Monthly Archives: May 2016

Security

HP Security Bulletin HPSBMU03584 1

HP Security Bulletin HPSBMU03584 1 – A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization and other vulnerabilities have been addressed by HPE Network Node Manager I (NNMi). These vulnerabilities could be remotely exploited resulting in arbitrary code execution, authentication bypass, Cross-Site Scripting (XSS), disclosure of information, or unauthorized access. Revision 1 of this advisory.

Full Disclosure

CVE Request for ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection.

Posted by Saif El-Sherei on May 06

Heya,

Wanted to request CVE for the following issues, that have been fixed by the vendor, fix details are at:
https://www.manageengine.com/products/applications_manager/release-notes.html

[SPSA-2016-02/ManageEngine ApplicationsManager]——————————

SECURITY ADVISORY: SPSA-2016-02/ManageEngine Applications Manager Build No: 12700

Affected Software: ManageEngine Applications Manager Build No: 12700
Vulnerability:…

Full Disclosure

Give a warm welcome to Faraday v1.0.19! New GTK interface, Custom Reports & Bug fixing

Posted by Francisco Amato on May 06

Faraday v1.0.19 is ready! More documentation, a new interface and
plugin fixes are some of the improvements included in this version.

Continuing with our efforts to make Faraday accessible to everyone we
stopped the development and spent a few days improving our
documentation, so feel free to take a look at it and let us know if
you feel something is missing!

It shouldn’t come as a surprise that our QT interface will be
deprecated during…

Full Disclosure

Re: NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities

Posted by Bhadresh Patel on May 06

Hello Team,

Sorry for the typo in earlier draft.

The correct CVE IDs are both year 2015.

1) Unauthorized access of router’s network troubleshooting page
(ping.cgi) — CVE-2015-6023
2) Command injection vulnerability on ping.cgi — CVE-2015-6024

Regards,
-Bhadresh

*******************************
Bhadresh Patel
Senior Security Analyst
Tel: +97144405666
Fax: +971 4 363 6742
Mob: +971529172297
Arjaan Office Tower, Office 1208
Dubai Internet…

Full Disclosure

Aruba ArubaOS/Aruba Instant/AirWave Management – Multiple Vulnerabilities (CVE-2016-2031, CVE-2016-2032)

Posted by Sven Blumenstein on May 06

Aruba ArubaOS/Aruba Instant/AirWave Management – Multiple Vulnerabilities
————————————————————————-

Introduction
============
Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The
Vulnerabilities were discovered during a black box security assessment and
therefore the vulnerability list should not be considered exhaustive. Several
of the high severity vulnerabilities listed…

Full Disclosure

NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities

Posted by Bhadresh Patel on May 06

Title:
====

NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities

Credit:
======

Name: Bhadresh Patel
Company/affiliation: HelpAG
Website: www.helpag.com

CVE:
=====

CVE-2015-6023, CVE-2016-6024

Date:
====

03-05-2016 (dd/mm/yyyy)

Vendor:
======

NetComm Wireless is a leading developer and supplier of high performance
communication devices that connect businesses and people to the internet.

Products and services:…

Full Disclosure

Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting

Posted by Julien Ahrens on May 06

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Swagger Editor
Vendor URL: https://github.com/swagger-api/swagger-editor
Type: Cross-Site Scripting [CWE-79]
Date found: 2015-04-07
Date published: 2016-05-03
CVSSv3 Score: 6.3 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: –

2. CREDITS
==========
This vulnerability was discovered and researched by Julien…