Category Archives: Full Disclosure

Full Disclosure

[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability

Posted by Egidio Romano on Dec 31

———————————————————————
Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability
———————————————————————

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the /oc-includes/osclass/controller/contact.php script:…

[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability

Posted by Egidio Romano on Dec 31

————————————————————–
Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
————————————————————–

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the /oc-includes/osclass/controller/ajax.php script:

225. case…

[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability

Posted by Egidio Romano on Dec 31

——————————————————————-
Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
——————————————————————-

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably prior versions.

[-] Vulnerability Description:

The vulnerability exists because user input passed through the “alert” parameter when…

Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS

Posted by Steffen Rösemann on Dec 30

Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.
1.73 CMS

Advisory ID: SROEADV-2014-08

Author: Steffen Rösemann

Affected Software: CMS Absolut Engine v. 1.73

Vendor URL: http://www.absolutengine.com/

Vendor Status: solved

CVE-ID: –

==========================

Vulnerability Description:

==========================

The (not actively developed) CMS Absolut Engine v. 1.73 has multiple SQL
injection vulnerabilities…

nullcon HackIM Challenge 9-11 Jan 2015

Posted by nullcon on Dec 29

Namaste Ninjas,

Seasons greetings!
We are back for 6th time in Goa. nullcon 666 welcomes you to the
beastly devilish conference.
As nullcon is getting near, we are excited and ready to announce the
registration for HackIM CTF. Details at http://ctf.nullcon.net This
time HackIM is powered by EMC and we have some really exciting prizes
to be won.
But as Mahatma Gandhi wisely said “Glory lies in the attempt to reach
one’s goal and not in…

CNN cnn.com Travel XSS and ADS Open Redirect Security Vulnerabilities

Posted by Jing Wang on Dec 29

*CNN Travel.cnn.com <http://Travel.cnn.com> XSS and Ads.cnn.com
<http://Ads.cnn.com> Open Redirect Security Vulnerability*

*Domain:*
http://cnn.com

“CNN is sometimes referred to as CNN/U.S. to distinguish the American
channel from its international sister network, CNN International. As of
August 2010, CNN is available in over 100 million U.S. households.
Broadcast coverage of the U.S. channel extends to over 890,000 American…

CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability

Posted by Jing Wang on Dec 29

*CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect
Security Vulnerability*

Exploit Title: Ex Libris Patron Directory Services (PDS) Logon Page url
Parameter Open Redirect
Product: Ex Libris Patron Directory Services (PDS)
Vendor: Ex Libris
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference:…

/usr/bin/a2p buffer overflow

Posted by up201407890 on Dec 29

$ echo @alunos.dcc.fc.up|sed ‘s/^/up201407890/g;s/$/.pt/g’

I have found what it appears to be a buffer overflow on the a2p (awk2perl)
utility. It comes by default on several different systems.

Tested on Fedora 20, Fedora 19, Debian, and works probably on every other
UNIX-like.

Eg:

[saken () zippy ~]$ python -c “print ‘A’ * 2048” | a2p >/dev/null
[saken () zippy ~]$ python -c “print ‘A’ *…

CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability

Posted by Jing Wang on Dec 29

*CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site
Scripting) Security Vulnerability*

Exploit Title: Ex Libris Patron Directory Services (PDS) Logon Page url
Parameter XSS
Product: Ex Libris Patron Directory Services (PDS)
Vendor: Ex Libris
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE…