Posted by secthrowaway on Nov 26

Anti-spam is awesome, but not in attachments. Replace all occurrences of ‘ () ‘ with ‘@’ for the exploit to work.

——– Original Message ——–
From: secthrowaway () Safe-mail net
To: fulldisclosure () seclists org
Subject: [FD] FluxBB <= 1.5.6 SQL Injection
Date: Fri, 21 Nov 2014 02:23:30 -0500

Posted by Larry W. Cashdollar on Nov 26

#!/bin/bash
#Larry W. Cashdollar, @_larry0
#Will brute force and search a WordPress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on
#20141031 assumes the wordpress database is wordpress and the table prefix is wp_
#http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/
#http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/
#run…

Posted by Michal Zalewski on Nov 23

Many Linux distributions ship with the ‘less’ command automagically
interfaced to ‘lesspipe’-type scripts, usually invoked via LESSOPEN.
This is certainly the case for CentOS and Ubuntu.

Unfortunately, many of these scripts appear to call a rather large
number of third-party tools that likely have not been designed with
malicious inputs in mind. On CentOS, lesspipe appears to include
things such as groff + troff + grotty,…

Posted by secthrowaway on Nov 21

FluxBB version 1.5.6 and below suffers from a SQL injection vulnerability.

Solution: update to FluxBB 1.5.7

Working, automated PoC is attached.
#!/usr/bin/env python
# Friday, November 21, 2014 – secthrowaway () safe-mail net
# FluxBB <= 1.5.6 SQL Injection
# make sure that your IP is reachable

url = ‘http://target.tld/forum/&apos;
user = ‘user’ # dummy account
pwd = ‘test’

import urllib, sys, smtpd, asyncore,…

Posted by Vulnerability Lab on Nov 21

Document Title:
===============
Supr Shopsystem v5.1.0 – Persistent UI Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1353

Release Date:
=============
2014-11-07

Vulnerability Laboratory ID (VL-ID):
====================================
1353

Common Vulnerability Scoring System:
====================================
3.1

Product & Service Introduction:…

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory – AST-2014-018

Product Asterisk
Summary AMI permission escalation through DB dialplan
function
Nature of Advisory Permission Escalation
Susceptibility Remote Authenticated Sessions…

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory – AST-2014-017

Product Asterisk
Summary Permission escalation through ConfBridge
actions/dialplan functions
Nature of Advisory Permission Escalation
Susceptibility Remote Authenticated Sessions…

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory – AST-2014-016

Product Asterisk
Summary Remote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Critical…

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory – AST-2014-015

Product Asterisk
Summary Remote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate…

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory – AST-2014-014

Product Asterisk
Summary High call load may result in hung channels in
ConfBridge.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions…