Security News

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section

Bug Traq - 21 December, 2018 - 05:02

Posted by Murat Aydemir on Dec 21

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL
injection in the Alarms section

II. CVE REFERENCE
-------------------------
CVE-2018-20338

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
20/12/2018 OPManager replay that they fixed

V. CREDIT
-------------------------...

[CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials

Full Disclosure - 21 December, 2018 - 04:47

Posted by Tyler Cui on Dec 21

[Vendor]
us.dlink.com

[Product]
DIR-140L (version 1.02)
DIR-640L (version 1.01RU)
Other versions might also be affected.

[Vulnerability Type]
admin credentials disclosure

[Affected Component]
Web Interface

[CVE Reference]
CVE-2018-18009

[Security Issue]
An authenticated user can visit the file dirary0.js, for example, http://victime_ip/dirary0.js, and obtain clear text
password of user admin at the line:

gosave_ok =...

[CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials

Full Disclosure - 21 December, 2018 - 04:46

Posted by Tyler Cui on Dec 21

[Vendor]
us.dlink.com

[Product]
D-Link DSL-2770L (version ME_1.01, ME_1.02, AU_1.06)
D-Link DIR-140L, DIR-640L (version 1.00, 1.01RU, 1.02)
D-Link DWR-116, DWR-512, DWR-555, DWR-921 (version V1.03, V1.05, V2.01, V2.02)

[Vulnerability Type]
admin credentials disclosure

[Affected Component]
Web Interface

[CVE Reference]
CVE-2018-18008

[Security Issue]
An authenticated user can visit the page spaces.htm, for example,...

[CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials

Full Disclosure - 21 December, 2018 - 04:46

Posted by Tyler Cui on Dec 21

[Vendor]
us.dlink.com

[Product]
D-Link DSL-2770L (version ME_1.01, ME_1.02, AU_1.06)

[Vulnerability Type]
admin credentials disclosure

[Affected Component]
Web Interface

[CVE Reference]
CVE-2018-18007

[Security Issue]
An authenticated user can visit the page atbox.htm, for example, http://victime_ip/atbox.htm, and obtain clear text
password of user admin at the line:

else if(ff.curpd.value != "__password__")...

CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0

Full Disclosure - 21 December, 2018 - 04:45

Posted by Rafael Pedrero on Dec 21

<!--
# Exploit Title: DLL Hijacking in Exiftool v8.3.2.0
# Date: 18-12-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://owl.phy.queensu.ca/~phil/exiftool/
# Software Link: http://owl.phy.queensu.ca/~phil/exiftool/
# Version: v8.3.2.0
# Tested on: all
# CVE : CVE-2018-20211
# Category: webapps

1. Description

ExifTool 8.32 allows local users to gain privileges by creating a
%TEMP%\par-%username%\cache-exiftool-8.32 folder with a...

CVE-2018-20193 - Privilege escalation in Juniper Secure Access SSL VPN - SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631)

Full Disclosure - 21 December, 2018 - 04:45

Posted by Rafael Pedrero on Dec 21

In 2006...

<!--
# Exploit Title: Privilege escalation in Juniper Secure Access SSL VPN -
SA-4000, 5.1R5 (build 9627) 4.2 Release (build 7631)
# Date: 18-12-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.juniper.net/
# Software Link: http://www.juniper.net/
# Version: Juniper Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2
Release (build 7631)
# Tested on: all
# CVE : CVE-2018-20193
# Category: webapps

1. Description...

DAVOSET v.1.3.7

Full Disclosure - 21 December, 2018 - 04:45

Posted by MustLive on Dec 21

Hello participants of Mailing List.

Since announcement of DAVOSET in 2010 and all releases, I've made next
update of the software. Recently DAVOSET v.1.3.7 was released - DDoS attacks
via other sites execution tool (http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

GitHub: https://github.com/MustLive/DAVOSET

Download DAVOSET v.1.3.7:...

New vulnerabilities in Transcend Wi-Fi SD Card

Full Disclosure - 21 December, 2018 - 04:44

Posted by MustLive on Dec 21

Hello list!

There are Directory Traversal and Cross-Site Request Forgery vulnerabilities
in Transcend Wi-Fi SD Card.

-------------------------
Affected products:
-------------------------

Vulnerable is the next model: Transcend Wi-Fi SD Card 16 GB, Firmware v.1.8.
This model with other firmware versions and other Transcend models also can
be vulnerable. Transcend didn't answer will they fix these and other holes.

----------
Details:...

