Category Archives: Full Disclosure

Full Disclosure

CVE-2014-8493 – ZTE ZXHN H108L Authentication Bypass

Posted by Project Zero Labs on Nov 17

About the software
==================

ZTE ZXHN H108L is provided by some large Greek ISPs to their
subscribers.

Vulnerability Details
=====================

CWMP configuration is accessible only through the Administrator account.
CWMP is a protocol widely used by ISPs worldwide for remote provisioning
and troubleshooting their subscribers’ equipment. However editing the
CWMP configuration (more specifically sending the POST request)…

Zoph <= 0.9.1 – Multiple Vulnerabilities

Posted by Manuel Garcia Cardenas on Nov 17

=============================================
MGC ALERT 2014-005
– Original release date: March 5, 2014
– Last revised: November 18, 2014
– Discovered by: Manuel Garcia Cardenas
– Severity: 10/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
Multiple Vulnerabilities in Zoph <= 0.9.1

II. BACKGROUND
————————-
Zoph (Zoph Organizes Photos) is a web based digital image…

WebsiteBaker <=2.8.3 – Multiple Vulnerabilities

Posted by Manuel Garcia Cardenas on Nov 17

=============================================
MGC ALERT 2014-004
– Original release date: March 11, 2014
– Last revised: November 18, 2014
– Discovered by: Manuel Garcia Cardenas
– Severity: 10/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
Multiple Vulnerabilities in WebsiteBaker 2.8.3

II. BACKGROUND
————————-
WebsiteBaker helps you to create the website you want:…

Proticaret E-Commerce Script v3.0 SQL Injection

Posted by Onur Alanbel on Nov 17

Document Title:
============
Proticaret E-Commerce Script v3.0 >= SQL Injection

Release Date:
===========
13 Nov 2014

Product & Service Introduction:
========================
Proticaret is a free e-commerce script.

Abstract Advisory Information:
=======================
BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0

Vulnerability Disclosure Timeline:
=========================
20 Oct 2014…

Vulnerabilities in D-Link DCS-2103

Posted by MustLive on Nov 17

Hello list!

There are Directory Traversal and Full path disclosure vulnerabilities in
D-Link DCS-2103 (IP camera).

————————-
Affected products:
————————-

Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. This model
with other firmware versions also must be vulnerable.

I found these vulnerabilities at 11.07.2014 and later informed D-Link. But
they haven’t answered. It looks like they are…

Re: xdg-open RCE

Posted by Brandon Perry on Nov 17

This is very similar to this gksu bug (which only applies to gksu when in
SU_MODE)

http://savannah.nongnu.org/bugs/?40023

Attempted to email the gksu ‘maintainer’, but with no response.

Did a quick write up on the Rapid7 site on how I found out about it and the
vector I was using to exploit it:

https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu

Was assigned the following…

XOOPS <= 2.5.6 – Blind SQL Injection

Posted by Manuel Garcia Cardenas on Nov 17

=============================================
MGC ALERT 2014-003
– Original release date: March 6, 2014
– Last revised: November 18, 2014
– Discovered by: Manuel Garcia Cardenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
Blind SQL Injection in XOOPS <= 2.5.6

II. BACKGROUND
————————-
XOOPS is an acronym of “eXtensible Object Oriented…

Reflected XSS in Nibbleblog <= v4.0.1

Posted by Manuel Garcia Cardenas on Nov 17

=============================================
MGC ALERT 2014-002
– Original release date: March 5, 2014
– Last revised: November 17, 2014
– Discovered by: Manuel Garcia Cardenas
– Severity: 4,8/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
Reflected XSS in Nibbleblog <= v4.0.1

II. BACKGROUND
————————-
Nibbleblog is a powerful engine for creating blogs, all you…