Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396.
Category Archives: Security
Security
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Computer Associates (Layer7) API Gateway
Versions affected:
v7, v8, v9
Vulnerabilities:
1) CRLF Response Splitting
https://[target]:8443/test%0d%0a<h1>string?wsdl
Parameters uri=’/test
<h1>string’ did not resolve to any service….
tigervnc-1.7.1-3.fc26
Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396.
Lotus Protector for Mail Security remote code execution
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-code-execution.html
Date:
09-Nov-2012
Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)
Vulnerability:
Local File Inclusion to Remote Code Execution
Details:
There is local file inclusion vulnerability in
the Lotus Mail Encryption Server (Protector for Mail Encryption)
administration setup interface. The index.php file uses an unsafe include()
where an…
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Avaya Radvision SCOPIA Desktop
Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)
Vulnerability:
Blind SQL injection.
Vulnerability details:
The vulnerability exists within a HTTP POST request to gain access to
stored recordings.
Example:
POST…
AirWatch Self Service Portal Username Parameter LDAP Injection
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html
Date:
04-Apr-2017
Product:
AirWatch Self Service MDM
Versions affected:
v6.1.x
v6.4.x
Vulnerability:
LDAP injection
Example:
https://[target]/DeviceManagement/ URL accepts the following
POST parameters:
AuthenticationMode
ActivationCode
Username
Password
Login
The ‘Username’ parameter appears to be vulnerable to an LDAP injection…
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)
Versions affected:
9.x
Vulnerability:
XML External Entity injection (XXE)
Example:
There is an XXE in services such as:
https://[target]/services/WSFUNCTION
https://[target]/services/WSGRID…
Inchoo Facebook Connect Extension for Magento Parameter XSS
Posted by Patrick Webster via Fulldisclosure on Apr 04
https://www.osisecurity.com.au/inchoo-facebook-connect-extension-for-magento-parameter-xss.html
Date:
04-Apr-2017
Product:
Inchoo Facebook Connect (Magento Plugin)
Vulnerability:
Reflected cross-site scripting.
Details:
Within ./app/code/community/Inchoo/Facebook/Block/Channel.php
return ‘<script src=”‘.($this->isSecure() ? ‘https://' :
‘http://&apos…
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness
Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Software:
Kaseya
Affected version:
Kaseya VSA v6.5.0.0.
Vulnerability details:
1. The “forgot password” function at https://[target]/access/logon.asp
reveals whether a username is valid/exists or not, which assists with
brute force attacks. An incorrect username responds with “No record of
this user exists”,…
CVE-2017-7307
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.