Full Disclosure
Posted by dxw Security on Apr 06
Details
================
Software: WordPress Firewall 2
Version: 1.3
Homepage: https://wordpress.org/plugins/wordpress-firewall-2/
Advisory report:
https://security.dxw.com/advisories/csrfstored-xss-in-wordpress-firewall-2-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
CSRF/stored XSS in WordPress Firewall 2 allows…
Posted by Apple Product Security on Apr 06
APPLE-SA-2017-04-04-1 Apple Music 2.0 for Android
Apple Music 2.0 for Android is now available and addresses the
following:
Apple Music
Available for: Android version 4.3 or later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A certificate validation issue existed in Apple Music
for Android. This issue was addressed through improved certificate
validation.
CVE-2017-2387: David…
Posted by Harry Sintonen on Apr 06
QNAP QTS multiple RCE vulnerabilities
=====================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt
Overview
——–
QNAP QTS firmware contains multiple Command Injection (CWE-77)
vulnerabilities that can be exploited to gain remote command execution
on the devices.
Description
———–
QNAP QTS web user interface CGI binaries include…
Posted by David Coomber on Apr 06
Apple Music Android Application – MITM SSL Certificate Vulnerability
(CVE-2017-2387)
Posted by hyp3rlinx on Apr 06
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt
[+] ISR: APPARITIONSEC
Vendor:
==================
www.spiceworks.com
Product:
=================
Spiceworks – 7.5
Provides network inventory and monitoring of all the devices on the network
by discovering IP-addressable devices.
It can be configured to provide…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
SmartJobBoard
Versions affected:
v5.0.9 and below.
Vulnerability:
1) Cross-site scripting vulnerabilities in the following locations and
parameters:
/add-listing/ [proceed_to_posting parameter]
/add-listing/ [productSID parameter]
/add-listing/Resume/General/ [productSID parameter]…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/silverstripe-cms—path-disclosure.html
Date:
04-Apr-2017
Product:
SilverStripe CMS
Versions affected:
3.1.9 and below.
Vulnerability:
Path disclosure.
Example URL:
http://[target]/dev/build/
Path reported:
/home/[target]/public_html/framework/dev/DebugView.php
https://www.silverstripe.org/download/security-releases/ss-2015-001/
Credit:
Discovered by Patrick Webster
Disclosure timeline:
07-Nov-2015 -…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Tweek!DM Document Management
Versions affected:
Unknown
Vulnerabilities:
1) Authentication bypass – the software sends a 301 Location redirect
back to the login page, if an unauthenticated user requests an
authenticated administration page. However on the PHP side the script
does not exit(0); therefore…
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Computer Associates (Layer7) API Gateway
Versions affected:
v7, v8, v9
Vulnerabilities:
1) CRLF Response Splitting
https://[target]:8443/test%0d%0a<h1>string?wsdl
Parameters uri=’/test
<h1>string’ did not resolve to any service….
Posted by DefenseCode on Apr 04
DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal
Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language: Java
Version: 7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
Release Date: 2017-04-04
Risk: Medium
Full Advisory URL:…