seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 52 perc 13 másodperc
2020. augusztus 11.

Avian JVM vm::arrayCopy() silent return on negative length

Posted by Pietro Oliva via Fulldisclosure on Aug 11

Vulnerability title: Avian JVM vm::arrayCopy() silent return on negative length
Author: Pietro Oliva
CVE: CVE-2020-17361
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0

Description:
The issue is located in the vm::arrayCopy method defined in classpath-common.h,
where multiple boundary checks are performed to prevent out-of-bounds memory
read/write. One of these boundary checks makes the code return silently when a
negative length...
2020. augusztus 11.

Avian JVM vm::arrayCopy() Multiple Integer Overflows

Posted by Pietro Oliva via Fulldisclosure on Aug 11

Vulnerability title: Avian JVM vm::arrayCopy() Multiple Integer Overflows
Author: Pietro Oliva
CVE: CVE-2020-17360
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0

Description:
The issue is located in the vm::arrayCopy method defined in classpath-common.h,
where multiple boundary checks are performed to prevent out-of-bounds memory
read/write. Two of those boundary checks contain an integer overflow which leads
to those same checks...
2020. augusztus 11.

SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

Posted by Egidio Romano on Aug 11

SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability

*• Software Link:*

https://www.sugarcrm.com

*• Affected Versions:*

All versions prior to 10.1.0 (Q3 2020).

*• Vulnerability Description:*

User input passed through the encoded “current_post” parameter to
‘index.php’ (when “entryPoint” is set to “export” and “module” is set to
“Reports”) is not properly sanitized before being used to construct a...
2020. augusztus 11.

SugarCRM < 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities

Posted by Egidio Romano on Aug 11

SugarCRM < 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities

*• Software Link:*

https://www.sugarcrm.com/

*• Affected Versions:*

All versions prior to 10.1.0 (Q3 2020).

*• Vulnerabilities Description:*

1) User input passed through the “do” parameter when action is set to
“metadata” is not properly sanitized before being used to generate HTML
output. This can be exploited by malicious users to carry out...
2020. augusztus 11.

Re: [FD] ManageEngine ADSelfService Plus – Unauthenticated Remote Code Execution Vulnerability

Posted by Bhdresh on Aug 11

Hello,

Please find the below updated vulnerability details,

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Exploit Title: ManageEngine ADSelfService Plus – Unauthenticated Remote
Code Execution Vulnerability
# Date: 08/08/2020
# Exploit Author: Bhadresh Patel
# Version: < ADSelfService Plus build 6003
# CVE :...
2020. augusztus 11.

Remote Code Execution 0day in vBulletin 5.x

Posted by Zenofex via Fulldisclosure on Aug 11

vBulletin 5.5.4 through 5.6.2 are vulnerable to a remote code execution
vulnerability caused by incomplete patching of the previous
"CVE-2019-16759" RCE. This logic bug allows for a single pre-auth request
to execute PHP code on a target vBulletin forum.

More info can be found at:
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/

Exploits below.

Thank you,
Zenofex

BASH Exploit:

#!/bin/bash
#
# vBulletin...
2020. augusztus 8.

ManageEngine ADSelfService Plus – Unauthenticated Remote Code Execution Vulnerability

Posted by Bhdresh on Aug 07

Hello,

Please find the below vulnerability details,

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Exploit Title: ManageEngine ADSelfService Plus – Unauthenticated Remote
Code Execution Vulnerability
# Date: 08/08/2020
# Exploit Author: Bhadresh Patel
# Version: < ADSelfService Plus build 6003
# CVE :...
2020. augusztus 7.

SEC Consult SA-20200807-0 :: Multiple Vulnerabilities in flatCore CMS

Posted by SEC Consult Vulnerability Lab on Aug 07

SEC Consult Vulnerability Lab Security Advisory < 20200807-0 >
=======================================================================
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: <=1.5.5
fixed version: 1.5.7
CVE number: -
impact: High
homepage: https://flatcore.org/
found: 2020-03-28
by: Farhan Rahman (Office...
2020. augusztus 4.

October CMS <= Build 465 Multiple Vulnerabilities - Arbitrary File Read

Posted by Sivanesh Ashok on Aug 04

##########################################################################
# October CMS <= Build 465 Multiple Vulnerabilities #
##########################################################################

Author - Sivanesh Ashok | @sivaneshashok | stazot.com

Date : 2020-03-31
Vendor : https://octobercms.com/
Version : <= Build 465
Tested on : Build 465
CVE : CVE-2020-5295, CVE-2020-5296,...
2020. augusztus 4.

[SYSS-2020-030]: Jira module "Gantt-Chart for Jira" - Cross-Site Scripting (CWE-79)(CVE-2020-15944)

Posted by Sebastian Auwärter on Aug 04

Advisory ID: SYSS-2020-030
Product: Jira module "Gantt-Chart for Jira"
Manufacturer: Frank Polscheit - Solutions & IT-Consulting
Affected Version(s): <=5.5.4
Tested Version(s): 5.5.3, 5.5.4
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2020-07-23
Solution Date: 2020-07-31
Public Disclosure: 2020-08-03
CVE Reference: CVE-2020-15944
Author of Advisory:...
2020. augusztus 4.

