Posted by Brian Hysell on Jun 19
Title: Authentication bypass in OpenEMR
CVE Reference: CVE-2015-4453
Product: OpenEMR
Vendor: http://www.open-emr.org/
Tested versions: 4.2.0 and 4.2.0 patch 1
Affected versions: 2.8.3 to 4.2.0 patch 1
Status: Fixed by vendor
Reported by: Brian D. Hysell
Details:
A bug in OpenEMR’s implementation of “fake register_globals” in
interface/globals.php allows an attacker to bypass authentication by
sending ignoreAuth=1 as a GET or…
Posted by Cosmin Maier on Jun 19
[-] Description
A malicious user can be able to bypass some of SpiderOak filters and retrieve sensitive information from database.
Revealing system data helps an adversary learn about the system and form a plan of attack.
[-] Proof-of-Concept
Full report available on YouTube: http://youtu.be/R_aT4kgB3PI <http://youtu.be/R_aT4kgB3PI>
[-] Notes
At the time this alert was first published, SpiderOak patched vulnerability and customers are…
Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.
SAP Mobile Platform version 3.0 suffers from an XXE injection vulnerability. The problem is caused by a program error due to the incorrect use of an XML parser (/mobiliser servlet). By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.