Full Disclosure
Posted by Manuel Garcia Cardenas on Jun 01
=============================================
MGC ALERT 2016-004
– Original release date: May 28, 2016
– Last revised: June 1, 2016
– Discovered by: Manuel Garcia Cardenas
– Severity: 4,8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
Reflected XSS in CMSimple <= v4.6.2
II. BACKGROUND
————————-
CMSimple is a php based Content Managemant System (CMS) , which…
Posted by Bogner Florian on Jun 01
MitM Attack against KeePass 2’s Update Check
Metadata
===================================================
Release Date: 02-03-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: all tested version up to the current 2.33
Tested on: Windows 7
CVE : CVE-2016-5119
URL: https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Video: https://youtu.be/gOxcQSbpA-Q
Vulnerability Status:…
Posted by Francisco Amato on Jun 01
A brand new Faraday version is ready! Faraday v1.0.20 is here,
bringing more functionality to our GTK interface and other cool new
features.
If you’ve been keeping up with Faraday, on our last release
http://blog.infobytesec.com/2016/04/prepare-warm-welcome-for-faraday-v1019.html
we published a new experimental GTK interface. In this iteration we
added several missing features and fixed a lot of small bugs.
You will probably notice the…
Posted by Gökmen GÜREŞÇİ on Jun 01
Information
——————————
Advisory by ADEO Security Team
Name: Stored XSS and SQL Injection in Joomla SecurityCheck extension
Affected Software : SecurityCheck and SecurityCheck Pro
Vulnerable Versions: 2.8.9 (possibly below)
Vendor Homepage : https://securitycheck.protegetuordenador.com
Vulnerabilities Type : XSS and SQL Injection
Severity : High
Status : Fixed
Technical Details
——————————
PoC URLs for SQL…
Posted by Stefan Kanthak on Jun 01
Hi @ll,
a looong time ago Microsoft “addressed” a so called “blended”
threat: Internet Explorer loaded and executed DLLs placed on
the user’s desktop.
See <https://technet.microsoft.com/en-us/library/953818>
(titled “Blended Threat from Combined Attack Using Apple’s
Safari on the Windows Platform”) plus
<…
Posted by RedTeam Pentesting GmbH on May 31
Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager
may Lead to Remote Command Execution
A vulnerability within the Relay Ajax Directory Manager web application
allows unauthenticated attackers to upload arbitrary files to the web
server running the web application.
Details
=======
Product: Relay Ajax Directory Manager
Affected Versions: relayb01-071706, 1.5.1, 1.5.3 were tested, other
versions…
Posted by RedTeam Pentesting GmbH on May 31
Advisory: Websockify: Remote Code Execution via Buffer Overflow
RedTeam Pentesting discovered a buffer overflow vulnerability in the C
implementation of Websockify, which allows attackers to execute
arbitrary code.
Details
=======
Product: Websockify C implementation
Affected Versions: all versions <= 0.8.0
Fixed Versions: versions since commit 192ec6f (2016-04-22) [0]
Vulnerability Type: Buffer Overflow
Security Risk: high
Vendor URL:…
Posted by RedTeam Pentesting GmbH on May 31
Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor
Authenticated users who can create new HTTP XML/REST Value sensors in
PRTG Network Monitor can read local files on the PRTG host system via
XML external entity expansion.
Details
=======
Product: Paessler PRTG Network Monitor
Affected Versions: 14.4.12.3282
Fixed Versions: 16.2.23.3077/3078
Vulnerability Type: XML External Entity Expansion
Security Risk: medium
Vendor…
Posted by Peter Kok on May 26
Hi Ulisses,
The XSS found is a different one. The one mentioned on
https://github.com/nilsteampassnet/TeamPass/issues/1244 has a screenshot
where the XSS is inserted when creating a new role and by preventing the
javascript filters to execute. A new role can only be created by the
admin user. This XSS is also performed by inserting the <script> tag,
this tag does not work in the new found bug.
The new found
XSS(…
Posted by flanker on May 26
The Credit of this vulnerability is to
Qidan He (@flanker_hqd) from KeenLab(http://keenlab.tencent.com), Tencent.
——————
Sincerely
Qidan (a.k.a Flanker)
—————— Original ——————
From: “flanker”<i () flanker017 me>;
Date: Thu, May 26, 2016 03:27 PM
To: “fulldisclosure”<fulldisclosure () seclists org>;
Subject: CVE-2015-3854 Battery permission leakage in Android
Hi:…