Posted by Programa STIC on Nov 12

Fundación Dr. Manuel Sadosky – Programa STIC Advisory
www.fundacionsadosky.org.ar

Missing SSL certificate validation in MercadoLibre app for Android

1. *Advisory Information*

Title: Missing SSL cert validation in MercadoLibre app for Android
Advisory ID: STIC-2014-0211
Advisory URL: http://www.fundacionsadosky.org.ar/publicaciones-2
Date published: 2014-11-11
Date of last update: 2014-11-10
Vendors contacted:…

Posted by Jim Bauwens on Nov 12

Hi,

The Lantronix xPrintServer is a small Linux powered print server for iOS. Main configuration happens through a web
interface.

The problem is that the configuration happens through some ‘RPC’ interface; the web interfaces uses AJAX requests to
talk to a CGI script that simply executes shell commands given to it. Take a look at the following screenshot:

http://i.imgur.com/gjbZhXZ.png

So.. that’s not really so secure. Launching a…

Posted by ESNC Security on Nov 12

*[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP
Governance, Risk and Compliance (SAP GRC)*

Please refer to http://www.esnc.de for the original security advisory,
updates and additional information.

*————————————————————————1.
Business
Impact————————————————————————*

According to SAP, “SAP Governance, Risk, and Compliance…

Posted by Manuel Garcia Cardenas on Nov 12

=============================================
MGC ALERT 2014-001
– Original release date: January 12, 2014
– Last revised: November 12, 2014
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
Blind SQL Injection in Piwigo <= v2.6.0

II. BACKGROUND
————————-
Piwigo is a web application management photo albums,…

Posted by Vulnerability Lab on Nov 12

Document Title:
===============
PayPal Inc Bug Bounty- Filter Bypass & Arbitrary Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=936

Video: http://www.vulnerability-lab.com/get_content.php?id=1275

Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2014/11/05/paypal-inc-fixed-filter-bypass-profile-code-execution-during-infrastructure

Release…

Posted by Pedro Ribeiro on Nov 09

Hi,

This is the 8th part of the ManageOwnage series. For previous parts see [1].

This time we have a file upload leading to remote code execution and a
blind SQL injection in ManageEngine OpManager, Social IT Plus and
IT360.
ManageEngine have released an emergency fix, see details in the
advisory below. The proper fixed version will be 11.5, which will come
out at the end of the year.

I had already released a Metasploit exploit for RCE back in…

Posted by secthrowaway on Nov 09

IP.Board version 3.4.7 (latest) suffers from a SQL injection vulnerability.

Working PoC is attached.
#!/usr/bin/env python
# Sunday, November 09, 2014 – secthrowaway () safe-mail net
# IP.Board <= 3.4.7 SQLi (blind, error based);
# you can adapt to other types of blind injection if ‘cache/sql_error_latest.cgi’ is unreadable

url = ‘http://target.tld/forum/&apos;
ua = “Mozilla/5.0 (Windows NT 6.2; WOW64)…

Posted by MustLive on Nov 09

Hello list!

There are Information Leakage and Cross-Site Request Forgery vulnerabilities
in D-Link DAP-1360 (Wi-Fi Access Point and Router).

————————-
Affected products:
————————-

Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be vulnerable.

D-Link will fix these vulnerabilities in the next version of firmware (will
be released in November),…

Posted by Pedro Ribeiro on Nov 09

Hi,

This is part 7 of the ManageOwnage series. For previous parts, see [1].

Today we have a blind SQL injection in Password Manager Pro (PMP) that
can be abused to escalate privileges for a low privileged user (like a
guest) to the “super administrator”. Using our new powers we can then
dump the whole password database in cleartext.

Unlike in part 6, this time ManageEngine have been responsible and
released an update. It actually…

Posted by Vulnerability Lab on Nov 07

Document Title:
===============
PayPal Inc BugBounty #107 MultiOrder Shipping (API) – Persistent History Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1048

PayPal Security UID: dq115aYq

Release Date:
=============
2014-10-27

Vulnerability Laboratory ID (VL-ID):
====================================
1048

Common Vulnerability Scoring System:
====================================
4…