Full Disclosure
Posted by Gergely Eberhardt on Jul 25
Ubee EVW3226 modem/router multiple vulnerabilities
————————————————–
Platforms / Firmware confirmed affected:
– Ubee EVW3226, 1.0.20
– Product page: http://www.ubeeinteractive.com/products/cable/evw3226
Vulnerabilities
—————
Insecure session management
The web interface does not use cookies at all. If admin login is
successful, the IP address of the admin user is stored and everybody can
access the…
Posted by Gergely Eberhardt on Jul 25
UPC network problems
——————–
Platforms / Firmware confirmed affected:
– UPC Hungary network
Problems
——–
Network and device configuration problems
Administration password is sent to the device in plain in the
configuration file
Administration password, which is used also for the telnet service, is
sent in plain in the configuration file downloaded by the device via
TFTP from the location specified by the DHCP response. The…
Posted by Stefan Kanthak on Jul 25
Hi @ll,
Windows 7 introduced the “Deployment Image Servicing and Management”
tool DISM.exe; this command line program is called for example by
its predecessor PkgMgr.exe (a GUI program which requests elevated
privileges), or by Windows Update (which runs under SYSTEM account).
DISM.exe needs to be run with administrative privileges:
this condition is met in both cases named above.
When called with valid arguments, DISM.exe creates a…
Posted by Stefan Kanthak on Jul 25
Hi @ll,
this is a followup to “case 36” (posted as “case 35” by mistake),
<http://seclists.org/bugtraq/2016/Jul/82>.
Proof of concept #1:
~~~~~~~~~~~~~~~~~~~~
1. On a 64-bit edition of Windows download the 32-bit and 64-bit
executable installers “eclipse-inst-win32.exe” and
“eclipse-inst-win64.exe”, save them in an arbitrary directory.
2. Create the (empty) files…
Posted by SEC Consult Vulnerability Lab on Jul 25
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus (former Novell) Filr Appliance
vulnerable version: Filr 2 <=2.0.0.421, Filr 1.2 <= 1.2.0.846
fixed version: Filr 2 v2.0.0.465, Filr 1.2 v1.2.0.871
CVE number: CVE-2016-1607, CVE-2016-1608, CVE-2016-1609…
Posted by Summer of Pwnage on Jul 24
————————————————————————
Cross-Site Scripting in Code Snippets WordPress Plugin
————————————————————————
Burak Kelebek, July 2016
————————————————————————
Abstract
————————————————————————
A reflected Cross-Site Scripting (XSS) vulnerability has been found…
Posted by Summer of Pwnage on Jul 24
————————————————————————
Cross-Site Scripting in Contact Form to Email WordPress Plugin
————————————————————————
Burak Kelebek, July 2016
————————————————————————
Abstract
————————————————————————
A reflected Cross-Site Scripting (XSS) vulnerability has…
Posted by Summer of Pwnage on Jul 20
————————————————————————
Persistent Cross-Site Scripting in WooCommerce using image metadata
(EXIF)
————————————————————————
Han Sahin, July 2016
————————————————————————
Abstract
————————————————————————
A persistent Cross-Site Scripting (XSS)…
Posted by Summer of Pwnage on Jul 20
————————————————————————
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress
Plugin
————————————————————————
Burak Kelebek, July 2016
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found…
Posted by Summer of Pwnage on Jul 19
————————————————————————
Multiple SQL injection vulnerabilities in WordPress Video Player
————————————————————————
David Vaartjes & Yorick Koster, July 2016
————————————————————————
Abstract
————————————————————————
It was discovered that WordPress…