Full Disclosure
Posted by Tobias Glemser on Feb 01
secuvera-SA-2017-02: Reflected XSS and Open Redirect in MailStore Server
Affected Products
MailStore Server Version 10.0.1.12148 was tested
according to the vendor:
– MailStore 9.2 to 10.0.1 is affected by the Reflected XSS Vulnerability
– Mailstore 9.0 to 10.0.1 is affected by the Open Redirect Vulnerability
References
https://www.secuvera.de/advisories/secuvera-SA-2017-02.txt
CWE-79…
Posted by MustLive on Feb 01
Hello list!
There is Cross-Site Scripting vulnerability in Bitrix Site Manager.
————————-
Affected products:
————————-
Vulnerable was the last version of Bitrix Site Manager at 12.06.2015, when I
found this vulnerability on web site of Russian terrorists. At that time I
wrote at Facebook about hack by Ukrainian Cyber Forces of that site
http://on.fb.me/1H05ccm and published results of our work with it.
You…
Posted by bashis on Feb 01
[STX]
Subject: QNAP NVR/NAS Heap / Stack / Heap Feng Shui overflow, and “Heack Combo” to pwn
Researcher: bashis <mcw noemail eu> (January 2017)
Release date: February 1, 2017
Device Model: QNAP VioStor NVR, QNAP NAS, Fujitsu Celvin NAS (May be additional re-branded)
Attack Vector: Remote
Attack Models:
1. Classic Heap Overflows
2. Classic Stack Overflow
3. Heap Feng Shui Overflow
4. “Heack Combo” (Heap / Stack…
Posted by Kacper Szurek on Feb 01
# Exploit Title: Viscosity for Windows 1.6.7 Privilege Escalation
# Date: 31.01.2017
# Software Link: https://www.sparklabs.com/
# Exploit Author: Kacper Szurek
# Contact: https://twitter.com/KacperSzurek
# Website: https://security.szurek.pl/
# Category: local
1. Description
It is possible to execute openvpn with custom dll as SYSTEM using
ViscosityService because path is not correctly validated….
Posted by Estación Informática on Feb 01
*Description:*
URL: mysite.com/forum/away.php?s=
Affected Component: /forum/away.php?s=
*Vulnerability Type:*
Vulnerability Open Redirect https://cwe.mitre.org/data/definitions/601.html
*Vendor of Product: *
LogicBoard CMS
*Version: *
3.0, 4.0, 4.1
*Attack Type: *
Remote
*Impact:*
A web application accepts a user-controlled input that specifies a link to
an external site, and uses that link in a Redirect. This simplifies
phishing attacks….
Posted by Stefan Kanthak on Jan 31
Hi @ll,
Heimdal.SetupLauncher.exe, available from
<https://heimdalprodstorage.blob.core.windows.net/setup/Heimdal.SetupLauncher.exe>
is (surprise.-) vulnerable to DLL hijacking: it loads (at least)
WINSPOOL.DRV from its “application directory” instead Windows
“system directory”.
For downloaded applications like Heimdal.SetupLauncher.exe the
“application directory” is Windows’ “Downloads”…
Posted by Netgear Security on Jan 31
Hello Pedro,
We have noted the CVEs within our internal records and will update the kb accordingly. Thank you for letting us know.
If you have time, are you able to verify the firmware remediates the vulnerability? Thank you for taking the time to
continue to research this vulnerability. We appreciate all of the hard work you have put in to make Netgear’s products
more secure for everyone.
NETGEAR’s mission is to be the innovative…
Posted by Matteo Beccati on Jan 31
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2017-001
========================================================================
http://www.revive-adserver.com/security/revive-sa-2017-001
========================================================================
CVE-IDs: TBA
Date: 2017-01-31
Risk Level: High…
Posted by hyp3rlinx on Jan 31
[+]#########################################################
####################################
[+] Credits / Discovery: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-
FILE-DOWNLOAD.txt
[+] ISR: ApparitionSEC
[+]#########################################################
####################################
Vendor:
============
pear.php.net
Product:…
Posted by Jens Müller on Jan 30
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 3 of 6 of the `Hacking Printers’ series. Each advisory
discusses multiple issues of the same category. This post is about
abusing Brother’s proprietary PJL extensions to dump the printers NVRAM
and gain access to interesting stuff like passwords. The attack can be
performed by anyone…