Full Disclosure
Posted by Zach C on Jun 30
Part 9 of Broken, Abandoned, and Forgotten Code is up! In this part,
we fill out the ambit firmware header enough to satisfy upnpd’s loose
validation and have it write the image to flash. Additionally, we have
to binary patch upnpd to get it to play nicely in QEMU, since there’s
no physical flash memory in the emulator.
Here’s the link to part 9:
http://shadow-file.blogspot.com/2015/06/abandoned-part-09.html
Here was a mid-term…
Posted by Fran on Jun 30
I. VULNERABILITIES
————————-
1. Reflected XSS Attack vulnerability in Climatix BACnet/IP communication
module from Siemens
2. Unrestricted upload of files
II. BACKGROUND
————————-
BACnet/IP communication modules help to integrate controller types POL6XX
of the Climatix family into BACnet networks
III. DESCRIPTION
————————-
1. XSS,Has been detected Reflected XSS vulnerability…
Posted by Fernando Muñoz on Jun 30
TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions [1]
Vulnerability:
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn’t perform any check with the files. An attacker with
MITM capabilities (i.e., when user connects to a public wifi) could
override the Timedoctor subdomain and then execute custom binaries on
the machine where the…
Posted by Blazej Adamczyk on Jun 30
Title: ManageEngine Password Manager Pro SQL 8.1 Injection vulnerability
Author: Blazej Adamczyk (br0x)
Date: 2015-06-30
Download site: https://www.manageengine.com/products/passwordmanagerpro/download.html
Version: 8.1 and below
Vendor: https://www.manageengine.com/products/passwordmanagerpro/
Vendor Notified: 2015-06-30
Vendor Contact: passwordmanagerpro-support () manageengine com
Description:
An authenticated user (even the guest user) is…
Posted by MustLive on Jun 29
Hello list!
I’ll give you additional information concerning advisory Multiple high risk
vulnerabilities in NetIQ Access Manager
(http://securityvulns.ru/docs31510.html). There are five different
vulnerabilities in the advisory. For my attack it’s needed to use only one
vulnerability, XML External Entities Injection (XXE), to conduct attacks on
other web sites from target host.
————————-
Affected products:…
Posted by Oliver-Tobias Ripka on Jun 29
# Vuln Title: The CollabNet Subversion Edge Management Frontend does not
# implement clickjacking protection
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Clickjacking
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0
Timeline:
2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response…
Posted by Oliver-Tobias Ripka on Jun 29
# Vuln Title: The CollabNet Subversion Edge management frontend login page
# password field has autocomplete enabled
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive measures
#
# Risk: Low
# Status: public/fixed
# Fixed version: 5.0
#…
Posted by Oliver-Tobias Ripka on Jun 29
# Vuln Title: The CollabNet Subversion Edge does not protect against brute
# forcing accounts
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive measures
#
# Risk: Medium
# Status: public/fixed
# Fixed versions: 5.0
Timeline:
2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response…
Posted by Oliver-Tobias Ripka on Jun 29
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile “listViewItem” parameter of the “index” action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Local file inclusion
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0
Timeline:
2014-10-09 Flaw…
Posted by Oliver-Tobias Ripka on Jun 29
# Vuln Title: The CollabNet Subversion Edge management missing single login
# restriction
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: No single login restriction
#
# Risk: Low
# Status: public/unfixed
# Fixed version: –
Timeline:
2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response
2014-12-08…