Category Archives: Full Disclosure

Full Disclosure

[CORE-2016-0006] – SAP CAR Multiple Vulnerabilities

August 10, 2016 007admin

Posted by CORE Advisories Team on Aug 10

1. Advisory Information

Title: SAP CAR Multiple Vulnerabilities
Advisory ID: CORE-2016-0006
Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
Date published: 2016-08-09
Date of last update: 2016-08-09
Vendors contacted: SAP
Release mode: Coordinated release

2. Vulnerability Information

Class: Unchecked Return Value [CWE-252], TOCTOU Race Condition [CWE-367]
Impact: Denial of service, Security bypass
Remotely…

Full Disclosure

SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform

August 10, 2016 007admin

Posted by SEC Consult Vulnerability Lab on Aug 10

SEC Consult Vulnerability Lab Security Advisory < 20160810-0 >
=======================================================================
title: Multiple vulnerabilities
product: LINE instant messenger platform
vulnerable version: before June 2016
fixed version: after June/July 2016
impact: removed (as per bounty program policy)
homepage: http://line.me/en/
found:…

Full Disclosure

Internet Explorer iframe sandbox local file name disclosure vulnerability

August 9, 2016 007admin

Posted by Securify B.V. on Aug 09

————————————————————————
Internet Explorer iframe sandbox local file name disclosure
vulnerability
————————————————————————
Yorick Koster, March 2016

————————————————————————
Abstract
————————————————————————
It was found that Internet Explorer allows the…

Full Disclosure

Nuke Evolution 2.0.9d – Multiple Client Side Cross Site Scripting Vulnerabilities

August 9, 2016 007admin

Posted by Vulnerability Lab on Aug 09

Document Title:
===============
Nuke Evolution 2.0.9d – Multiple Client Side Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1894

Release Date:
=============
2016-08-09

Vulnerability Laboratory ID (VL-ID):
====================================
1894

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:…

Full Disclosure

FortiVoice v5.0 – Filter Bypass & Persistent Validation Vulnerability

August 9, 2016 007admin

Posted by Vulnerability Lab on Aug 09

Document Title:
===============
FortiVoice v5.0 – Filter Bypass & Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1842

Fortinet PSIRT ID: 1737213

Release Notes: http://docs.fortinet.com/uploaded/files/3081/fortiVoiceenterprise-5.0.5-release%20notes.pdf

Release Date:
=============
2016-08-09

Vulnerability Laboratory ID (VL-ID):…

Full Disclosure

Facebook Bug Bounty #33 – Bypass ID user to linked Phone Number Vulnerability

August 9, 2016 007admin

Posted by Vulnerability Lab on Aug 09

Document Title:
===============
Facebook Bug Bounty #33 – Bypass ID user to linked Phone Number Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1896

Release Date:
=============
2016-08-08

Vulnerability Laboratory ID (VL-ID):
====================================
1896

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…

Full Disclosure

Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin

August 8, 2016 007admin

Posted by Summer of Pwnage on Aug 08

————————————————————————
Cross-Site Request Forgery vulnerability in Add From Server WordPress
Plugin
————————————————————————
Edwin Molenaar, July 2016

————————————————————————
Abstract
————————————————————————
It was discovered that Add From Server is…

Full Disclosure

phpCollab v2.5 CMS – SQL Injection Vulnerability

August 8, 2016 007admin

Posted by Vulnerability Lab on Aug 08

Document Title:
===============
phpCollab v2.5 CMS – SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1898

Release Date:
=============
2016-08-08

Vulnerability Laboratory ID (VL-ID):
====================================
1898

Common Vulnerability Scoring System:
====================================
6.6

Product & Service Introduction:
===============================…

Full Disclosure

Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

August 5, 2016 007admin

Posted by Pedro Ribeiro on Aug 05

Forgot to mention – these are actually “0 days” since the vendors didn’t
bother to respond or issue fixes – see timeline above.

Regards,
Pedro

Full Disclosure

Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

August 5, 2016 007admin

Posted by Pedro Ribeiro on Aug 05

tl;dr

Lots of RCE, hardcoded credentials, stack buffer overflow and
information disclosure in the Nuuo NVRmini and other network video
recorders of the same vendor.
These vulnerabilities also affect the NETGEAR Surveillance app (which
can be installed on the NETGEAR ReadyNAS).

See the full advisory including PoC and exploits below, or at my github
(https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt).

Metasploit…

007 Software

Category Archives: Full Disclosure

[CORE-2016-0006] – SAP CAR Multiple Vulnerabilities

SEC Consult SA-20160810-0 :: Multiple vulnerabilities in LINE instant messenger platform

Internet Explorer iframe sandbox local file name disclosure vulnerability

Nuke Evolution 2.0.9d – Multiple Client Side Cross Site Scripting Vulnerabilities

FortiVoice v5.0 – Filter Bypass & Persistent Validation Vulnerability

Facebook Bug Bounty #33 – Bypass ID user to linked Phone Number Vulnerability

Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin

phpCollab v2.5 CMS – SQL Injection Vulnerability

Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

Software and Security Information