Category Archives: Full Disclosure

Full Disclosure

Faraday v2.4: Collaborative Penetration Test and Vulnerability Management Platform

Posted by Francisco Amato on Mar 24

March is already rolling and so is our work. Today we feel so happy to
share a new release, Faraday v2.4!

Before preparing an upcoming release, we try to focus not only on
improving the product but also on perfecting the user experience. We
want to go beyond optimizing your everyday work, inspiring you to do
more!

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in…

APPLE-SA-2017-03-22-2 iTunes for Mac 12.6

Posted by Apple Product Security on Mar 24

APPLE-SA-2017-03-22-2 iTunes for Mac 12.6

iTunes for Mac 12.6 is now available and addresses the following:

iTunes
Available for: OS X version 10.9.5 or later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153

iTunes
Available for: OS X version…

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

Posted by Apple Product Security on Mar 24

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

iTunes for Windows 12.6 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153

iTunes
Available for: Windows 7 and later…

[CVE-2017-5869] Nuxeo Platform remote code execution

Posted by Sydream Labs on Mar 24

# Description

Nuxeo Platform is a content management system for enterprises (CMS).
It embeds an Apache Tomcat server, and can be managed through a web
interface.

One of its features allows authenticated users to import files to the
platform.
By crafting the upload request with a specific “X-File-Name“ header,
one can successfuly upload a file at an arbitrary location of the server
file system.

It is then possible to upload a JSP script to…

[CVE-2017-6088] EON 5.0 Multiple SQL Injection

Posted by Sydream Labs on Mar 24

# [CVE-2017-6088] EON 5.0 Multiple SQL Injection

## Description

EyesOfNetwork (“EON”) is an OpenSource network monitoring solution.

## SQL injection (authenticated)

The Eonweb code does not correctly filter arguments, allowing
authenticated users to inject arbitrary SQL requests.

**CVE ID**: CVE-2017-6088

**Access Vector**: remote

**Security Risk**: medium

**Vulnerability**: CWE-89

**CVSS Base Score**: 6.0

**CVSS Vector…

[CVE-2017-6087] EON 5.0 Remote Code Execution

Posted by Sydream Labs on Mar 24

# [CVE-2017-6087] EON 5.0 Remote Code Execution

## Description

EyesOfNetwork (“EON”) is an OpenSource network monitoring solution.

## Remote Code Execution (authenticated)

The Eonweb code does not correctly filter arguments, allowing
authenticated users to execute arbitrary code.

**CVE ID**: CVE-2017-6087

**Access Vector**: remote

**Security Risk**: high

**Vulnerability**: CWE-78

**CVSS Base Score**: 7.6

**CVSS Vector…

QNAP QTS Domain Privilege Escalation Vulnerability

Posted by Pasquale Fiorillo on Mar 24

QNAP QTS Domain Privilege Escalation Vulnerability

Name Sensitive Data Exposure in QNAP QTS
Systems Affected QNAP QTS (NAS) all model and all versions < 4.2.4
Severity High 7.9/10
Impact CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Vendor http://www.qnap.com/
Advisory http://www.ush.it/team/ush/hack-qnap/qnap.txt
Authors Pasquale “sid” Fiorillo (sid AT ush DOT…

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM

Posted by ERPScan inc on Mar 24

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION
Title: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
Advisory ID: [ERPSCAN-16-041]
Risk: medium…

SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices

Posted by SEC Consult Vulnerability Lab on Mar 22

SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=======================================================================
title: Multiple vulnerabilities
product: Solare Datensysteme GmbH
Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000
vulnerable version: Firmware 2.8.4-56 / 3.5.2-85
fixed version: Firmware 3.5.3-86
CVE number: –
impact: Critical…

Adium vulnerable to remote code execution via libpurple

Posted by erythronium23 on Mar 21

Adium is a popular instant messaging client for MacOS (OSX) that
incorporates libpurple. The current release (1.5.10.2) is vulnerable
to CVE-2017-2640 in libpurple, which permits execution of arbitrary
code on the client.

The Adium team has been aware of the vulnerability since at least
March 15, but has not released an advisory to its users, for reasons
unknown.

A post to the official developer’s mailing list, which included
vulnerability…