Category Archives: Full Disclosure

Full Disclosure

Stored XSS Vulnerability in F5 BIG-IP Application Security Manager

January 12, 2015 007admin Leave a comment

Posted by Peter Lapp on Jan 12

Details
=======

Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lappsec () gmail com
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x.
Fixed Version: 11.6

Summary
=======

The F5 ASM is a web application firewall designed to protect web
applications from attacks. It allows for a custom HTML page to be displayed
to end users when they trigger a…

Full Disclosure

Snom SIP phones denial of service through HTTP

January 12, 2015 007admin Leave a comment

Posted by kapejod () googlemail com on Jan 12

Snom SIP phones (www.snom.com) have a builtin HTTP/HTTPS configuration
interface, which is enabled by default.

By making a single HTTP POST request all available memory (and CPU) can be
exhausted, resulting in a reboot of the phone.
This even works if the HTTP/HTTPS interface is protected by username and
password (probably the credentials are checked a few more lines later when
the complete request has been received).

Affected models: MP, 3XX,…

Full Disclosure

XSS Vulnerability in Fork CMS 3.8.3

January 12, 2015 007admin Leave a comment

Posted by ITAS Team on Jan 12

# Exploit Title: XSS Vulnerability in Fork CMS 3.8.3

# Google Dork: N/A

# Date: 12/26/2014

# Exploit Author: Le Ngoc phi (phi.n.le () itas vn) and ITAS Team (www.itas.vn)

# Vendor Homepage: http://www.fork-cms.com

# Software Link: http://www.fork-cms.com/blog/detail/fork-3.8.4-released

# Version: Fork 3.8.3

# Tested on: N/A

# CVE : CVE-2014-9470

::VULNERABILITY DETAIL::

– Vulnerable parameter: q_widget

– Vulnerable file:…

Full Disclosure

Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

January 12, 2015 007admin Leave a comment

Posted by Brandon Perry on Jan 12

After releasing this, I actually got quite a bit of flak (whatever happened
to responsible/coordinated disclosure?!).

Today, Space Rogue wrote a pretty good article about Full Disclosure:
https://twitter.com/spacerog/status/554704824705761280

I tend to agree with the post, and I feel that this vulnerability actually
is a great example of the points Space Rogue makes.

For instance, according to McAfee’s official KB article (…

Full Disclosure

WordPress Photo Gallery 1.2.7 unauthenticated SQL injection

January 12, 2015 007admin Leave a comment

Posted by Brandon Perry on Jan 12

WordPress Photo Gallery Unauthenticated SQL injection

Version 1.2.7 and likely prior of the Photo Gallery plugin (almost 500,000
downloads to date) are vulnerable to an unauthenticated boolean-based and
time-based blind SQL injection.

Vulnerable version:
https://downloads.wordpress.org/plugin/photo-gallery.1.2.7.zip

Within the following GET request, the order_by parameter, specifically, is
vulnerable.

GET…

Full Disclosure

Corel Software DLL Hijacking

January 12, 2015 007admin Leave a comment

Posted by CORE Security Technologies Advisories-team (jrv) on Jan 12

Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/

Corel Software DLL Hijacking

1. *Advisory Information*

Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-12
Date of last update: 2015-01-06
Vendors contacted: Corel
Release mode: User release

2. *Vulnerability Information*

Class: Uncontrolled Search Path…

Full Disclosure