Security News

Re: IE11 is not following CORS specification for local files

Full Disclosure - 11 October, 2016 - 11:43

Posted by Ricardo Iramar dos Santos on Oct 11

Same attack using XSS as vector.
Imagine that https://xss-doc.appspot.com is a site about gift cards.
The XSS payload below will create a giftcard.htm file in the default
download folder.
If the victim open the file a GET to
https://mail.google.com/mail/u/0/#inbox will be submitted.
After the GET the file will perform a POST to
http://192.168.1.36/req.php using the GET response as a body.
An attacker would be able to read all the emails in the...

Re: IE11 is not following CORS specification for local files

Full Disclosure - 11 October, 2016 - 11:43

Posted by Ricardo Iramar dos Santos on Oct 11

I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on download default folder.
If the victim perform the three following clicks (Save, Open and Allow
blocked content) an attacker would be able to perform any...

Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348]

Full Disclosure - 11 October, 2016 - 11:40

Posted by Nightwatch Cybersecurity Research on Oct 11

Original at:
https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/

Summary

Android devices can be crashed remotely forcing a halt and then a soft
reboot by a MITM attacker manipulating assisted GPS/GNSS data provided
by Qualcomm. This issue affects the open source code in AOSP and
proprietary code in a Java XTRA downloader provided by Qualcomm. The
Android issue was fixed by in the October 2016 Android bulletin....

[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities

Full Disclosure - 11 October, 2016 - 11:26

Posted by Gergely Eberhardt on Oct 11

Avtech devices multiple vulnerabilities
--------------------------------------------------

Platforms / Firmware confirmed affected:
- Every Avtech device (IP camera, NVR, DVR) and firmware version. [4]
contains the list of confirmed firmware versions, which are affected.
- Product page: http://www.avtech.com.tw/

ôAVTECH, founded in 1996, is one of the worldÆs leading CCTV
manufacturers. With stably increasing revenue and practical business...

CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.)

Full Disclosure - 11 October, 2016 - 11:24

Posted by Dawid Golunski on Oct 11

Vulnerability: Apache Tomcat packaging on RedHat-based distros

CVE-2016-5425

Discovered by:
Dawid Golunski (http://legalhackers.com)

Affected systems: Multiple Tomcat packages on RedHat-based systems
including: CentOS,Fedora,OracleLinux,RedHat etc.

Short Description:

Apache Tomcat packages provided by default repositories of RedHat-based
distributions (including CentOS, RedHat, OracleLinux, Fedora, etc.)
create a tmpfiles.d configuration...

Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities

Full Disclosure - 11 October, 2016 - 11:22

Posted by admin () evolution-sec com on Oct 11

Document Title:
===============
Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1928

Release Date:
=============
2016-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
1928

Common Vulnerability Scoring System:
====================================
3.7

Product & Service Introduction:...

Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG

Full Disclosure - 11 October, 2016 - 10:45

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-048: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-048
- Onapsis SVS ID: ONAPSIS-00243...

Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm

Full Disclosure - 11 October, 2016 - 10:33

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could impersonated as another person.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-029
- Onapsis SVS ID: ONAPSIS-00151
- CVE: CVE-2016-4407
-...

Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage

Full Disclosure - 11 October, 2016 - 10:01

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-001: SAP console insecure password storage

1. Impact on Business
=====================
By exploiting this vulnerability, an attacker could obtain access to additional SAP systems, potentially compromising
these systems as well as the information stored and processed by them.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
-...

Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

Full Disclosure - 11 October, 2016 - 09:41

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-046: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-046
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

Full Disclosure - 11 October, 2016 - 09:21

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-045: SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-45
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY

Full Disclosure - 11 October, 2016 - 08:48

Posted by Onapsis Research on Oct 11

Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-044
- Onapsis SVS ID: ONAPSIS-00250
-...

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability

Full Disclosure - 11 October, 2016 - 08:10

Posted by Vulnerability Lab on Oct 11

Document Title:
===============
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1972

Vulnerability Magazine:
https://www.vulnerability-db.com/?q=articles/2016/10/10/facebook-api-v21-hit-rfc6749-open-redirect-attack-vulnerability

Release Date:
=============
2016-10-10

Vulnerability Laboratory ID (VL-ID):
====================================...
Syndicate content