Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component – XXE vulnerability

Posted by ERPScan inc on Jul 15

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA UDDI component – XXE vulnerability

Advisory ID: [ERPSCAN-16-020]

Risk:…

Full Disclosure

[ERPSCAN-16-019] SAP NetWeaver Enqueue Server – DoS vulnerability

Posted by ERPScan inc on Jul 15

Application: SAP NetWeaver Enqueue Server

Versions Affected: SAP NetWeaver Enqueue Server 7.4

Vendor URL: http://SAP.com

Bug: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2258784

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver Enqueue Server – DoS vulnerability

Advisory ID:…

Full Disclosure

Cross-Site Scripting vulnerability in Google Forms WordPress Plugin

Posted by Summer of Pwnage on Jul 13

————————————————————————
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
————————————————————————
Yorick Koster, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the…

Full Disclosure

Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin

Posted by Summer of Pwnage on Jul 13

————————————————————————
Cross-Site Scripting vulnerability in WP No External Links WordPress
Plugin
————————————————————————
Yorick Koster, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found…

Full Disclosure

Cross-Site Scripting vulnerability in Top 10 – Popular posts plugin for WordPress

Posted by Summer of Pwnage on Jul 13

————————————————————————
Cross-Site Scripting vulnerability in Top 10 – Popular posts plugin for
WordPress
————————————————————————
Yorick Koster, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was…

Full Disclosure

Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin

Posted by Summer of Pwnage on Jul 13

————————————————————————
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin
————————————————————————
Yorick Koster, July 2016

————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in…

Full Disclosure

[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting

Posted by Julien Ahrens on Jul 12

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N)
CVE: CVE-2016-5005

2. CREDITS
==========
This vulnerability was discovered and researched by…

Full Disclosure

[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries

Posted by Julien Ahrens on Jul 12

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
CVE: CVE-2016-4469

2. CREDITS
==========
This vulnerability was discovered and researched…

Full Disclosure

WSO2 SOA Enablement Server – Reflected Cross Site Scripting vulnerability

Posted by Paweł Gocyla on Jul 12

Title: WSO2 SOA Enablement Server – Reflected Cross Site Scripting
Authors: Pawel Gocyla
Date: 08. June 2016

Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Vulnerability:
**************

Reflected Cross Site Scripting:
==============================

Proof of Concept:
https://WSO2SOA_IP:6443/invocationConsole?p.wsdlUrl=