seclist.org

Posted by Red Timmy Security on Apr 03

Hi,
early last autumn we have conducted an assessment on MicroStrategy
Intellitence Server & Web 10.4, that brought to the discovery of six
different vulnerabilities and recently at the registration of a total of
five CVE(s).

CVE-2020-11450 - Information Disclosure in Axis2 Happiness Page
Microstrategy Web 10.4 and possibly above exposes JVM configuration, CPU
architecture, installation folder and other info through the URL...

Posted by hyp3rlinx on Apr 03

import logging,os,ctypes,sys,argparse,time,re
from subprocess import *
from datetime import datetime
from pkgutil import iter_modules
import pkg_resources

#Recon-Informer (c)
#By John Page (Hyp3rlinx)
#ApparitionSec
#hyp3rlinx.altervista.org
#twitter.com/hyp3rlinx
#apparitionsec () gmail com
#PoC Video URL: https://www.youtube.com/watch?v=XM-G9Udbphc
#==========================================================
#
#Recon-Informer is a basic...

Posted by Stefan Kanthak on Mar 31

Hi @ll,

this is the continuation of the previous posts
<https://seclists.org/fulldisclosure/2020/Mar/45> and
<https://seclists.org/fulldisclosure/2020/Mar/48>.

(Un)fortunately the IOfficeAntiVirus interface (see
<https://support.microsoft.com/en-us/help/914922/microsoft-windows-defender-helps-provide-real-time-protection>)
has at least another weakness which also allows (unprivileged users) to
load arbitrary DLLs into web...

Posted by Stefan Kanthak on Mar 31

"Paul Szabo" <paul.szabo () sydney edu au> wrote:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus

Yes, partially: this vulnerability allows unprivileged users
a) to bypass "on-demand" scans of files downloaded from the internet
or other computers (which are initiated by the attachment manager),
b) to load an...

Posted by Pietro Oliva on Mar 31

Vulnerability title: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference
Author: Pietro Oliva
CVE: CVE-2020-10231
Vendor: TP-LINK
Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450
Affected version: NC200 <= 2.1.8 build 171109, NC210 <= 1.0.9 build 171214,
NC220 <= 1.3.0 build 180105, NC230 <= 1.3.0 build 171205,
NC250 <= 1.3.0 build 171205, NC260 <= 1.5.1 build 190805,...

Posted by Paul Szabo on Mar 31

Does this mean that unprivileged users can defeat WindowsDefender,
even when that is "enforced" by managers? Surely that would be a
vulnerability! I am not knowledgeable about Windows management,
but the pages

https://docs.microsoft.com/en-us/configmgr/protect/deploy-use/endpoint-protection...

Posted by hyp3rlinx on Mar 31

Recon-Informer is a basic real-time anti-reconnaissance detection tool for
offensive security systems, useful for penetration testers. It runs on
Windows/Linux and leverages Scapy.

https://github.com/hyp3rlinx/0/blob/master/Recon-Informer.py

Thanks and stay safe to all,
hyp3rlinx

Posted by RedForce Advisory on Mar 31

RedForce Advisory
https://redforce.io

## ِAdvisory Information
Title: Deskpro Helpdesk < 2019.8.0 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/

Date published: 2020-03-28
Date of last update: 2020-03-30
Vendors contacted: DeskPro

## About Deskpro

Deskpro is a helpdesk software solution that helps companies manage their
communication with...

Posted by Vladimir Bostanov on Mar 27

Advisory ID: SYSS-2019-047
Product: Micro Focus Vibe (formerly Novelle Vibe)
Manufacturer: Micro Focus International plc
Affected Version(s): 4.0.6
Tested Version(s): 4.0.6
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2019-11-07
Solution Date: 2020-03-24
Public Disclosure: 2020-03-25
CVE Reference: CVE-2020-9520
Author of Advisory: Dr. Vladimir Bostanov, SySS GmbH...