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section

Full Disclosure - 21 December, 2018 - 04:44

Posted by Murat Aydemir on Dec 21

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the
Notes column of the Alarms section

II. CVE REFERENCE
-------------------------
CVE-2018-20339

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
20/12/2018 OPManager replay that they fixed

V. CREDIT...

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section

Full Disclosure - 21 December, 2018 - 04:44

Posted by Murat Aydemir on Dec 21

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL
injection in the Alarms section

II. CVE REFERENCE
-------------------------
CVE-2018-20338

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
20/12/2018 OPManager replay that they fixed

V. CREDIT
-------------------------...

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API

Full Disclosure - 21 December, 2018 - 04:44

Posted by Murat Aydemir on Dec 21

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection
via the getGraphData API.

II. CVE REFERENCE
-------------------------
CVE-2018-20173

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
17/12/2018 OPManager replay that they fixed

V. CREDIT
-------------------------...

Capstone disassembler v4.0 is out!

Full Disclosure - 21 December, 2018 - 04:43

Posted by Nguyen Anh Quynh on Dec 21

Greetings,

We are super excited to announce version 4.0 of Capstone disassembler
framework!

Exactly 5 years ago, on December 18th of 2013, we published the first
version. Today, this release 4.0 marks 5 years of our project! Such a long
journey, which is impossible without huge community support!

In no particular order, we would like to thank Thinkst Canary
<https://canary.tools/>, NowSecure <https://www.nowsecure.com/>, ECQ
<...

[CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities

Full Disclosure - 21 December, 2018 - 04:39

Posted by advisories on Dec 21

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

GIGABYTE Drivers Elevation of Privilege Vulnerabilities

*1. *Advisory Information**

Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities
Advisory ID: CORE-2018-0007
Advisory URL:
http://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Date published: 2018-12-18
Date of last update: 2018-12-18
Vendors contacted: Gigabyte
Release...

[CORE-2017-0012] - ASUS Drivers Elevation of Privilege Vulnerabilities

Full Disclosure - 21 December, 2018 - 04:39

Posted by advisories on Dec 21

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

ASUS Drivers Elevation of Privilege Vulnerabilities

*1. *Advisory Information**

Title: ASUS Drivers Elevation of Privilege Vulnerabilities
Advisory ID: CORE-2017-0012
Advisory URL:
http://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
Date published: 2018-12-18
Date of last update: 2018-12-18
Vendors contacted: Asus
Release mode: User release...

Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)

Full Disclosure - 21 December, 2018 - 04:38

Posted by zzt0907 on Dec 21

# Buffer Overflow in function match() PCRE 8.41 (CVE-2017-16231)
## Product Download: https://sourceforge.net/projects/pcre/files/pcre/
## Vulnerability Type??Buffer Overflow
## Attack Type : local
## Vulnerability Description
a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive
call

## POC
https://github.com/followboy1999/poc/tree/master/CVE-2017-16231
./pcretest pcre_poc.txt
##...

LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)

Full Disclosure - 21 December, 2018 - 04:38

Posted by zzt0907 on Dec 21

#CVE-2017-16232
# LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)
## Product Download: http://www.libtiff.org/ http://download.osgeo.org/libtiff/
## Vulnerability Type??memory leak
## Attack Type : local
## Vulnerability Description
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow
attackers to cause a denial of service (memory consumption), as demonstrated
by tif_open.c, tif_lzw.c, and tif_aux.c
## POC...

Vuln: Linux Kernel CVE-2018-16885 Local Denial of Service Vulnerability

Security Focus Vulnerabilities - 21 December, 2018 - 00:00
Linux Kernel CVE-2018-16885 Local Denial of Service Vulnerability

Vuln: Telegram 'Secret Chats' Functionality Local Information Disclosure Vulnerability

Security Focus Vulnerabilities - 21 December, 2018 - 00:00
Telegram 'Secret Chats' Functionality Local Information Disclosure Vulnerability

Vuln: 3S-Smart Software CODESYS ICSA-18-352-04 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 21 December, 2018 - 00:00
3S-Smart Software CODESYS ICSA-18-352-04 Multiple Security Vulnerabilities

Vuln: 3S-Smart Software Solutions GmbH CODESYS ICSA-18-352-03 Access Bypass Vulnerability

Security Focus Vulnerabilities - 21 December, 2018 - 00:00
3S-Smart Software Solutions GmbH CODESYS ICSA-18-352-03 Access Bypass Vulnerability
Syndicate content