seclist.org

Posted by psy on Nov 17

Hi FD,

I am glad to present a new release of this tool:

- https://xsser.03c8.net

---------

"Cross Site "Scripter" (aka XSSer) is an automatic -framework- to
detect, exploit and report XSS vulnerabilities in web-based
applications. It provides several options to try to bypass certain
filters and various special techniques for code injection."

---------

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can...

Posted by sec-advisory on Nov 15

# Privilege Escalation via Logrotate in FreeRadius

## Overview
Identifier: AIT-SA-20191112-01
Target: FreeRadius
Vendor: FreeRadius
Version: all versions including 3.0.19
Fixed in Version: 12.2.3, 12.1.8 and 12.0.8
CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-10143
Accessibility: Local
Severity: Low
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)

## Summary
[FreeRadius is a modular Open-Source RADIUS suite.](...

Posted by Prajwal Panchmahalkar on Nov 15

Jun 15-18, 2020 - The St. Regis, Abu Dhabi

Greetings from c0c0n!

THE CONFERENCE TRACKS / THEMES ARE DIVIDED AS FOLLOWS:

Critical Infrastructure & SCADA networks Security
IoT
WoT
Telecom
ICS
SCADA
Smart City
Mobile and Web Security
Dark-Web and Open Source Intelligence
Social Media Intelligence
Artificial Intelligence
Cryptography
Offensive Security and Information Warfare
Malware
Ransomware
Advanced Persistence Threats (APT)
Banking,...

Posted by okan coskun on Nov 15

I. VULNERABILITY
-------------------------
XSS Vulnerability on Raritan CommandCenter Secure Gateway

II. CVE REFERENCE
-------------------------
-

III. VENDOR
-------------------------
https://www.raritan.com/support/product/commandcenter-secure-gateway

IV. TIMELINE
-------------------------
30/01/2019 Vulnerability discovered
30/01/2019 Vendor contacted
27/02/2019 Raritan replied as "this fix is scheduled for release version 8.0"...

Posted by okan coskun on Nov 15

I. VULNERABILITY
-------------------------
Raritan CommandCenter Secure Gateway XML External Entity

II. CVE REFERENCE
-------------------------
CVE-2018-20687

III. VENDOR
-------------------------
https://www.raritan.com/support/product/commandcenter-secure-gateway

IV. TIMELINE
------------------------
04/01/2019 Vulnerability discovered
07/01/2019 Vendor contacted

V. CREDIT
-------------------------
Okan Coşkun from Biznet Bilisim A.S....

Posted by okan coskun on Nov 15

I. VULNERABILITY
-------------------------
Stored XSS Vulnerability on TP-Link Archer VR300 v1 - firmware
version: 1.3.0 0.8.0 v007b.1 build 180905 Rel.55344n

II. CVE REFERENCE
-------------------------
-

III. VENDOR
-------------------------
https://www.tp-link.com/

IV. TIMELINE
-------------------------
04/10/2018 Vulnerability discovered
05/10/2018 Vendor contacted
no Response

V. CREDIT
-------------------------
Okan Coşkun from Biznet...

Posted by Prestigia on Nov 15

=============================================
PRESTIGIA SEGURIDAD ALERT 2019-001
- Original release date: July 31, 2019
- Last revised: November 13, 2019
- Discovered by: Prestigia Seguridad
- Severity: 7,5/10 (CVSS Base Score)
- CVE-ID: CVE-2019-14467
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin Social Photo Gallery 1.0 - Remote Code Execution

II. BACKGROUND...

Posted by infinitybuzz via Fulldisclosure on Nov 15

Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]

Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a
script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.

The attacker could upload a html page that runs a script, when the victim tries to download the template, it loads the
html page with the script....

Posted by infinitybuzz via Fulldisclosure on Nov 15

Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]

Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section.

I could bypass the restrictions using HTML Entities &gt &lt, the Stored XSS only triggers when editing the category.

More Information:

https://link.medium.com/5galrOpMy1

Posted by infinitybuzz via Fulldisclosure on Nov 15

Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]

Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of
adding “.jpg” to any uploaded filename is not enforced on the server side.

The image upload is vulnerable to bypass, the file upload adds .jpg extension to every file sent, but on client side,
so I could intercept the request and change it to .php. I uploaded a simple...

