Full Disclosure
Posted by X41 D-Sec GmbH Advisories on Feb 24
X41 D-Sec GmbH Security Advisory: X41-2017-004
Multiple Vulnerabilities in tnef
================================
Overview
——–
Confirmed Affected Versions: 1.4.12 and earlier
Confirmed Patched Versions:
Vendor: verdammelt
Vendor URL: https://github.com/verdammelt/tnef/
Vector: File
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
Summary and Impact…
Posted by Vulnerability Lab on Feb 23
Document Title:
===============
Air Transfer 1.2.1 & 1.0.14 iOS – Multiple XSS Web Vulnerabilities
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2035
Release Date:
=============
2017-02-22
Vulnerability Laboratory ID (VL-ID):
====================================
2035
Common Vulnerability Scoring System:
====================================
3.2
Product & Service Introduction:…
Posted by hyp3rlinx on Feb 22
[+] Credits: John Page AKA Hyp3rlinX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt
[+] ISR: ApparitionSec
Vendor:
================
easycom-aura.com
Product:
===========================
EASYCOM AS400 (iBMI) PHP API
EasycomPHP_4.0029.iC8im2.exe
EASYCOM is the middleware which provides native access to IBMi data and
programs. With its excellent performance and…
Posted by bashis on Feb 22
Greetings,
1. Seems to be possible bypass the default enabled “Auto Block of IP address” functionality in Synologic’s NAS by using
only one single space (x20) to the HTTP header “X-FORWARDED-FOR”
(If already Auto Blocked, this bypass will _not_ work)
Generates in /var/log/messages: 2017-02-21T20:39:13+02:00 VirtualDSM_8451 login.cgi: login.c:1039 login.c (1039)Bad
parameter :”
Bypassing whole function that…
Posted by Harrison Neal on Feb 22
# Exploit Title: Teradici Management Console 2.2.0 – Web Shell Upload and
Privilege Escalation
# Date: February 22nd, 2017
# Exploit Author: hantwister
# Vendor Homepage:
http://www.teradici.com/products-and-solutions/pcoip-products/management-console
# Software Link:
https://techsupport.teradici.com/ics/support/DLRedirect.asp?fileID=63583
(login required)
# Version: 2.2.0
Users that can access the Settings > Database Management page can…
Posted by hyp3rlinx on Feb 22
[+] Credits: John Page AKA Hyp3rlinX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec
Vendor:
================
easycom-aura.com
Product:
===========
SQL iPlug
EasycomPHP_4.0029.iC8im2.exe
SQL iPlug provides System i applications real-time access to heterogeneous
and external databases
(Oracle, SQL Server, MySQL, MS Access, Sybase,…
Posted by Vulnerability Lab on Feb 22
Document Title:
===============
ProjectSend r754 – IDOR & Authentication Bypass Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2031
Release Date:
=============
2017-02-21
Vulnerability Laboratory ID (VL-ID):
====================================
2031
Common Vulnerability Scoring System:
====================================
5.3
Product & Service Introduction:…
Posted by Vulnerability Lab on Feb 22
Document Title:
===============
Lock Photos Album&Videos Safe v4.3 – Directory Traversal Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2032
Release Date:
=============
2017-02-21
Vulnerability Laboratory ID (VL-ID):
====================================
2032
Common Vulnerability Scoring System:
====================================
7.8
Product & Service Introduction:…
Posted by Timothy D. Morgan on Feb 21
Overview
Recently, an vulnerability in Java’s FTP URL handling code has been published which allows for protocol stream
injection. It has been shown[1] that this flaw could be used to leverage existing XXE or SSRF vulnerabilities to send
unauthorized email from Java applications via the SMTP protocol. While technically interesting, the full impact of this
protocol stream injection has not been fully accounted for in existing public…
Posted by Matthias Deeg on Feb 21
Advisory ID: SYSS-2016-117
Product: ABUS Secvest (FUAA50000)
Manufacturer: ABUS
Affected Version(s): v1.01.00
Tested Version(s): v1.01.00
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-11-28
Solution Date: –
Public Disclosure: 2017-02-20
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)…