Posted by DefenseCode on Apr 04
DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal
Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language: Java
Version: 7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
Release Date: 2017-04-04
Risk: Medium
Full Advisory URL:…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-information-disclosure.html
Date:
04-Apr-2017
Product:
Moodle
Versions affected:
2.4.10, 2.5.6, 2.6.3, 2.7 and earlier.
Vulnerability:
Information disclosure.
Example:
/user/edit.php?id= reveals account owner name
1. Log in to http://demo.moodle.net/ as user student:sandbox.
2. Click view profile when logged in (student is id=4).
3. Change id parameter from 4 to 3, which…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-reflected-xss.html
Date:
04-Apr-2017
Product:
iPlatinum iOneView
Versions affected:
Unknown.
Vulnerabilities:
1) Cross-site scripting:
http://[target]/ioneview/admin/main.pl?cmd= <script>alert(document.cookie)</script>http://[target]/ioneview/admin/main.pl?_username=" ;><script>alert(document.cookie)</script>…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerability.html
Date:
04-Apr-2017
Product:
Kaseya VSA
Versions affected:
9.02.00.04
Vulnerability:
Installations of Kaseya contain the following installation page:https://[target]/install/kaseya.html
When the product is installed, it cannot be installed again. However,
if you go to that page when it is installed, it reveals sensitive
information to the internet at large,…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeration-and-bruteforce-weakness.html
Date:
04-Apr-2017
Software:
Kaseya
Affected version:
Kaseya VSA v6.5.0.0.
Vulnerability details:
1. The “forgot password” function at https://[target]/access/logon.asp
reveals whether a username is valid/exists or not, which assists with
brute force attacks. An incorrect username responds with “No record of
this user exists”,…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-code-execution.html
Date:
09-Nov-2012
Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)
Vulnerability:
Local File Inclusion to Remote Code Execution
Details:
There is local file inclusion vulnerability in
the Lotus Mail Encryption Server (Protector for Mail Encryption)
administration setup interface. The index.php file uses an unsafe include()
where an…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_loginowneridjsp-ownerid-sql-injection.html
Date:
04-Apr-2017
Product:
Avaya Radvision SCOPIA Desktop
Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)
Vulnerability:
Blind SQL injection.
Vulnerability details:
The vulnerability exists within a HTTP POST request to gain access to
stored recordings.
Example:
POST…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html
Date:
04-Apr-2017
Product:
AirWatch Self Service MDM
Versions affected:
v6.1.x
v6.4.x
Vulnerability:
LDAP injection
Example:https://[target]/DeviceManagement/ URL accepts the following
POST parameters:
AuthenticationMode
ActivationCode
Username
Password
Login
The ‘Username’ parameter appears to be vulnerable to an LDAP injection…
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workplace-management-system-xml-external-entity-xxe-injection-file-disclosure.html
Date:
04-Apr-2017
Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)
Versions affected:
9.x
Vulnerability:
XML External Entity injection (XXE)
Example:
There is an XXE in services such as:
https://[target]/services/WSFUNCTION https://[target]/services/WSGRID …
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/inchoo-facebook-connect-extension-for-magento-parameter-xss.html
Date:
04-Apr-2017
Product:
Inchoo Facebook Connect (Magento Plugin)
Vulnerability:
Reflected cross-site scripting.
Details:
Within ./app/code/community/Inchoo/Facebook/Block/Channel.php
return ‘<script src=”‘.($this->isSecure() ? ‘https://&apos ; :
‘http://&apos …
Posts navigation
Software and Security Information