Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)

Posted by David Vieira-Kurz on Apr 26

CREDITS

========

This issue has been identified by David Vieira-Kurz of Immobilien Scout GmbH.

CVE

====

CVE-2016-3109

AFFECTED PRODUCT

==================

Shopware < 5.1.5 : https://en.shopware.com/

IMPACT

=======

This issue has been triaged with the highest severity (CRITICAL) by the Shopware maintainer because it allows
unauthenticated remote code execution by any attacker! This means that an attacker is able to read ANY files on…

Full Disclosure

Sophos XG Firewall (SF01V) – Persistent Web Vulnerability

Posted by Vulnerability Lab on Apr 26

Document Title:
===============
Sophos XG Firewall (SF01V) – Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1734

ID: 5740075

Release Date:
=============
2016-04-25

Vulnerability Laboratory ID (VL-ID):
====================================
1734

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…

Full Disclosure

Trend Micro (Account) – Email Spoofing Web Vulnerability

Posted by Vulnerability Lab on Apr 26

Document Title:
===============
Trend Micro (Account) – Email Spoofing Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1693

Trend Micro ID: 1-1-1035655030

Release Date:
=============
2016-04-25

Vulnerability Laboratory ID (VL-ID):
====================================
1693

Common Vulnerability Scoring System:
====================================
4.6

Product & Service…

Full Disclosure

VoipNow v4.0.1 – (xajax_handler) Persistent Vulnerability

Posted by Vulnerability Lab on Apr 26

Document Title:
===============
VoipNow v4.0.1 – (xajax_handler) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1828

Release Date:
=============
2016-04-26

Vulnerability Laboratory ID (VL-ID):
====================================
1828

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:…

Full Disclosure

Negin Group CMS – (v) Multiple Web Vulnerabilities

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
Negin Group CMS – (v) Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1831

Release Date:
=============
2016-04-25

Vulnerability Laboratory ID (VL-ID):
====================================
1831

Common Vulnerability Scoring System:
====================================
7.1

Product & Service Introduction:
===============================…

Full Disclosure

Django CMS v3.2.3 – Filter Bypass & Persistent Vulnerability

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
Django CMS v3.2.3 – Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1820

Release Date:
=============
2016-04-19

Vulnerability Laboratory ID (VL-ID):
====================================
1820

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:…

Full Disclosure

Cyberoam Central Console v02.03.1 – Multiple Persistent Vulnerabilities

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
Cyberoam Central Console v02.03.1 – Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1721

Cyberoam Ticket ID: #1001314
Case ID: CCC-4208

Release Date:
=============
2016-04-18

Vulnerability Laboratory ID (VL-ID):
====================================
1721

Common Vulnerability Scoring System:
====================================
3.4…

Full Disclosure

UBNT Bug Bounty #2 – XML External Entity Vulnerability

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
UBNT Bug Bounty #2 – XML External Entity Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1466

Release Date:
=============
2016-04-14

Vulnerability Laboratory ID (VL-ID):
====================================
1466

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:…

Full Disclosure

Totemomail v4.x & v5.x – Filter Bypass & Persistent Vulnerability

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
Totemomail v4.x & v5.x – Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1769

Release Date:
=============
2016-04-08

Vulnerability Laboratory ID (VL-ID):
====================================
1769

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:…

Full Disclosure

C & C++ for OS – Filter Bypass & Persistent Vulnerability

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
C & C++ for OS – Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1825

Release Date:
=============
2016-04-14

Vulnerability Laboratory ID (VL-ID):
====================================
1825

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…