seclist.org
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 2 óra 57 perc
Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)
Posted by Onapsis Research via Fulldisclosure on Jun 21
# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability inSAP Focused Run (Simple Diagnostics Agent 1.0)
## Impact on Business
Exposing the contents of a directory can lead to a disclosure of useful
information
for the attacker to devise exploits, such as creation times of files or any
information that may be encoded in file names. The directory listing may
also
compromise private or confidential data.
## Advisory Information...
Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)
Posted by Onapsis Research via Fulldisclosure on Jun 21
# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerabilityin SAP Focused Run (Simple Diagnostics Agent 1.0)
## Impact on Business
Running unnecessary services, like a jetty webserver, may lead to increased
surface area for an attack and also it unnecessarily exposes underlying
vulnerabilities.
## Advisory Information
- Public Release Date: 06/21/2022
- Security Advisory ID: ONAPSIS-2022-0006
- Researcher(s): Yvan Genuer
##...
Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad
Posted by Onapsis Research via Fulldisclosure on Jun 21
# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)vulnerability in SAP Fiori launchpad
## Impact on Business
Impact depends on the victim's privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired
requests in the SAP System (CSRF) as well as redirected to arbitrary web
site
(Open Redirect).
## Advisory Information
- Public Release Date: 06/21/2022
-...
# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)
Posted by Onapsis Research via Fulldisclosure on Jun 21
# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAPFocused Run (Simple Diagnostics Agent 1.0)
## Impact on Business
Because the Simple Diagnostic Agent (SDA) handles several important
configuration and critical credential information, a successful attack
could lead to the control of the SDA, and therefore affect:
* Integrity, by modifying the configuration.
* Availability, by stopping the service.
* Confidentiality...
Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)
Posted by Onapsis Research via Fulldisclosure on Jun 21
# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)vulnerability in SAP Focused Run (Real User Monitoring)
## Impact on Business
Impact depends on the victim's privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired request
in SAP Focused Run.
## Advisory Information
- Public Release Date: 06/21/2022
- Security Advisory ID: ONAPSIS-2022-0003
-...
SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 17
SEC Consult Vulnerability Lab Security Advisory < 20220615-0 >=======================================================================
title: Hardcoded Backdoor User and Outdated Software Components
product: Nexans FTTO GigaSwitch industrial/office switches HW version 5
vulnerable version: See "Vulnerable / tested versions"
fixed version: V6.02N, V7.02
CVE number: CVE-2022-32985...
SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 14
SEC Consult Vulnerability Lab Security Advisory < 20220614-0 >=======================================================================
title: Reflected Cross Site Scripting
product: SIEMENS-SINEMA Remote Connect
vulnerable version: <=V3.0.1.0-01.01.00.02
fixed version: V3.1.0
CVE number: CVE-2022-29034
impact: medium
homepage: https://siemens.com...
SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10
SEC Consult Vulnerability Lab Security Advisory < 20220609-0 >=======================================================================
title: Multiple vulnerabilities
product: SoftGuard SNMP Network Management Extension
vulnerable version: SoftGuard Web (SGW) < 5.1.5
fixed version: SoftGuard version 5.1.5 from 2022-06-01
CVE number: CVE-2022-31201, CVE-2022-31202
impact: High...
SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10
SEC Consult Vulnerability Lab Security Advisory < 20220608-0 >=======================================================================
title: Stored Cross-Site Scripting & Unsafe Java Deserializiation
product: Gentics CMS
vulnerable version: 5.36.29, see section below
fixed version: 5.40.27, 5.41.15, 5.42.7, 5.43.1 or higher
CVE number: CVE-2022-30981, CVE-2022-30982
impact:...
SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10
SEC Consult Vulnerability Lab Security Advisory < 20220607-0 >=======================================================================
title: Multiple Vulnerabilities
product: Infiray IRAY-A8Z3 thermal camera
vulnerable version: V1.0.957
fixed version: None
CVE number: CVE-2022-31208, CVE-2022-31209, CVE-2022-31210,
CVE-2022-31211
impact: Critical...
HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh
Posted by Marco Ivaldi on Jun 10
Dear Full Disclosure,Find attached a security advisory that details multiple
vulnerabilities we discovered in the zysh shell distributed with some
Zyxel products, including their security appliances.
* Title: Multiple vulnerabilities in Zyxel zysh
* Products: Zyxel firewalls, AP controllers, and APs
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2022-06-07
* CVE Names and Vendor CVSS Scores:
CVE-2022-26531:...
Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855
Posted by Moritz Abrell on Jun 10
Advisory ID: SYSS-2022-021Product: Mitel 6800/6900 Series SIP Phones excluding 6970
Mitel 6900 Series IP (MiNet) Phones
Manufacturer: Mitel Networks Corporation
Affected Version(s): Rel 5.1 SP8 (5.1.0.8016) and earlier
Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165)
MiNet 1.8.0.12 and earlier
Tested Version(s):...
Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions
Posted by malvuln on Jun 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source:
https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan-Banker.Win32.Banbra.cyt
Vulnerability: Insecure Permissions
Description: The malware writes a batch script ".bat" file to c drive
granting change (C) permissions to the authenticated user group. Standard
users can...
Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution
Posted by malvuln on Jun 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source:
https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Cabrotor.10.d
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1243. Attackers who can reach
infected systems can issue commands made up of single characters E.g....
Trojan-Proxy.Win32.Symbab.o / Heap Corruption
Posted by malvuln on Jun 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source:
https://malvuln.com/advisory/bffc519fbaf2d119bd307cd22368cdc7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan-Proxy.Win32.Symbab.o
Vulnerability: Heap Corruption
Description: The malware listens on TCP port 8080. Attackers who can reach
an infected system can send a corrupt HTTP request for the "redirecturl"
parameter causing...
Trojan-Banker.Win32.Banker.agzg / Insecure Permissions
Posted by malvuln on Jun 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source:
https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan-Banker.Win32.Banker.agzg
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to c drive granting change (C)
permissions to the authenticated user group. Standard users can rename the
executable dropped...
Ransom.Haron / Code Execution
Posted by malvuln on Jun 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source:
https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Ransom.Haron
Vulnerability: Code Execution
Description: Haron looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption....
[SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948)
Posted by Matthias Deeg on Jun 10
Advisory ID: SYSS-2022-024Product: EP-KP001
Manufacturer: Lepin
Affected Version(s): KP001_V19
Tested Version(s): KP001_V19
Vulnerability Type: Violation of Secure Design Principles (CWE-657)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-04-12
Solution Date: -
Public Disclosure: 2022-06-10
CVE Reference:...
[SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)
Posted by Matthias Deeg on Jun 10
Advisory ID: SYSS-2022-017Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Insufficient Verification of Data
Authenticity (CWE-345)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure:...
[SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)
Posted by Matthias Deeg on Jun 10
Advisory ID: SYSS-2022-016Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure:...