Supr Shopsystem 5.1.0 Cross Site Scripting

23 novembre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
Supr Shopsystem v5.1.0 - Persistent UI Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1353
 
 
Release Date:
=============
2014-11-07
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1353
 
 
Common Vulnerability Scoring System:
====================================
3.1
 
 
Product & Service Introduction:
===============================
SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. 
Without installation and own webspace you can begin to create products and content right after...

Leggi il seguito »

WordPress CM Download Manager 2.0.0 Code Injection

22 novembre 2014 - Fonte: http://www.mondounix.com
Vulnerability title: Code Injection in Wordpress CM Download Manager plugin
CVE: CVE-2014-8877 
Plugin: CM Download Manager plugin
Vendor: CreativeMinds - https://www.cminds.com/
Product: https://wordpress.org/plugins/cm-download-manager/
Affected version: 2.0.0 and previous version
Fixed version: 2.0.4
Google dork: inurl:cmdownloads
Reported by: Phi Le Ngoc - phi.n.le@itas.vn
Credits to ITAS Team - www.itas.vn
 
 
::DESCRITION::
 
The code injection vulnerability has been found and confirmed within the software as an anonymous user. A successful attack could allow an anonymous attacker gains full control of the application and the ability to use any operating system functions that are available to the scripting environment....

Leggi il seguito »

WordPress SP Client Document Manager 2.4.1 SQL Injection

22 novembre 2014 - Fonte: http://www.mondounix.com
Vulnerability title: Multiple SQL Injection in SP Client Document Manager plugin
Plugin: SP Client Document Manager
Vendor: http://smartypantsplugins.com
Product: https://wordpress.org/plugins/sp-client-document-manager/
Affected version: version 2.4.1 and previous version
Fixed version: N/A
Google dork: inurl:wp-content/plugins/sp-client-document-manager
Reported by: Dang Quoc Thai - thai.q.dang (at) itas (dot) vn
Credits to ITAS Team - www.itas.vn
 
 
::DESCRITION::
 
Multiple SQL injection vulnerability has been found and confirmed within the software as an anonymous user. A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database....

Leggi il seguito »

WordPress 3.9.2 Cross Site Scripting

21 novembre 2014 - Fonte: http://www.mondounix.com
 
OVERVIEW
========
 
A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don't require authentication by default.
 
The JavaScript injected into a comment is executed when the target user views it, either on a blog post, a page, or in the Comments section of the administrative Dashboard.
 
In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue. The exploit is not then visible to normal users, search engines, etc.
 
When a blog administrator goes to the Dashboard/Comments section to review new comments,...

Leggi il seguito »

Computer hijacking arrests in UK and across Europe

21 novembre 2014 - Fonte: http://www.mondounix.com

Computer hijacking arrests in UK and across Europe

Fifteen people have been arrested, including four in the UK, in connection with the hijacking of computers.

Police say the individuals were using software designed to remotely control computers - allowing for the stealing of information.

The other arrests were made in Estonia, France, Romania, Latvia, Italy, and Norway.

The practice, which in some instances can grant access to a victim's webcam, is known as "Ratting".

The phrase takes its name from the malicious software used to gain control - Remote Access Trojans (Rats).

Using Rats to view people through their own webcams, without their knowledge, is becoming...

Leggi il seguito »

Joomla Simple Email Form 1.8.5 Cross Site Scripting

20 novembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23241
Product: Simple Email Form Joomla Extension
Vendor: Doug Bierer
Vulnerable Version(s): 1.8.5 and probably prior
Tested Version: 1.8.5
Advisory Publication:  October 29, 2014  [without technical details]
Vendor Notification: October 29, 2014 
Public Disclosure: November 19, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8539
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

Snowfox CMS 1.0 Open Redirect

19 novembre 2014 - Fonte: http://www.mondounix.com
Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability
 
 
Vendor: Globiz Solutions
Product web page: http://www.snowfoxcms.org
Affected version: 1.0
 
Summary: Snowfox is an open source Content Management System (CMS)
that allows your website users to create and share content based
on permission configurations.
 
Desc: Input passed via the 'rd' GET parameter in 'selectlanguage.class.php'
script is not properly verified before being used to redirect users. This
can be exploited to redirect a user to an arbitrary website e.g. when a user
clicks a specially crafted link to the affected script hosted on a trusted
domain.
 
===========================================================================
\modules\system\controller\selectlanguage.class.php:
----------------------------------------------------
 
28:...

Leggi il seguito »

Samsung Galaxy KNOX Android Browser Remote Code Execution

18 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'digest/md5'
 
class Metasploit3 < Msf::Exploit::Remote
 
  include Msf::Exploit::Remote::BrowserExploitServer
 
  # Hash that maps payload ID -> (0|1) if an HTTP request has
  # been made to download a payload of that ID
  attr_reader :served_payloads
 
  def initialize(info = {})
    super(update_info(info,
      'Name'                => 'Samsung Galaxy KNOX Android Browser RCE',
      'Description'         => %q{
        A vulnerability exists in the KNOX security component of the Samsung Galaxy
        firmware that allows...

Leggi il seguito »

XOOPS 2.5.6 SQL Injection

18 novembre 2014 - Fonte: http://www.mondounix.com
=============================================
MGC ALERT 2014-003
- Original release date: March 6, 2014
- Last revised:  November 18, 2014
- Discovered by: Manuel Garcia Cardenas
- Severity: 7,1/10 (CVSS Base Score)
=============================================
 
I. VULNERABILITY
-------------------------
Blind SQL Injection in XOOPS <= 2.5.6
 
II. BACKGROUND
-------------------------
XOOPS is an acronym of "eXtensible Object Oriented Portal System". Though
started as a portal system, it later developed into a web application
framework. It aims to serve as a web framework for use by small, medium and
large sites, through the installation of modules.
 
III. DESCRIPTION
-------------------------
It...

Leggi il seguito »

Proticaret E-Commerce Script 3.0 SQL Injection

18 novembre 2014 - Fonte: http://www.mondounix.com
Document Title:
============
Proticaret E-Commerce Script v3.0 >= SQL Injection
 
Release Date:
===========
13 Nov 2014
 
Product & Service Introduction:
========================
Proticaret is a free e-commerce script.
 
Abstract Advisory Information:
=======================
BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0
 
Vulnerability Disclosure Timeline:
=========================
20 Oct 2014    :    Contact with Vendor
20 Nov 2014    :    Vendor Response
June 26, 2014 :    Patch Released
13 Nov 2014    :    Public Disclosure
 
Discovery Status:
=============
Published
 
Affected Product(s):
===============
Promist Bilgi Ýletiþim...

Leggi il seguito »