862

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from...

SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS)

Full Disclosure - 5 March, 2019 - 13:03

Posted by Ece örsel on Mar 05

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Portal/EPP
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17861

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from...

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

Bug Traq - 4 March, 2019 - 09:41

Posted by Ece örsel on Mar 04

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
Use CVE-2018-17865

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from...

SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting (XSS)

Bug Traq - 4 March, 2019 - 09:38

Posted by Ece örsel on Mar 04

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17862

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from Biznet...

SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS)

Bug Traq - 4 March, 2019 - 09:35

Posted by Ece örsel on Mar 04

I. VULNERABILITY
-------------------------
SAP J2EE Engine/7.01/Portal/EPP
Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-17861

III. VENDOR
-------------------------
https://www.sap.com

IV. TIMELINE
-------------------------
10/08/2018 Vulnerability discovered
12/07/2018 Vendor contacted
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support

V. CREDIT
-------------------------
Ece Orsel from...

[slackware-security] python (SSA:2019-062-01)

Bug Traq - 4 March, 2019 - 02:37

Posted by Slackware Security Team on Mar 03

[slackware-security] python (SSA:2019-062-01)

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/python-2.7.16-i586-1_slack14.2.txz: Upgraded.
Updated to the latest 2.7.x release, which fixes a few security issues.
For more information, see:...

[SECURITY] [DSA 4387-2] openssh security update

Bug Traq - 4 March, 2019 - 02:34

Posted by Yves-Alexis Perez on Mar 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4387-2 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
March 02, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
CVE ID : CVE-2019-6111
Debian Bug :...

[slackware-security] infozip (SSA:2019-060-01)

Bug Traq - 4 March, 2019 - 02:30

Posted by Slackware Security Team on Mar 03

[slackware-security] infozip (SSA:2019-060-01)

New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/infozip-6.0-i586-4_slack14.2.txz: Rebuilt.
Added some patches that should fix extracting archives with non-latin
characters in the filenames. Thanks to saahriktu.
This update also fixes...
Syndicate content