Category Archives: Full Disclosure

Full Disclosure

Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211]

Posted by Programa STIC on Nov 12

Fundación Dr. Manuel Sadosky – Programa STIC Advisory
www.fundacionsadosky.org.ar

Missing SSL certificate validation in MercadoLibre app for Android

1. *Advisory Information*

Title: Missing SSL cert validation in MercadoLibre app for Android
Advisory ID: STIC-2014-0211
Advisory URL: http://www.fundacionsadosky.org.ar/publicaciones-2
Date published: 2014-11-11
Date of last update: 2014-11-10
Vendors contacted:…

[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)

Posted by ESNC Security on Nov 12

*[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP
Governance, Risk and Compliance (SAP GRC)*

Please refer to http://www.esnc.de for the original security advisory,
updates and additional information.

*————————————————————————1.
Business
Impact————————————————————————*

According to SAP, “SAP Governance, Risk, and Compliance…

Lantronix xPrintServer Code execution and CSRF vulnerability

Posted by Jim Bauwens on Nov 12

Hi,

The Lantronix xPrintServer is a small Linux powered print server for iOS. Main configuration happens through a web
interface.

The problem is that the configuration happens through some ‘RPC’ interface; the web interfaces uses AJAX requests to
talk to a CGI script that simply executes shell commands given to it. Take a look at the following screenshot:

http://i.imgur.com/gjbZhXZ.png

So.. that’s not really so secure. Launching a…

Piwigo <= v2.6.0 – Blind SQL Injection

Posted by Manuel Garcia Cardenas on Nov 12

=============================================
MGC ALERT 2014-001
– Original release date: January 12, 2014
– Last revised: November 12, 2014
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
Blind SQL Injection in Piwigo <= v2.6.0

II. BACKGROUND
————————-
Piwigo is a web application management photo albums,…

PayPal Inc Bug Bounty #88 – Filter Bypass & Arbitrary Code Execution Vulnerability

Posted by Vulnerability Lab on Nov 12

Document Title:
===============
PayPal Inc Bug Bounty- Filter Bypass & Arbitrary Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=936

Video: http://www.vulnerability-lab.com/get_content.php?id=1275

Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2014/11/05/paypal-inc-fixed-filter-bypass-profile-code-execution-during-infrastructure

Release…

[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360

Posted by Pedro Ribeiro on Nov 09

Hi,

This is the 8th part of the ManageOwnage series. For previous parts see [1].

This time we have a file upload leading to remote code execution and a
blind SQL injection in ManageEngine OpManager, Social IT Plus and
IT360.
ManageEngine have released an emergency fix, see details in the
advisory below. The proper fixed version will be 11.5, which will come
out at the end of the year.

I had already released a Metasploit exploit for RCE back in…

IP.Board <= 3.4.7 SQL Injection

Posted by secthrowaway on Nov 09

IP.Board version 3.4.7 (latest) suffers from a SQL injection vulnerability.

Working PoC is attached.
#!/usr/bin/env python
# Sunday, November 09, 2014 – secthrowaway () safe-mail net
# IP.Board <= 3.4.7 SQLi (blind, error based);
# you can adapt to other types of blind injection if ‘cache/sql_error_latest.cgi’ is unreadable

url = ‘http://target.tld/forum/&apos;
ua = “Mozilla/5.0 (Windows NT 6.2; WOW64)…

IL and CSRF vulnerabilities in D-Link DAP-1360

Posted by MustLive on Nov 09

Hello list!

There are Information Leakage and Cross-Site Request Forgery vulnerabilities
in D-Link DAP-1360 (Wi-Fi Access Point and Router).

————————-
Affected products:
————————-

Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be vulnerable.

D-Link will fix these vulnerabilities in the next version of firmware (will
be released in November),…

[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro

Posted by Pedro Ribeiro on Nov 09

Hi,

This is part 7 of the ManageOwnage series. For previous parts, see [1].

Today we have a blind SQL injection in Password Manager Pro (PMP) that
can be abused to escalate privileges for a low privileged user (like a
guest) to the “super administrator”. Using our new powers we can then
dump the whole password database in cleartext.

Unlike in part 6, this time ManageEngine have been responsible and
released an update. It actually…

PayPal Inc BugBounty #107 MultiOrder Shipping (API) – Persistent History Vulnerability

Posted by Vulnerability Lab on Nov 07

Document Title:
===============
PayPal Inc BugBounty #107 MultiOrder Shipping (API) – Persistent History Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1048

PayPal Security UID: dq115aYq

Release Date:
=============
2014-10-27

Vulnerability Laboratory ID (VL-ID):
====================================
1048

Common Vulnerability Scoring System:
====================================
4…