Posted by Vladimir Bostanov on Mar 27

Advisory ID: SYSS-2019-046
Product: Micro Focus Vibe (formerly Novelle Vibe)
Manufacturer: Micro Focus International plc
Affected Version(s): 4.0.6
Tested Version(s): 4.0.6
Vulnerability Type: HTML Injection (CWE-79)
Risk Level: Low
Solution Status: Fixed
Manufacturer Notification: 2019-11-07
Solution Date: 2020-03-24
Public Disclosure: 2020-03-25
CVE Reference: Not assigned
Author of Advisory: Dr. Vladimir Bostanov, SySS GmbH...

Posted by Stefan Kanthak on Mar 27

Hi @ll,

Microsoft still registers LOTS of DLLs (which implement COM classes,
cryptography service providers, services etc.) as well as command lines
with paths containing the (pre-defined) environment variables %windir%,
%SystemRoot%, %ProgramFiles%, %CommonProgramFiles%, %ProgramFiles(x86)%
and %CommonProgramFiles(x86)%.

For example, Windows Defender shipped with Windows Vista and newer versions
of Windows, installs a COM class which...

Posted by Stefan Kanthak on Mar 27

Hi @ll,

in September 2017, Microsoft relocated many executable files of Windows
Defender from the directory "%ProgramFiles%\Windows Defender\" to
"%ProgramData%\Microsoft\Windows Defender\platform\<version>\": see
<https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform>

JFTR: if Microsoft were only capable to understand English language and
notice the difference...

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2020-03-25-2 iCloud for Windows 7.18

iCloud for Windows 7.18 is now available and addresses the following:

libxml2
Available for: Windows 7 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com

libxml2
Available for: Windows 7 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking....

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3

iCloud for Windows 10.9.3 is now available and addresses the
following:

libxml2
Available for: Windows 10 and later via the Microsoft Store
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com

libxml2
Available for: Windows 10 and later via the Microsoft Store
Impact: Multiple issues in libxml2
Description: A buffer...

Posted by Pedro Ribeiro on Mar 27

Hi,

Here's a fun one I have been working on for some time.
tl;dr IBM PA / TM1, dating back to 2014, maybe 2009 is vulnerable to a unauthenticated configuration overwrite; this is
abused to "fake authenticate" to it, and finally execute code as root / SYSTEM using TM1 scripting.

Advisory below, permalink in:
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/ibm-tm1-rce.txt

Exploit:...

Posted by Levon Kayan on Mar 27

Howdy,

We've just released nullscan v1.0.0, a modular framework designed to
chain and automate security tests. It's a beast and highly recommended
to learn and use it. :)

Here are some details:

[ Description ]

A modular framework designed to chain and automate security tests. It
parses target definitions from the command line and runs corresponding
modules and their nullscan-tools afterwards. It can also take hosts and
start nmap...

Posted by Georg Ph E Heise via Fulldisclosure on Mar 27

codeBeamer – Stored Cross-Site Scripting

===============================================================================

Identifiers

-------------------------------------------------

* CVE-2019-19913

CVSSv3 score

-------------------------------------------------

6.4
([AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H&version=3.1))

Vendor...

Posted by Georg Ph E Heise via Fulldisclosure on Mar 27

codeBeamer – Stored Cross-Site Scripting

===============================================================================

Identifiers

-------------------------------------------------

* CVE-2019-19912

CVSSv3 score

-------------------------------------------------

6.4 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H)

Vendor

-------------------------------------------------

Intland – Codebeamer (https://codebeamer.com)

Product...

Posted by Eldar Marcussen on Mar 24

HP ThinPro - Privileged command injection
===============================================================================

Identifiers
-------------------------------------------------
* CVE-2019-18910

CVSSv3 score
-------------------------------------------------
7.6 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)

Vendor
-------------------------------------------------
HP - [https://www.hp.com](https://www.hp.com)

Product...

Posted by Eldar Marcussen on Mar 24

HP ThinPro - Citrix command injection
===============================================================================

Identifiers
-------------------------------------------------
* CVE-2019-18909

CVSSv3 score
-------------------------------------------------
6.1 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Vendor
-------------------------------------------------
HP - [https://www.hp.com](https://www.hp.com)

Product...