Full Disclosure
Posted by Jing Wang on Jun 11
*6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities*
Exploit Title: 6kbbs Weak Encryption Web Security Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: June 08, 2015
Latest Update: June 10, 2015
Vulnerability Type: Inadequate Encryption Strength [CWE-326]
CVE Reference: *
CVSS Severity (version 2.0):
Discover and Reporter: Wang Jing [School of Physical…
Posted by Darya Maenkova on Jun 11
SAP <http://www.sap.com/>has released the monthly critical patch update
for June 2015. This patch update closes a lot of vulnerabilities in SAP
products. The most popular vulnerability is Missing Authorization Check.
This month, three critical vulnerabilities found by ERPScan researchers
Vahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed.
*Issues that were patched with the help of ERPScan*
Below are the details of SAP…
Posted by Bruno Luiz on Jun 11
Subversion HTTP servers allow spoofing svn:author property values
for new revisions.
Summary:
========
Subversion’s mod_dav_svn server allows setting arbitrary svn:author
property values when committing new revisions. This can be accomplished
using a specially crafted sequence of requests. An evil-doer can fake
svn:author values on his commits. However, as authorization rules are
applied to the evil-doer’s true…
Posted by Egidio Romano on Jun 11
———————————————————–
Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
———————————————————–
[-] Software Link:
[-] Affected Versions:
Version 5.7.3.1, 5.7.4, and probably other versions.
[-] Vulnerability Description:
The vulnerable code is located in /concrete/src/Permission/Access/Access.php:
168. protected function…
Posted by Egidio Romano on Jun 11
—————————————————————————-
Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
—————————————————————————-
[-] Software Link:
[-] Affected Versions:
Version 5.7.3.1 and probably other versions.
[-] Vulnerabilities Description:
1) The vulnerable code is located in…
Posted by Egidio Romano on Jun 11
——————————————————————-
Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability
——————————————————————-
[-] Software Link:
[-] Affected Versions:
Version 5.7.3.1 and probably other versions.
[-] Vulnerability Description:
The vulnerable code is located in…
Posted by Scott Arciszewski on Jun 10
Hi Full Disclosure,
RNCryptor is a data format specificiation for AES encryption, with AES-256,
Their PHP implementation has two vulnerabilities in the same line of code,
which looks like this:
return ($components->hmac == $this->_generateHmac($components, $hmacKey));
The issues here:
1. A timing side-channel.
2. Use of the == operator can treat strings as floats, depending on the
input
We have opened a Github issue about this and…
Posted by Manuel Mancera on Jun 10
================================================================
Authentication Bypass in Pandora FMS
================================================================
Information
——————–
Name: Pandora FMS – Authentication Bypass
Affected Software : Pandora FMS
Affected Versions: 5.0, 5.1
Vendor Homepage : http://pandorafms.com/
Vulnerability Type : Authentication Bypass
Severity : High
Product
——————–
Pandora FMS (for…
Posted by Larry W. Cashdollar on Jun 10
Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta WordPress plugin
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-07
Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms
Vendor: Waters Edge Web Design and NetherWorks LLC
Vendor Notified: 2015-06-08
Advisory: http://www.vapid.dhs.org/advisory.php?v=125
Vendor Contact: plugins () wordpress org
Description: A…
Posted by Bruno Luiz on Jun 10
Introduction
SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical
purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346],
and TLS 1.2 [RFC5246], many TLS implementations remain backwardscompatible with
SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience.
The protocol handshake provides for authenticated version negotiation, so normally the
latest…