Full Disclosure
Posted by Vulnerability Lab on Sep 23
Document Title:
===============
DllHijackAuditor 3.5 – Stack Buffer Overflow Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1954
Release Date:
=============
2016-09-21
Vulnerability Laboratory ID (VL-ID):
====================================
1954
Common Vulnerability Scoring System:
====================================
6.3
Product & Service Introduction:…
Posted by SEC Consult Vulnerability Lab on Sep 22
SEC Consult has also released a blog post describing the attack scenarios
of the vulnerabilities within this advisory in detail and a video which
shows the remote attack. Exploit code has been developed as well but will
not be released for now.
Blog:
http://blog.sec-consult.com/2016/09/controlling-kerio-control-when-your.html
Video:
https://www.youtube.com/watch?v=y_OWz25sHMI
SEC Consult Vulnerability Lab Security Advisory < 20160922-0 >…
Posted by oststrom (public) on Sep 21
Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725
Version: 0.3
Date: Aug 31st, 2016
Tag: jsch recursive sftp get client-side windows path traversal
Overview
——–
Name: jsch
Vendor: jcraft
References: * http://www.jcraft.com/jsch/ [1]
Version: 0.1.53 [2]
Latest Version: 0.1.54 [2]
Other Versions: <= 0.1.53
Platform(s): windows
Technology: java
Vuln Classes:…
Posted by Fernando A. Lagos Berardi on Sep 21
[+] Description: Cross-Site Scripting vulnerability was found on WordPress
W3 Total Cache (w3tc) plugin.
[+] Plugin Version tested: <= 0.9.4.1 (latest)
[+] WordPress version tested: 4.0.0 – 4.6.1 (latest)
——————————
[+] Component: W3 Total Cache Admin (performance menu) -> Support -> Add
new ticket
[+] Variable: request_id
[+] Method: GET
——————————-
[+] Affected URL:…
Posted by Manuel Garcia Cardenas on Sep 20
=============================================
MGC ALERT 2016-005
– Original release date: September 09, 2016
– Last revised: September 20, 2016
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
– CVE-ID: CVE-2016-7400
=============================================
I. VULNERABILITY
————————-
Blind SQL Injection in Exponent CMS <= v2.3.9
II. BACKGROUND
————————-
Exponent CMS is a…
Posted by Blazej Adamczyk on Sep 20
Title: Joomla! session id not hashed
Author: Blazej Adamczyk (br0x)
Date: 2015-06-30
Download site: https://github.com/joomla/joomla-cms/releases/download/3.6.2/Joomla_3.6.2-Stable-Full_Package.zip
Version: 3.6.2 and below
Vendor: https://www.joomla.org/
Vendor Notified: 2016-09-20
Vendor Contact: https://www.joomla.org/
CVSS: 6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
Description:
The session_ids for all joomla users are stored in…
Posted by Vulnerability Lab on Sep 20
Title: Critical Vulnerabilities in the Sparkassen Newsletter, Emails &
Paydirect Online Service Web-Application
Source:
https://www.vulnerability-db.com/?q=articles/2016/09/06/critical-vulnerabilities-sparkassen-bank-server-discovered-researchers-0
Posted by Walter Hop on Sep 19
Unrestricted Upload/RCE in Neosense theme for WordPress
https://lifeforms.nl/20160919/unrestricted-upload-neosense <https://lifeforms.nl/20160919/unrestricted-upload-neosense>
Vulnerability:
Neosense is a WordPress theme by dynamicpress.
(https://themeforest.net/item/neosense-multipurpose-wordpress-theme/6363229
<https://themeforest.net/item/neosense-multipurpose-wordpress-theme/6363229>)
Neosense theme version 1.7 contains an…
Posted by Iraklis A. Mathiopoulos on Sep 19
ShoreTel Connect ONSITE Blind SQL Injection Vulnerability
=======================================================================
vulnerability type: Unauthenticated Blind SQL Injection
product: ShoreTel Connect ONSITE
vulnerable version: 20.xx.xxxx.x and 21.xx.xxxx.x up to 21.79.4311.0
fixed version: 21.79.9308.0
homepage:
https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview
discovery: 2016-07…
Posted by Hicham A. Tolimat on Sep 19
Oh hai o/
TL;DR:
This is not your usual full disclo delivery.
it’s a 4chan-style lampoon, or what we could call in French “un pamphlet
2.0″.
Excuse my French, Kudos for challenging/improving my English.
If you’re only interested in technicalities, this “vuln” can be written
down to:
“FB Search/AI Injection” using “English, M**, do you speak it?”
-> Insecure Direct Object Reference +…