Full Disclosure
Posted by hyp3rlinx on Apr 11
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec
Vendor:
============
www.moxa.com
Product:
===========
MXView v2.8
Download:
http://www.moxa.com/product/MXstudio.htm
MXview Industrial Network Management Software.
Auto discovery of network devices and physical connections
Event playback for quick…
Posted by Rewanth Cool on Apr 09
ASUSWRT is a wireless router operating system that powers many routers
produced by ASUS.
NSE scripts for CVE-2017-6547 ( XSS ) and CVE-2017-6549 ( Session stealing
) are developed for AsusWRT.
The script comes under “vuln”, “intrusive”, “exploit”, “dos” categories.
Failed attempts lead to dos attack.
There is a PR on #779 <https://github.com/nmap/nmap/pull/779> regarding the
both the latest…
Posted by Rewanth Cool on Apr 09
NSE Script for exploiting Directory traversal vulnerability in the Elegant
Themes Divi theme for WordPress.
It is marked under CVE-2015-1579.
Its patched for WordPress versions > 4.1.4
This script is under “vuln”, “intrusive” and “exploit” categories. So if
someone who scans the website using these modules it will disclose the
vulnerability to the end user.
There is a PR on #778 <…
Posted by Rewanth Cool on Apr 09
Hi,
I’m sorry, I was not aware of the FD group and I was sending all my work to
the developers group (dev () nmap org). So now, I’m forwarding all my
vulnerability detection and exploitation NSE scripts to this group.
I developed an NSE script for the most recently found vulnerability.
It exploits the Buffer Overflow vulnerability in Microsoft Internet
Information Services (IIS) 6.0 and Microsoft Windows Server 2003.
Its marked…
Posted by Rewanth Cool on Apr 09
NSE Script for CVE 2017-6527 which was released on 9th March, 2017.
Description:
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is
vulnerable to a NULL-terminated directory traversal attack allowing an
unauthenticated attacker to access system files readable by the web server
user (by using the viewAppletFsa.cgi seqID parameter).
There is a PR on #783 <https://github.com/nmap/nmap/pull/783> on the same.
Best regards,…
Posted by Wester 95 on Apr 09
Hi team,
I would like to request one CVE id for this, thank you!
Details
======
Software: s9y Serendipity
Version: 2.1-rc1
Homepage: https://docs.s9y.org/
=======
Description
================
stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations
===========
POC
==========
1.login as a common editor user
2.open a new entry ,then write:
<img src=1 onerror=alert(document.cookie)>…
Posted by Manuel Garcia Cardenas on Apr 09
=============================================
MGC ALERT 2017-003
– Original release date: April 06, 2017
– Last revised: April 10, 2017
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
WordPress Plugin Spider Event Calendar 1.5.51 – Blind SQL Injection
II. BACKGROUND
————————-
WordPress event calendar is a FREE…
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE id, thank you!
Details
======
Software: WordPress WHIZZ
Version: <1.1.1
Homepage: https://wordpress.org/plugins/whizz/
=======
Description
================
Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status
POC:
========
include in the page ,then attack will occur:
delete user:
<img
src=”…
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE ID with some issues of e107 CMS.
==========================
Title:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4
Author:Zhiyang Zeng
Product:
—————
e107 is a powerful website content management system designed for bootstrap v3 from http://e107.org/get-started
—————
Fix
—————
Fixed in git source code…
Posted by Ian Ling on Apr 07
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313
Vendor:
=================
http://www.dragonwaveinc.com/
Product:
======================
-DragonWave Horizon
Vulnerability Details:
=====================
DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface….