Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

[RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting

Posted by Julien Ahrens on Aug 24

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AlienVault USM/OSSIM
Vendor URL: www.alienvault.com
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-05-24
Date published: 2016-08-23
CVSSv3 Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2016-6913

2. CREDITS
==========
This vulnerability was discovered and researched by Julien…

Full Disclosure

Dotclear 2.9.1 SSRF/XSPA Vulnerability

Posted by gen type on Aug 24

#################################
Dotclear 2.9.1 SSRF/XSPA Vulnerability
#################################

[+] Software: https://dotclear.org/
[+] Author: Wiswat Aswamenakul
[+] Affected version: only tested on 2.9.1 (previous version might be
affected)
[+] Platform: tested on Ubuntu 14.04, PHP 5.5.9
[+] Description
Dotclear has a feature to import blog content through RSS feed.
Authenticated users could have access to this feature. The feature…

Full Disclosure

Dotclear 2.9.1 Directory Download Vulnerability

Posted by gen type on Aug 24

######################################
Dotclear 2.9.1 Directory Download Vulnerability
######################################

[+] Software: https://dotclear.org/
[+] Author: Wiswat Aswamenakul
[+] Affected version: only tested on 2.9.1 (previous version might be
affected)
[+] Platform: tested on Ubuntu 14.04, PHP 5.5.9
[+] Description
Authenticated users with media manager access permission are allowed to
download media directories in zip file…

Full Disclosure

Fortinet Product Series Vulnerabilities – CVE-2016-3196 CVE-2016-3195 CVE-2016-3194 & CVE-2016-3193

Posted by Vulnerability Lab on Aug 24

FortiGuard Fortinet – Security Bulletins:
http://fortiguard.com/advisory/forticloud-cross-site-script-persistent-web-vulnerabilities
http://fortiguard.com/advisory/fortivoice-5-0-filter-bypass-persistent-web-vulnerabilities
http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1
http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability

Full Disclosure

Re: Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write

Posted by Onapsis Research on Aug 22

Correcting timeline:

7. Report Timeline
==================
– – 03/21/2015: Onapsis provides vulnerability information to SAP AG.
– – 04/14/2015: SAP reports fix is In Process.
– – 10/13/2015: SAP releases SAP Security Note 2203591 fixing the
vulnerability.
– – 07/20/2016: Onapsis Releases Security Advisory.

2016-08-19 11:53 GMT-03:00 Onapsis Research :

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Onapsis Security Advisory…

Full Disclosure

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

Posted by Florian Bogner on Aug 22

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

Metadata
===================================================
Release Date: 17-08-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to ownCloud’s Desktop client version 2.2.2
Tested on: Windows 7 64 bit
CVE : pending
URL: https://bogner.sh/2016/08/horizontal-privilege-escalation-in-ownclouds-windows-client/

Full Disclosure

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT

Posted by Mevied, Matias on Aug 22

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information
disclosure in EXPORT

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could access business
information indexed by the SAP system.

Risk Level: Low

2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security Advisory ID: ONAPSIS-2016-038
– Onapsis SVS ID: ONAPSIS-00235
– CVE:…

Full Disclosure

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

Posted by Justin Bull on Aug 22

Good evening everyone,

A security bulletin for all of you.

Software:
——–
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
———-
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
—————
1.2.0 – 4.1.0 (all versions but latest patch supporting token revocation)

Fixed Versions:
————-
4.2.0 or apply this commit[0]

Problem:
——–
Doorkeeper failed to implement OAuth…