Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Yourls XSS Stored

Leave a comment

Posted by Alvaro Diaz on Oct 25

Hello, I found a xss stored vulnerability in Yourls 1.7 script (latest
version).

The attacker can steal the admin’s cookies and login in the admin panel.

Note: Only the admin can see this.

Steps to perform the vulnerability:

1. Create a new url to shorten –> In the inputs you need write this
payload –> anything”><img src=x onerror=prompt(1)>*

* Javascript code to inject.

2. Click in the button “Shorten”…

Full Disclosure

NoSuchCon 2014 – Schedule

Leave a comment

Posted by NoSuchCon on Oct 24

————————————————————–
NoSuchCon 2014 – the bullshit-free conference

November 19-21 2014
Espace Niemeyer, Paris (France)
www.nosuchcon.org

Schedule: http://www.nosuchcon.org/#schedule
Registration: http://www.nosuchcon.org/#registration

NoSuchCon 2014 schedule has been published, go register while it’s not
too late!

-=- Wednesday, November 19 -=-

* Keynote: Program Synthesis in Reverse Engineering…

Full Disclosure

iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries

Leave a comment

Posted by Stefan Kanthak on Oct 24

Hi @ll,

the just released iTunes 12.0.1 for Windows still (cf.
<http://seclists.org/fulldisclosure/2014/Jul/30>) comes
with COMPLETELY outdated and VULNERAEBLE 3rd party libraries
(as part of AppleMobileDeviceSupport.msi):

* libeay32.dll and ssleay32.dll 0.9.8d

are more than SEVEN years old and have at least 27 unfixed CVEs!

* libcurl.dll 7.16.2

is more than SEVEN years old and has at least 18 unfixed CVEs!
the current version…

Full Disclosure

Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1

Leave a comment

Posted by Stefan Kanthak on Oct 24

Hi @ll,

the just released QuickTime 7.7.6 and iTunes 12.0.1 for Windows still
have quite some of the beginners errors I documented in
<http://seclists.org/fulldisclosure/2014/Aug/33> and
<http://seclists.org/fulldisclosure/2014/Aug/44>

QuickTime 7.7.6:

[HKEY_LOCAL_MACHINESOFTWAREClientsMediaQuickTimeshellopencommand]
@=”C:\Program Files\QuickTime\QuickTimePlayer.exe”

iTunes 12.0.1:…

Full Disclosure

Re: Mulesoft ESB Authenticated Privilege Escalation

Leave a comment

Posted by Barak Engel on Oct 24

Thank you Brandon Perry for finding this vulnerability.

We would like to make a correction to the disclosure – this issue
affects only the Mule Enterprise Management Console (MMC) used by some
customer administrators to manage Mule ESB runtimes, and not the Mule
ESB runtime itself. MMC is typically deployed in a secure network
segment, accessible only to trusted users. Therefore, under normal
conditions, this exploit would originate from an…

Full Disclosure

[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness

Leave a comment

Posted by Egidio Romano on Oct 23

—————————————————————-
TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
—————————————————————-

[-] Software Link:

http://testlink.org/

[-] Affected Versions:

Version 1.9.12 and prior versions.

[-] Weakness Description:

The vulnerable code is located in the /lib/functions/database.class.php script:

208….

Full Disclosure

[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability

Leave a comment

Posted by Egidio Romano on Oct 23

————————————————————————–
TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
————————————————————————–

[-] Software Link:

http://testlink.org/

[-] Affected Versions:

Version 1.9.12 and prior versions.

[-] Weakness Description:

The vulnerable code is located in the /lib/execute/execSetResults.php script:

428….

Full Disclosure

CVE-2014-7180 – ElectricCommander Local Privilege Escalation

Leave a comment

Posted by Sean Wright on Oct 23

Classification: //Dell SecureWorks/Confidential – Limited External
Distribution:

############################################################################
######
# * Title: ElectricCommander Local Privilege Escalation
# * Advisory ID: SWRX-2014-010
# * Advisory
URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-20
14-010/
# * Date published: Wednesday, October 22, 2014
# * CVE: CVE-2014-7180
# * CVSS v2 base…

Full Disclosure

File Manager v4.2.10 iOS – Code Execution Vulnerability

Leave a comment

Posted by Vulnerability Lab on Oct 23

Document Title:
===============
File Manager v4.2.10 iOS – Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1343

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1343

Common Vulnerability Scoring System:
====================================
9

Product & Service Introduction:…

Full Disclosure

Dell SonicWall GMS v7.2.x – Persistent Web Vulnerability

Leave a comment

Posted by Vulnerability Lab on Oct 23

Document Title:
===============
Dell SonicWall GMS v7.2.x – Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1222

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1222

Common Vulnerability Scoring System:
====================================
3

Product & Service Introduction:…