SAP BusinessObjects Explorer 14.0.5 XXE Injection

12 ottobre 2014 - Fonte: http://www.mondounix.com
#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product:           BusinessObjects Explorer
# Vendor:            SAP AG
# Subject:           Untrusted XML input parsing possible in SBOP Explorer
# Risk:              High
# Effect:            Remotely exploitable
# Author:            Stefan Horlacher
# Date:              2014-10-10
# SAP Security Note: 1908531 [0]
#
#######################################################################
 
Abstract:
-------------
BusinessObjects Explorer is vulnerable against XML External Entity (XXE) 
attacks....

Leggi il seguito »

SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing

12 ottobre 2014 - Fonte: http://www.mondounix.com
#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product:           BusinessObjects Explorer
# Vendor:            SAP AG
# Subject:           Cross Site Flashing
# Risk:              High
# Effect:            Remotely exploitable
# Author:            Stefan Horlacher
# Date:              2014-10-10
# SAP Security Note: 1908647 [0]
#
#######################################################################
 
Abstract:
-------------
BusinessObjects Explorer is vulnerable against Cross Site Flashing [1]
attacks, allowing an attacker to e.g. steal...

Leggi il seguito »

neuroML Multiple Vulnerabilities CSNC-2014-004

11 ottobre 2014 - Fonte: http://www.mondounix.com
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product:  neuroML
# Version:  <=v1.8.1 (Confirmed: v1.8.1)
# Vendor:   neuroML.org
# CSNC ID:  CSNC-2014-004
# CVD ID:   <none>
# Subject:  Multiple Vulnerabilities
# Risk:     High
# Effect:   Remotely exploitable
# Author:   Philipp Promeuschel <philipp.promeuschel () csnc ch>
# Date:     10.10.2014
#
#############################################################
 
Abstract:
-------------
The NeuroML project focuses on the development of an XML (eXtensible Markup Language) based description language...

Leggi il seguito »

WordPress InfusionSoft Upload

9 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Wordpress InfusionSoft Upload Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
        Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
        upload and remote code execution.
      },
    ...

Leggi il seguito »

WordPress BulletProof Security 50.8 Script Insertion

6 ottobre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1326
 
 
Release Date:
=============
2014-09-30
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1326
 
 
Common Vulnerability Scoring System:
====================================
3.2
 
 
Product & Service Introduction:
===============================
The BulletProof Security Plugin allows you to create and activate .htaccess website security with one-click (figuratively) for 
your website without having to know anything about .htaccess files. The Master...

Leggi il seguito »

Script – bad interpreter: No such file or directory

2 ottobre 2014 - Fonte: http://www.guidepc.it

Linux

Quando ci troviamo a scrivere uno script (bash, perl o altro) e lanciandolo otteniamo l’errore
bad interpreter: No such file or directory

Se questo errore è preceduto dal path di esecuzione (nel nostro caso /bin/bash, ma potrebbe differire) come il seguente

/bin/bash^M:

il problema è molto semplice ed è dovuto al passaggio dello script tra sistemi operativi: il sistema non riesce ad eseguire lo script perchè non riesce ad interpretare correttamente il codice. In particolare il simbolo ^M ci indica...

Leggi il seguito »

Script per Video Mediaset 5.2: design aggiornato e lo schermo intero per davvero

24 settembre 2014 - Fonte: http://andrealazzarotto.com

Oggi ho rilasciato la versione 5.2 per il mio script che permette di scaricare i filmati da Video Mediaset. Anche se la precedente 4.6 ha “resistito” al cambio di grafica, continuando a funzionare, ho preferito adattare lo script al nuovo design del sito e semplificare un po’ le cose.

Avrebbe dovuto essere la 5.0. Tuttavia, in seguito sono venute fuori complicazioni con Firefox, poi ho scoperto anche che hanno cambiato le carte in tavola per quanto riguarda le estensioni...

Leggi il seguito »

M/Monit 3.2.2 Cross Site Request Forgery

20 settembre 2014 - Fonte: http://www.mondounix.com
Application: M/Monit 3.2.2
Author: Dolev Farhi @dolevff
Date: 13.9.2014
Relevant CVEs: CVE-2014-6409, CVE-2014-6607
Vulnerable version: <= 3.2.2
 
 
 
M/Monit is an Easy, proactive monitoring of Unix systems, network and 
cloud services.
 
1. Vulnerability Description:
Account hijack via cross-site request forgery (CVE-2014-6409, 
CVE-2014-6607)
It was found that M/Monit latest version is vulnerable to CSRF attacks. 
it is possible to reset the password of any user account (admin/user)
on the system without needing to know the current password of the 
attacked account, due to missing password change verification mechanism.
2. Proof of concept
<html> <div align="center"> <pre>...

Leggi il seguito »

WordPress WooCommerce Reflected XSS

19 settembre 2014 - Fonte: http://www.mondounix.com
Details
================
Software: WooCommerce - excelling eCommerce
Version: 2.1.12
Homepage: http://wordpress.org/plugins/woocommerce/
Advisory report: 
https://security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do/
CVE: Awaiting assignment
CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)
 
Description
================
Reflected XSS in WooCommerce – excelling eCommerce allows attackers ability to do almost anything an admin user can do
 
Vulnerability
================
An attacker able to convince a logged-in admin user to visit a link of their choosing (for instance via spearphishing) 
can execute arbitrary JavaScript within...

Leggi il seguito »

WatchGuard XTM 11.8.3 Reflected XSS (CVE-2014-6413)

19 settembre 2014 - Fonte: http://www.mondounix.com
I. VULNERABILITY
 
Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3
 
II. BACKGROUND
-------------------------
WatchGuard builds affordable, all-in-one network and content security
solutions to provide defense in depth for corporate content, networks
and the businesses they power.
 
III. DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in XTM WatchGuard.
The code injection is done through the parameter "poll_name" in the
page “/firewall/policy?pol_name=(HERE XSS)”
 
IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter “poll_name” correctly.
https://10.200.210.100:8080/network/dynamic_dns_config?intf=aaaa<scrip
t>alert(document.cookie)</script>
 
V....

Leggi il seguito »