Posted by Matthias Deeg on Apr 11

Advisory ID: SYSS-2015-036
Product(s): Password Safe and Repository Enterprise
Manufacturer: MATESO GmbH
Affected Version(s): 7.4.4 Build 2247
Tested Version(s): 7.4.4 Build 2247
Vulnerability Type: Credentials Management (CWE-255)
Violation of Secure Design Principles (CWE-657)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2015-07-09
Solution Date: 2016-10-18
Public Disclosure: 2017-04-10
CVE Reference:…

Posted by Mark Wadham on Apr 11

Proxifier 2.18 (also 2.17 and possibly some earlier version) ships with
a KLoader binary which it installs suid root the first time Proxifier is
run. This binary serves a single purpose which is to load and unload
Proxifier’s kernel extension.

Unfortunately it does this by taking the first parameter passed to it on
the commandline without any sanitisation and feeding it straight into
system().

This means not only can you load any…

Posted by Wester 95 on Apr 11

Hi team,

I would like to request one CVE for this vulnerability, thank you!

#################################

Description:

============

product:MyBB

Homepage:https://mybb.com/

vulnerable version:<1.8.11

Severity:Low risk

===============

Proof of Concept:

=============

vulnerability address:http://127.0.0.1/mybb_1810/Upload/admin/index.php?module=config-smilies&action=add_multiple

vulnerability file…

Posted by Wester 95 on Apr 11

Hi team,

I would like to request one CVE id, thank you!

Details

======

Software: s9y Serendipity

Version: <2.0.5

Homepage: https://docs.s9y.org/

=======

Description

================

Get type CSRF in Serendipity allows attacker installs any themes, no token here.

POC:

========

include this in the page ,then attack will occur:

<img
src=”…

Posted by Wester 95 on Apr 11

Hi team,

I would like to request one CVE for this vulnerability, thank you!

#################################

Description:
============

product:MyBB
Homepage:https://mybb.com/
vulnerable version:<1.8.11
Severity:High risk

===============

Proof of Concept:

=============

1.post a thread or reply any thread ,write:

[email=2″onmouseover=”alert(document.location)]hover me[/email]

then when user’s mouse hover it,XSS attack…

Posted by hyp3rlinx on Apr 11

[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt
[+] ISR: APPARITIONSEC

Vendor:
============
www.moxa.com

Product:
===========
MXview V2.8

Download:
http://www.moxa.com/product/MXstudio.htm

MXview Industrial Network Management Software.

Auto discovery of network devices and physical connections
Event playback…

Posted by hyp3rlinx on Apr 11

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
===========
MXView v2.8

Download:
http://www.moxa.com/product/MXstudio.htm

MXview Industrial Network Management Software.

Auto discovery of network devices and physical connections
Event playback for quick…

Posted by hyp3rlinx on Apr 11

[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
=======================
MX-AOPC UA SERVER – 1.5

Moxa’s MX-AOPC UA Suite is the first OPC UA server for industrial
automation supporting both push and pull communication.

Vulnerability Type:…