Category Archives: Full Disclosure

Full Disclosure

Persistent Cross-Site Scripting in Scriptler Jenkins Plugin

Posted by Securify B.V. on Apr 14

————————————————————————
Persistent Cross-Site Scripting in Scriptler Jenkins Plugin
————————————————————————
Burak Kelebek, April 2017

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the…

Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation

Posted by hyp3rlinx on Apr 14

[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt
[+] ISR: apparitionSec

Vendor:
==============
www.adobe.com

Product:
========================================
Adobe Creative Cloud Desktop Application
<= v4.0.0.185

Vulnerability Type:
=====================
Privilege Escalation

CVE Reference:
==============…

DefenseCode ThunderScan SAST Advisory: 53+ WordPress plugins by BestWebSoft Multiple Cross-Site Scripting (XSS) Vulnerabilities

Posted by DefenseCode on Apr 12

DefenseCode ThunderScan SAST Advisory
53+ WordPress plugins by BestWebSoft Multiple
Cross-Site Scripting (XSS) Vulnerabilities

Advisory ID: DC-2017-02-014
Software: 53+ WordPress plugins by BestWebSoft
Software Language: PHP
Version: Various
Vendor Status: Vendor contacted, vulnerabilities confirmed
Release Date: 20170412
Risk: Medium

# Advisory Overview

BestWebSoft published more than 50 plugins to the wordpress.org site….

DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting Vulnerabilities

Posted by DefenseCode on Apr 12

DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting
Vulnerabilities

Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor contacted, fix released
Release Date: 20170410
Risk: Medium

# Brief Vulnerability Description

During the security analysis, ThunderScan discovered multiple…

DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF)

Posted by DefenseCode on Apr 12

DefenseCode Security Advisory
Magento 0day Arbitrary File Upload Vulnerability
(Remote Code Execution, CSRF)

Advisory ID: DC-2017-04-003
Software: Magento CE
Software Language: PHP
Version: 2.1.6 and below
Vendor Status: Vendor contacted / Not fixed
Release Date: 20170413
Risk: High

# Advisory Overview

During the security audit of Magento Community Edition, a highly popular
e-commerce platform, a high risk…

Proxifier for Mac 2.19 local root privesc

Posted by Mark Wadham on Apr 12

With CVE-2017-7643 I disclosed a command injection vulnerablity in the
KLoader
binary that ships with Proxifier <= 2.18.

Unfortunately 2.19 is also vulnerable to a slightly different attack
that
yields the same result.

When Proxifier is first run, if the KLoader binary is not suid root it
gets
executed as root by Proxifier.app (the user is prompted to enter an
admin
password). The KLoader binary will then make itself suid root so that…

Microsoft Office OneNote 2007 DLL side loading vulnerability

Posted by Securify B.V. on Apr 11

————————————————————————
Microsoft Office OneNote 2007 DLL side loading vulnerability
————————————————————————
Yorick Koster, September 2015

————————————————————————
Abstract
————————————————————————
A DLL side loading vulnerability was found in Microsoft…

Multiple local privilege escalation vulnerabilities in Proxifier for Mac

Posted by Securify B.V. on Apr 11

————————————————————————
Multiple local privilege escalation vulnerabilities in Proxifier for Mac
————————————————————————
Yorick Koster, April 2017

————————————————————————
Abstract
————————————————————————
Multiple local privileges escalation…