Posted by secthrowaway on Nov 09
IP.Board version 3.4.7 (latest) suffers from a SQL injection vulnerability.
Working PoC is attached.
#!/usr/bin/env python
# Sunday, November 09, 2014 – secthrowaway () safe-mail net
# IP.Board <= 3.4.7 SQLi (blind, error based);
# you can adapt to other types of blind injection if ‘cache/sql_error_latest.cgi’ is unreadable
url = ‘http://target.tld/forum/'
ua = “Mozilla/5.0 (Windows NT 6.2; WOW64)…
Posted by Pedro Ribeiro on Nov 09
Hi,
This is part 7 of the ManageOwnage series. For previous parts, see [1].
Today we have a blind SQL injection in Password Manager Pro (PMP) that
can be abused to escalate privileges for a low privileged user (like a
guest) to the “super administrator”. Using our new powers we can then
dump the whole password database in cleartext.
Unlike in part 6, this time ManageEngine have been responsible and
released an update. It actually…
Posted by MustLive on Nov 09
Hello list!
There are Information Leakage and Cross-Site Request Forgery vulnerabilities
in D-Link DAP-1360 (Wi-Fi Access Point and Router).
————————-
Affected products:
————————-
Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be vulnerable.
D-Link will fix these vulnerabilities in the next version of firmware (will
be released in November),…
Resolved Bugs
838162 – CVE-2012-3381 sblim-sfcb: insecure LD_LIBRARY_PATH usage [epel-5]<br
Fix insecure LD_LIBRARY_PATH usage.
Apache Qpid’s qpidd versions 0.30 and below can be induced to make HTTP requests.
Another WordPress Classifieds plugin suffers from cross site scripting and remote SQL injection vulnerabilities.
IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.