[SYSS-2020-029]: Jira module "Gantt-Chart for Jira" - Improper Privilege Management (CWE-269)(CVE-2020-15943)

Posted by Sebastian Auwärter on Aug 04

Advisory ID: SYSS-2020-029
Product: Jira module "Gantt-Chart for Jira"
Manufacturer: Frank Polscheit - Solutions & IT-Consulting
Affected Version(s): <=5.5.3
Tested Version(s): 5.5.3
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2020-07-23
Solution Date: 2020-07-30
Public Disclosure: 2020-08-03
CVE Reference: CVE-2020-15943
Author of Advisory:...
2020. július 30.

[SYSS-2020-015]: ABUS Secvest Hybrid module (FUMO50110) - Authentication Bypass Using an Alternate Path or Channel (CWE-288) (CVE-2020-14158)

Posted by Matthias Deeg on Jul 30

Advisory ID: SYSS-2020-015
Product: ABUS Secvest Hybrid module (FUMO50110)
Manufacturer: ABUS
Affected Version(s): N/A
Tested Version(s): N/A
Vulnerability Type: Authentication Bypass Using an Alternate Path or
Channel (CWE-288)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2020-04-03
Solution Date: -
Public Disclosure: 2020-07-30
CVE Reference: CVE-2020-14158
Authors of Advisory: Michael Rüttgers, Thomas...
2020. július 29.

SEC Consult SA-20200728-0 :: Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere

Posted by SEC Consult Vulnerability Lab on Jul 29

SEC Consult Vulnerability Lab Security Advisory < 20200728-0 >
=======================================================================
title: Stored Cross-Site Scripting (XSS) Vulnerability
product: Namirial SIGNificant SignAnyWhere
vulnerable version: v6.10.60.25434 (SSP v4.22.60.25434)
v6.10.100.25817 (SSP v4.22.100.25817)
fixed version: v19.76.0.26030 (SSP v19.76.0.26030)...
2020. július 24.

Vulnerability Repot# MAMP PRO 4.2.0 Local Privilege Escalation

Posted by Nicholas on Jul 24

Hi!

I have discovered a local privilege escalation vulnerability on MAMP PRO
4.2.0 and would like to post it. Please kindly check the attached file.

Best regards,
Nicholas
# Exploit Title: MAMP PRO 4.2.0 Local Privilege Escalation
# Date: 2020-07-08
# Exploit Author: b1nary
# Vendor Homepage: https://www.mamp.info/
# Software Link: https://downloads.mamp.info/MAMP-PRO-WINDOWS/releases/4.2.0/MAMP_MAMP_PRO_4.2.0.exe
# Version: 4.2.0
# Tested on:...
2020. július 24.

Defense in depth -- the Microsoft way (part 70): CVE-2014-0315 alias MS14-019 revisited

Posted by Stefan Kanthak on Jul 24

Hi @ll,

This multi-part post can be read even without a MIME-compliant program!

Back in 2014, I reported a vulnerability in CreateProcess()'s handling of
*.cmd and *.bat files that Microsoft fixed with MS14-019 alias MSKB 2922229
and assigned CVE-2014-0315: command lines with a batch script as first token
led to the execution of a (rogue) cmd.exe from the CWD (or the search path).

<...
2020. július 24.

Three vulnerabilities found in MikroTik's RouterOS

Posted by Q C on Jul 24

Advisory: three vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch, router and access point.

Description of vulnerabilities...
2020. július 24.

SEC Consult SA-20200724-0 :: Privilege Escalation Vulnerability in SteelCentral Aternity Agent

Posted by SEC Consult Vulnerability Lab on Jul 24

SEC Consult Vulnerability Lab Security Advisory < 20200724-0 >
=======================================================================
title: Privilege Escalation Vulnerability
product: SteelCentral Aternity Agent
vulnerable version: 11.0.0.120
fixed version:
CVE number: CVE-2020-15592, CVE-2020-15593
impact: Critical
homepage: https://www.riverbed.com/gb/...
2020. július 21.

Advisory:[CVE-2020-15596]ALPS ALPINE DLL Hijacking Issue

Posted by Caiyuan Xie on Jul 21

Summary:
A vulnerability to DLL preloading attacks was found in the ALPS ALPINE Touchpad driver, which might allow an attacker
to execute malicious code. ALPS ALPINE has released updates to mitigate this potential vulnerability.
Vulnerability Details:
The ALPS ALPINE Touchpad driver may try to load DLLs that are not always present in the driver package. If an attacker
can gain control of one of the DLL search directories, a malicious copy of...
2020. július 21.

Mida Solutions eFramework <= 2.9.0 Multiple Vulnerabilities

Posted by Andrea Baesso on Jul 21

=============================================
Title: Mida Solutions eFramework Multiple Vulnerabilities
Date: 19/07/2020
Author: Andrea Baesso
Reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
Vendor Homepage: https://www.midasolutions.com/
Software Link: ova-efw.midasolutions.com
Software: Mida eFramework
Versions: <=2.9.0
Tested on: 2.8.9, 2.9.0
CVE : Mitre is aware, still waiting...
2020. július 17.

SEC Consult SA-20200717-0 :: Multiple Vulnerabilities in WonderCMS

Posted by SEC Consult Vulnerability Lab on Jul 17

SEC Consult Vulnerability Lab Security Advisory < 20200717-0 >
=======================================================================
title: Multiple Vulnerabilities
product: WonderCMS
vulnerable version: <=3.1.0
fixed version: -
CVE number: -
impact: High
homepage: https://www.wondercms.com/
found: 2020-04-30
by: Calvin Phang (Office...