Posted by Hacxx Under 2 on Nov 15

The reason why use this trick is to determine the ip for the server of
a XenForo CMS and bypass cloudflare or any DDOS protection. The user
uses a ip logger in combination with the Preview Thread feature of
XenForo to log the ip. This ip is the direct ip to the server without
protection.

Keep in mind that this feature can be used to determine the location
for a server even if the admin has strict rules to hide it's true
location (May work...

Posted by hyp3rlinx on Nov 15

[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SCANGUARD-ANTIVIRUS-INSECURE-PERMISSIONS.txt
[+] ISR: ApparitionSec

[Vendor]
https://www.scanguard.com

[Product]
ScanGuard Antivirus
ScanGuard_Setup.exe Hash: 1a63c67a249da0c2e9abd09d35c3c65d

Complete Antivirus & Security Software

[Vulnerability Type]
Insecure Permissions

[CVE Reference]
CVE-2019-18895

[Affected Product...

Posted by Alphan YAVAS on Nov 15

I. VULNERABILITY
-------------------------
Reflected XSS due to lack of input filtering in MicroStrategy Library

II. CVE REFERENCE
-------------------------
CVE-2019-18957

III. VENDOR
-------------------------
https://www.microstrategy.com/

IV. TIMELINE
-------------------------
05/07/2019 Vulnerability discovered
06/07/2019 Vendor contacted
06/09/2018 MicroStrategy Fix the vulnerability at the release V11.1.3

V. CREDIT...

Posted by Georgi Guninski on Nov 12

From https://j.ludost.net/blog/archives/2019/11/11/minor_security_issue_in_punbb_with_sqlite/index.html

Minor security issue in punbb with SQLite

Georgi Guninski security advisory #76, 2019

Running punbb-master from https://github.com/punbb/punbb
from Thu 07 Nov 2019 11:23:33 AM UTC

Installing on http://host/forum
In install.php set:

database type: SQLite3
database name: database1

Accessing http://host/forum/database1 returns the full raw...

Posted by Nightwatch Cybersecurity Research on Nov 08

[Original post:
https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/]

SUMMARY

Example/default configuration files provided by Adobe within their
mobile SDKs include several insecure options. These have also been
found in the wild in multiple mobile applications. When these options
are used insecurely, attackers can view or modify information
transmitted by the application back to Adobe’s cloud services....

Posted by Daniel Bishtawi on Nov 05

Hello,

We are informing you about the vulnerabilities in ilchCMS 2.1.23.

Here are the details:

Information
--------------------

Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in ilchCMS 2.1.23
Affected Software: ilchCMS
Affected Versions: 2.1.23
Vendor Homepage: https://www.ilch.de/
Vulnerability Type: Cross-site Scripting
Severity: Medium
Status: Fixed
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N...

Posted by Apple Product Security via Fulldisclosure on Nov 04

APPLE-SA-2019-11-01-1 Xcode 11.2

Xcode 11.2 addresses the following:

llvm
Available for: macOS Mojave 10.14.4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8800: Pan ZhenPeng of Qihoo 360 Nirvan Team
CVE-2019-8806: Pan ZhenPeng of Qihoo 360 Nirvan Team

Installation note:

Xcode 11.2 may be obtained from:...

Posted by Apple Product Security via Fulldisclosure on Oct 31

APPLE-SA-2019-10-29-3 tvOS 13.2

tvOS 13.2 is now available and addresses the following:

Accounts
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at
Technische Universität Darmstadt

App Store
Available for: Apple TV 4K and Apple TV HD
Impact: A local...

Posted by Apple Product Security via Fulldisclosure on Oct 31

APPLE-SA-2019-10-29-11 Additional information
for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1

iOS 13.1 and iPadOS 13.1 address the following:

AppleFirmwareUpdateKext
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking....

Posted by Apple Product Security via Fulldisclosure on Oct 31

APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update
2019-001 Mojave, Security Update 2019-006 High Sierra

macOS Catalina 10.15.1, Security Update 2019-001 Mojave,
Security Update 2019-006 High Sierra are now available and address
the following:

Accounts
Available for: macOS Catalina 10.15
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8787:...