Category Archives: Full Disclosure

Full Disclosure

Moodle URL Manipulation Remote Account Information Disclosure

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-information-disclosure.html

Date:
04-Apr-2017

Product:
Moodle

Versions affected:
2.4.10, 2.5.6, 2.6.3, 2.7 and earlier.

Vulnerability:
Information disclosure.

Example:
/user/edit.php?id= reveals account owner name

1. Log in to http://demo.moodle.net/ as user student:sandbox.
2. Click view profile when logged in (student is id=4).
3. Change id parameter from 4 to 3, which…

iPlatinum iOneView Multiple Parameter Reflected XSS

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-reflected-xss.html

Date:
04-Apr-2017

Product:
iPlatinum iOneView

Versions affected:
Unknown.

Vulnerabilities:

1) Cross-site scripting:

http://[target]/ioneview/admin/main.pl?cmd=<script>alert(document.cookie)</script>
http://[target]/ioneview/admin/main.pl?_username=&quot;><script>alert(document.cookie)</script>…

Kaseya information disclosure vulnerability

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerability.html

Date:
04-Apr-2017

Product:
Kaseya VSA

Versions affected:
9.02.00.04

Vulnerability:

Installations of Kaseya contain the following installation page:
https://[target]/install/kaseya.html

When the product is installed, it cannot be installed again. However,
if you go to that page when it is installed, it reveals sensitive
information to the internet at large,…

Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeration-and-bruteforce-weakness.html

Date:
04-Apr-2017

Software:
Kaseya

Affected version:
Kaseya VSA v6.5.0.0.

Vulnerability details:

1. The “forgot password” function at https://[target]/access/logon.asp
reveals whether a username is valid/exists or not, which assists with
brute force attacks. An incorrect username responds with “No record of
this user exists”,…

Lotus Protector for Mail Security remote code execution

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-code-execution.html

Date:
09-Nov-2012

Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)

Vulnerability:
Local File Inclusion to Remote Code Execution

Details:
There is local file inclusion vulnerability in
the Lotus Mail Encryption Server (Protector for Mail Encryption)
administration setup interface. The index.php file uses an unsafe include()
where an…

Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_loginowneridjsp-ownerid-sql-injection.html

Date:
04-Apr-2017

Product:
Avaya Radvision SCOPIA Desktop

Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)

Vulnerability:
Blind SQL injection.

Vulnerability details:
The vulnerability exists within a HTTP POST request to gain access to
stored recordings.

Example:

POST…

AirWatch Self Service Portal Username Parameter LDAP Injection

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html

Date:
04-Apr-2017

Product:
AirWatch Self Service MDM

Versions affected:
v6.1.x
v6.4.x

Vulnerability:
LDAP injection

Example:
https://[target]/DeviceManagement/ URL accepts the following
POST parameters:

AuthenticationMode
ActivationCode
Username
Password
Login

The ‘Username’ parameter appears to be vulnerable to an LDAP injection…

Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workplace-management-system-xml-external-entity-xxe-injection-file-disclosure.html

Date:
04-Apr-2017

Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)

Versions affected:
9.x

Vulnerability:
XML External Entity injection (XXE)

Example:

There is an XXE in services such as:

https://[target]/services/WSFUNCTION
https://[target]/services/WSGRID

Inchoo Facebook Connect Extension for Magento Parameter XSS

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/inchoo-facebook-connect-extension-for-magento-parameter-xss.html

Date:
04-Apr-2017

Product:
Inchoo Facebook Connect (Magento Plugin)

Vulnerability:
Reflected cross-site scripting.

Details:
Within ./app/code/community/Inchoo/Facebook/Block/Channel.php

return ‘<script src=”‘.($this->isSecure() ? ‘https://&apos; :
http://&apos