Full Disclosure
Posted by RedTeam Pentesting GmbH on Dec 02
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager
Mobile Device Management Components
During a penetration test, RedTeam Pentesting discovered that several
IBM Endpoint Manager Components are based on Ruby on Rails and use
static secret_token values. With these values, attackers can create
valid session cookies containing marshalled objects of their choosing.
This can be leveraged to execute arbitrary code when…
Posted by RedTeam Pentesting GmbH on Dec 01
Advisory: EntryPass N5200 Credentials Disclosure
EntryPass N5200 Active Network Control Panels allow the unauthenticated
downloading of information that includes the current administrative
username and password.
Details
=======
Product: EntryPass N5200 Active Network Control Panel
Affected Versions: unknown
Fixed Versions: not available
Vulnerability Type: Information Disclosure, Credentials Disclosure
Security Risk: high
Vendor URL:…
Posted by RedTeam Pentesting GmbH on Dec 01
Advisory: Information Disclosure in TYPO3 Extension ke_questionnaire
The TYPO3 extension ke_questionnaire stores answered questionnaires in a
publicly reachable directory on the webserver with filenames that are
easily guessable.
Details
=======
Product: ke_questionnaire
Affected Versions: 2.5.2 (possibly all versions)
Fixed Versions: unknown
Vulnerability Type: Information Disclosure
Security Risk: medium
Vendor URL:…
Posted by RedTeam Pentesting GmbH on Dec 01
Advisory: Remote Code Execution in TYPO3 Extension ke_dompdf
During a penetration test RedTeam Pentesting discovered a remote code
execution vulnerability in the TYPO3 extension ke_dompdf, which allows
attackers to execute arbitrary PHP commands in the context of the
webserver.
Details
=======
Product: ke_dompdf TYPO3 extension
Affected Versions: 0.0.3<=
Fixed Versions: 0.0.5
Vulnerability Type: Remote Code Execution
Security Risk: high…
Posted by Stefan Kanthak on Nov 29
Hi @ll,
more than 20 years ago Microsoft introduced the NTFS filesystem
(supporting ACLs) and “user profiles” to separate user data
(with emphasis on “data”) from the OS and each other.
More than 13 years ago Microsoft introduced “software restriction
policies” alias SAFER (<https://support.microsoft.com/kb/310791>,
<https://support.microsoft.com/kb/324036>,
<…
Posted by Egidio Romano on Nov 29
—————————————————————–
Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
—————————————————————–
[-] Software Links:
https://www.tuleap.org/
https://www.enalean.com/
[-] Affected Versions:
Version 7.6-4 and prior versions.
[-] Vulnerability Description:
The vulnerable code is located in the /src/www/project/register.php script:
27….
Posted by MustLive on Nov 29
Hello list!
There are Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities in D-Link DAP-1360 (Wi-Fi Access Point and Router).
————————-
Affected products:
————————-
Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be vulnerable.
D-Link will fix these vulnerabilities in the next version of firmware (will
be released in November),…
Posted by laurent gaffie on Nov 29
Responder is an Active Directory/Windows environment takeover tool suite
that can stealthily take over any default Active Directory environment
(including Windows 2012R2).
Most of the attacks in this tool are hard to detect and are highly
successful.
This version includes several enhancements:
– Analyze Mode: Figure out what kind of network you’re dealing with before
doing anything:
– Map all workstations, domain forests, SQL servers…
Posted by Lukasz Biegaj on Nov 29
W dniu 25.11.2014 o 17:37, Simo Ben youssef pisze:
Keep in mind, that version 3.0.96 was released about a year ago, so if
your wordpress is not that old, then you’re unaffected.
Posted by A Z on Nov 29
Hello everyone,
I found some weird HTML code injection in an IIS error message. IIS spits
out some part of the user input that generated the error message, but will
only display 20 characters at most.
My question is: is it possible to actually exploit an XSS with this ?
Here is an example:
HTTP Request: mypage?search=%3cb%20onclick%3dalert(1)>%3e
HTTP Response (real):
<p>An error has occured.</p>
<p>Exception…