Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)

Posted by dxw Security on Nov 18

Details
================
Software: Relevanssi Premium
Version: v1.14.4
Homepage: https://www.relevanssi.com/
Advisory report:
https://security.dxw.com/advisories/sql-injection-and-unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances/
CVE: Awaiting assignment
CVSS: 9 (High; AV:N/AC:L/Au:S/C:C/I:C/A:C)

Description
================
SQL injection and unserialization vulnerability in…

Full Disclosure

Unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)

Posted by dxw Security on Nov 18

Details
================
Software: Relevanssi Premium
Version: v1.14.4
Homepage: https://www.relevanssi.com/
Advisory report:
https://security.dxw.com/advisories/unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances/
CVE: Awaiting assignment
CVSS: 9 (High; AV:N/AC:L/Au:S/C:C/I:C/A:C)

Description
================
Unserialization vulnerability in Relevanssi Premium could allow…

Full Disclosure

Unserialisation in Post Indexer could allow man-in-the-middle to execute arbitrary code (in some circumstances) (WordPress plugin)

Posted by dxw Security on Nov 18

Details
================
Software: Post Indexer
Version: 3.0.6.1
Homepage: http://premium.wpmudev.org/project/post-indexer/
Advisory report:
https://security.dxw.com/advisories/unserialisation-in-post-indexer-could-allow-man-in-the-middle-to-execute-arbitrary-code-in-some-circumstances/
CVE: Awaiting assignment
CVSS: 7.6 (High; AV:N/AC:H/Au:N/C:C/I:C/A:C)

Description
================
Unserialisation in Post Indexer could allow man-in-the-middle…

Full Disclosure

SQL Injection in Post Indexer allows super admins to read the contents of the database (WordPress plugin)

Posted by dxw Security on Nov 18

Details
================
Software: Post Indexer
Version: 3.0.6.1
Homepage: http://premium.wpmudev.org/project/post-indexer/
Advisory report:
https://security.dxw.com/advisories/sql-injection-in-post-indexer-allows-super-admins-to-read-the-contents-of-the-database/
CVE: Awaiting assignment
CVSS: 4 (Medium; AV:N/AC:L/Au:S/C:P/I:N/A:N)

Description
================
SQL Injection in Post Indexer allows super admins to read the contents of the…

Full Disclosure

Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp

Posted by Larry W. Cashdollar on Nov 18

Title: Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp
Author: Larry W. Cashdollar, @_larry0
Date: 2016-10-01
Download Site: http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmware
Vendor: Teradata
Vendor Notified: 2016-10-01
Vendor Contact: web form contact
Description: Teradata is a relational database, they provide a Virtual Machine image for developers and…

Full Disclosure

/tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall

Posted by Larry W. Cashdollar on Nov 18

Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall
Author: Larry W. Cashdollar, @_larry0
Date: 2016-10-03
Download Site: http://downloads.teradata.com/download/tools/teradata-studio-express
Vendor: Teradata
Vendor Notified: 2016-10-03
Vendor Contact: web form contact
Description: Teradata Studio Express provides an information discovery tool that retrieves data from Teradata Database
systems and allows the…

Full Disclosure

[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability

Posted by ERPScan inc on Nov 18

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2280371

Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability…

Full Disclosure

[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET

Posted by ERPScan inc on Nov 18

Application: SAP NetWeaver AS ABAP

Versions Affected: SAP NetWeaver AS ABAP 7.4

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2312966

Author: Daria Prosochkina (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal
using READ DATASET…

Full Disclosure

FUDforum 3.0.6: LFI

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: FUDforum 3.0.6
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://fudforum.org/forum/
Vulnerability Type: LFI
Remote Exploitable: Yes
Reported to vendor: 04/11/2016
Disclosed to public: 11/10/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview

FUDforum is…

Full Disclosure

Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags

Posted by Curesec Research Team (CRT) on Nov 18

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Jaws 1.1.1
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://jaws-project.com/
Vulnerability Type: Object Injection, Open Redirect, Cookie Flags
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to public: 11/10/2016
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of…