Full Disclosure
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
SmartJobBoard
Versions affected:
v5.0.9 and below.
Vulnerability:
1) Cross-site scripting vulnerabilities in the following locations and
parameters:
/add-listing/ [proceed_to_posting parameter]
/add-listing/ [productSID parameter]
/add-listing/Resume/General/ [productSID parameter]…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/silverstripe-cms—path-disclosure.html
Date:
04-Apr-2017
Product:
SilverStripe CMS
Versions affected:
3.1.9 and below.
Vulnerability:
Path disclosure.
Example URL:
http://[target]/dev/build/
Path reported:
/home/[target]/public_html/framework/dev/DebugView.php
https://www.silverstripe.org/download/security-releases/ss-2015-001/
Credit:
Discovered by Patrick Webster
Disclosure timeline:
07-Nov-2015 -…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Tweek!DM Document Management
Versions affected:
Unknown
Vulnerabilities:
1) Authentication bypass – the software sends a 301 Location redirect
back to the login page, if an unauthenticated user requests an
authenticated administration page. However on the PHP side the script
does not exit(0); therefore…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Computer Associates (Layer7) API Gateway
Versions affected:
v7, v8, v9
Vulnerabilities:
1) CRLF Response Splitting
https://[target]:8443/test%0d%0a<h1>string?wsdl
Parameters uri=’/test
<h1>string’ did not resolve to any service….
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-code-execution.html
Date:
09-Nov-2012
Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)
Vulnerability:
Local File Inclusion to Remote Code Execution
Details:
There is local file inclusion vulnerability in
the Lotus Mail Encryption Server (Protector for Mail Encryption)
administration setup interface. The index.php file uses an unsafe include()
where an…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Avaya Radvision SCOPIA Desktop
Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)
Vulnerability:
Blind SQL injection.
Vulnerability details:
The vulnerability exists within a HTTP POST request to gain access to
stored recordings.
Example:
POST…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html
Date:
04-Apr-2017
Product:
AirWatch Self Service MDM
Versions affected:
v6.1.x
v6.4.x
Vulnerability:
LDAP injection
Example:
https://[target]/DeviceManagement/ URL accepts the following
POST parameters:
AuthenticationMode
ActivationCode
Username
Password
Login
The ‘Username’ parameter appears to be vulnerable to an LDAP injection…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)
Versions affected:
9.x
Vulnerability:
XML External Entity injection (XXE)
Example:
There is an XXE in services such as:
https://[target]/services/WSFUNCTION
https://[target]/services/WSGRID…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/inchoo-facebook-connect-extension-for-magento-parameter-xss.html
Date:
04-Apr-2017
Product:
Inchoo Facebook Connect (Magento Plugin)
Vulnerability:
Reflected cross-site scripting.
Details:
Within ./app/code/community/Inchoo/Facebook/Block/Channel.php
return ‘<script src=”‘.($this->isSecure() ? ‘https://' :
‘http://&apos…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Software:
Kaseya
Affected version:
Kaseya VSA v6.5.0.0.
Vulnerability details:
1. The “forgot password” function at https://[target]/access/logon.asp
reveals whether a username is valid/exists or not, which assists with
brute force attacks. An incorrect username responds with “No record of
this user exists”,…