Full Disclosure
Posted by Vulnerability Lab on Oct 04
Document Title:
===============
Aura Video Converter v1.6.3 – DLL Hijacking Exploit
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1965
Release Date:
=============
2016-10-04
Vulnerability Laboratory ID (VL-ID):
====================================
1965
Common Vulnerability Scoring System:
====================================
4.3
Product & Service Introduction:…
Posted by Tim Schughart on Oct 03
Hi Carlos,
you are correct that mongo is bound to 127.0.0.1 only. But you are able to get it remote if you are using the Unify
Controller Software.
So the db gets tunneled to your device.
Test environment:
1. I have configured the AP to our network.
2. I have removed every piece of software for configuring the ap.
3. I have installed the Unify Manager (for Mac 5.2.7.)
4. I’m able to connect to the database via 127.0.0.1
Network…
Posted by Carlos Silva on Oct 03
Hi Tim!
I can be missing something here but I just checked this on a fresh
installed Unifi Controller and mongod is binding to localhost making this a
non-issue. Or, you have to get a remote shell first before you can get a
connection to the DB. Am I missing something?
Thanks,
Carlos Silva
Posted by Román Ramírez Giménez on Oct 03
Hello all:
RootedCON, the biggest security event in Spain and one of the biggest in Europe is opening in Hong Kong this year
(November, 17-18).
Here you can find attached the Call-for-papers text for your convenience.
The main topics for this edition are Security in general, IoT and Fintech. Join us in Hong Kong!
Thanks!
______ _ _ _ _ _ __ ____ ___ _ __
/ / _ ___ ___ | |_ ___ __| | | | | |/ /…
Posted by Matías Mevied on Oct 03
Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-042
– Onapsis SVS ID: ONAPSIS-00251
-…
Posted by Gregory Sloop on Oct 03
So, while I’ve not attempted to reproduce the “exploit”* POC below, I have some observations/questions.
The exploit, if I’m reading things correctly depends on MongoDB being configured to accept remote database connections.
Yet, at least on Ubuntu [the vendor recommended Linux distro], it’s only configured to accept connections from
127.0.0.1. [bind_ip = 127.0.0.1]
So, it’s not a remote exploit – in at least…
Posted by Dawid Golunski on Oct 03
CVE: CVE-2016-1240
Vulnerability: Tomcat packaging on Debian-based distros – Local Root
Privilege Escalation
Affected packages: Tomcat 6/7/8 deb packages (up to 8.0.36-2)
Systems affected: Debian & Ubuntu & possibly others (using the
affected deb packages)
Discovered by:
Dawid Golunski (http://legalhackers.com)
Tomcat (6, 7, 8) packages provided by default repositories on Debian-based
distributions (including Debian, Ubuntu etc.)…
Posted by Onapsis Research on Oct 03
Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging
1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit logs, hiding his trails after an attack to a SAP
system.
Risk Level: High
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-036
– Onapsis SVS ID:…
Posted by Onapsis Research on Oct 03
Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-042
– Onapsis SVS ID: ONAPSIS-00251
-…
Posted by Onapsis Research on Oct 03
Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.
Risk Level: Critical
2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-043
– Onapsis SVS ID: ONAPSIS-00256
-…