Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)
Versions affected:
9.x
Vulnerability:
XML External Entity injection (XXE)
Example:
There is an XXE in services such as:
https://[target]/services/WSFUNCTION
https://[target]/services/WSGRID…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html
Date:
04-Apr-2017
Product:
AirWatch Self Service MDM
Versions affected:
v6.1.x
v6.4.x
Vulnerability:
LDAP injection
Example:
https://[target]/DeviceManagement/ URL accepts the following
POST parameters:
AuthenticationMode
ActivationCode
Username
Password
Login
The ‘Username’ parameter appears to be vulnerable to an LDAP injection…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Avaya Radvision SCOPIA Desktop
Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)
Vulnerability:
Blind SQL injection.
Vulnerability details:
The vulnerability exists within a HTTP POST request to gain access to
stored recordings.
Example:
POST…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-code-execution.html
Date:
09-Nov-2012
Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)
Vulnerability:
Local File Inclusion to Remote Code Execution
Details:
There is local file inclusion vulnerability in
the Lotus Mail Encryption Server (Protector for Mail Encryption)
administration setup interface. The index.php file uses an unsafe include()
where an…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Software:
Kaseya
Affected version:
Kaseya VSA v6.5.0.0.
Vulnerability details:
1. The “forgot password” function at https://[target]/access/logon.asp
reveals whether a username is valid/exists or not, which assists with
brute force attacks. An incorrect username responds with “No record of
this user exists”,…
** DISPUTED ** Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers’ needs.
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.
A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.
** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers’ needs.
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.