Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

CSRF/stored XSS in WordPress Firewall 2 allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)

Leave a comment

Posted by dxw Security on Apr 06

Details
================
Software: WordPress Firewall 2
Version: 1.3
Homepage: https://wordpress.org/plugins/wordpress-firewall-2/
Advisory report:
https://security.dxw.com/advisories/csrfstored-xss-in-wordpress-firewall-2-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description
================
CSRF/stored XSS in WordPress Firewall 2 allows…

Full Disclosure

APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android

Leave a comment

Posted by Apple Product Security on Apr 06

APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android

Apple Music 2.0 for Android is now available and addresses the
following:

Apple Music
Available for: Android version 4.3 or later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A certificate validation issue existed in Apple Music
for Android. This issue was addressed through improved certificate
validation.
CVE-2017-2387: David…

Full Disclosure

QNAP QTS multiple RCE vulnerabilities (CVE-2017-6361, CVE-2017-6360, CVE-2017-6359)

Leave a comment

Posted by Harry Sintonen on Apr 06

QNAP QTS multiple RCE vulnerabilities
=====================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt

Overview
——–

QNAP QTS firmware contains multiple Command Injection (CWE-77)
vulnerabilities that can be exploited to gain remote command execution
on the devices.

Description
———–

QNAP QTS web user interface CGI binaries include…

Full Disclosure

Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload

Leave a comment

Posted by hyp3rlinx on Apr 06

[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt
[+] ISR: APPARITIONSEC

Vendor:
==================
www.spiceworks.com

Product:
=================
Spiceworks – 7.5

Provides network inventory and monitoring of all the devices on the network
by discovering IP-addressable devices.
It can be configured to provide…

Full Disclosure

Moodle URL Manipulation Remote Account Information Disclosure

Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-information-disclosure.html

Date:
04-Apr-2017

Product:
Moodle

Versions affected:
2.4.10, 2.5.6, 2.6.3, 2.7 and earlier.

Vulnerability:
Information disclosure.

Example:
/user/edit.php?id= reveals account owner name

1. Log in to http://demo.moodle.net/ as user student:sandbox.
2. Click view profile when logged in (student is id=4).
3. Change id parameter from 4 to 3, which…

Full Disclosure

iPlatinum iOneView Multiple Parameter Reflected XSS

Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-reflected-xss.html

Date:
04-Apr-2017

Product:
iPlatinum iOneView

Versions affected:
Unknown.

Vulnerabilities:

1) Cross-site scripting:

http://[target]/ioneview/admin/main.pl?cmd=<script>alert(document.cookie)</script>
http://[target]/ioneview/admin/main.pl?_username=&quot;><script>alert(document.cookie)</script>…

Full Disclosure

Kaseya information disclosure vulnerability

Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerability.html

Date:
04-Apr-2017

Product:
Kaseya VSA

Versions affected:
9.02.00.04

Vulnerability:

Installations of Kaseya contain the following installation page:
https://[target]/install/kaseya.html

When the product is installed, it cannot be installed again. However,
if you go to that page when it is installed, it reveals sensitive
information to the internet at large,…

Full Disclosure

AcoraCMS browser redirect and Cross-site scripting vulnerabilities

Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/acoracms-browser-redirect-and-cross-site-scripting-vulnerabilities.html

Date:
04-Apr-2017

Product:
AcoraCMS

Versions affected:
7.0.0.6 (known bugs from 6.0.6 are still present
http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt).

Vulnerabilities:
1) Arbitrary browser redirect:

POST /forums/login.asp HTTP/1.1
Host: [target]
Content-Type: application/x-www-form-urlencoded
Content-Length: 70…

Full Disclosure

SmartJobBoard – Cross-site scripting, personal information disclosure and PHPMailer package

Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/smartjobboard—cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html

Date:
04-Apr-2017

Product:
SmartJobBoard

Versions affected:
v5.0.9 and below.

Vulnerability:

1) Cross-site scripting vulnerabilities in the following locations and
parameters:

/add-listing/ [proceed_to_posting parameter]
/add-listing/ [productSID parameter]
/add-listing/Resume/General/ [productSID parameter]…