WordPress Photo Gallery Cross-Site Scripting (XSS)

1 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23232
Product: Photo Gallery WordPress plugin
Vendor: http://web-dorado.com/
Vulnerable Version(s): 1.1.30 and probably prior
Tested Version: 1.1.30
Advisory Publication:  September 10, 2014  [without technical details]
Vendor Notification: September 10, 2014 
Vendor Patch: September 10, 2014 
Public Disclosure: October 1, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-6315
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress All In One Security And Firewall 3.8.3 XSS

30 settembre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325
 
 
Release Date:
=============
2014-09-29
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1327
 
 
Common Vulnerability Scoring System:
====================================
3.3
 
 
Product & Service Introduction:
===============================
WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to your site by using a 
security plugin that enforces a lot of good security practices. The All In One...

Leggi il seguito »

TP-LINK WDR4300 – Stored XSS & DoS

22 settembre 2014 - Fonte: http://www.mondounix.com
Advisory Information
===============
 
Vendors Contacted: TP-LINK
Vendor Patched: Yes, Firmware 140916
System Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others.
Versions Affected: 130617 , possibly earlier 
CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728
 
 
Vulnerabilities Description
===================
 
# Stored XSS -
 
It is possible inject javascript code via DHCP hostname field, 
If the administrator will visit the dhcp clients page (web panel)
the script will execute.
 
# DoS (web server) -
Denial of service condition to the device web server, remotely or locally send the
device a "GET" request with an extra "Header" with a long value...

Leggi il seguito »

WordPress WooCommerce Reflected XSS

19 settembre 2014 - Fonte: http://www.mondounix.com
Details
================
Software: WooCommerce - excelling eCommerce
Version: 2.1.12
Homepage: http://wordpress.org/plugins/woocommerce/
Advisory report: 
https://security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do/
CVE: Awaiting assignment
CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)
 
Description
================
Reflected XSS in WooCommerce – excelling eCommerce allows attackers ability to do almost anything an admin user can do
 
Vulnerability
================
An attacker able to convince a logged-in admin user to visit a link of their choosing (for instance via spearphishing) 
can execute arbitrary JavaScript within...

Leggi il seguito »

WatchGuard XTM 11.8.3 Reflected XSS (CVE-2014-6413)

19 settembre 2014 - Fonte: http://www.mondounix.com
I. VULNERABILITY
 
Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3
 
II. BACKGROUND
-------------------------
WatchGuard builds affordable, all-in-one network and content security
solutions to provide defense in depth for corporate content, networks
and the businesses they power.
 
III. DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in XTM WatchGuard.
The code injection is done through the parameter "poll_name" in the
page “/firewall/policy?pol_name=(HERE XSS)”
 
IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter “poll_name” correctly.
https://10.200.210.100:8080/network/dynamic_dns_config?intf=aaaa<scrip
t>alert(document.cookie)</script>
 
V....

Leggi il seguito »

MODX Revolution Reflected Cross-Site Scripting (XSS)

19 settembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23229
Product: MODX Revolution
Vendor: MODX
Vulnerable Version(s): 2.3.1-pl and probably prior
Tested Version: 2.3.1-pl
Advisory Publication:  August 20, 2014  [without technical details]
Vendor Notification: August 20, 2014 
Vendor Patch: September 11, 2014 
Public Disclosure: September 17, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-5451
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

WordPress Photo Album Plus 5.4.4 Cross Site Scripting

15 settembre 2014 - Fonte: http://www.mondounix.com
WP Photo Album Plus Security Vulnerabilities
 
Author: Milhouse 
Download: https://wordpress.org/plugins/wp-photo-album-plus/
Home Page: http://wppa.opajaap.nl/
Google dork: inurl:wp-content/plugins/wp-photo-album-plus
 
Set up:
Wordpress Version: 3.9.1, 3.9.2
WP Photo Album Plus version: 5.4.4, 5.4.3
Client browsers: FireFox 31, Internet Explorer 8-11
 
Issue number 1: A Cross-Site Scripting (reflective) vulnerability.
Details:
The plugin echoes the value of  the http header “User-Agent” back to the client browser. Allowing un-sanitized java script to be inserted. 
 
Severity: Low
 
Proof of Concept (POC):
Request:
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent:...

Leggi il seguito »

LogAnalyzer 3.6.5 Cross Site Scripting

7 settembre 2014 - Fonte: http://www.mondounix.com
Author: Dolev Farhi @dolevff
Application: LogAnalyzer
Date: 8.2.2014
Tested on: Red Hat Enterprise Linux 6.4
Relevant CVEs: CVE-2014-6070
 
 
1. About the application
------------------------
LogAnalyzer is a web interface to syslog and other network event data. 
It provides easy browsing, analysis of realtime network events and 
reporting services.
 
 
2. Vulnerabilities Descriptions:
-----------------------------
It was found that an XSS injection is possible on a syslog server 
running LogAnalyzer version 3.6.5.
by changing the hostname of any entity logging to syslog server with 
LogAnalyzer to <script>alert("xss")</script>, and sending an arbitrary
syslog message, a client-side script...

Leggi il seguito »

Mpay24 prestashop payment module multiple vulnerabilities

7 settembre 2014 - Fonte: http://www.mondounix.com
 Mpay24 PrestaShop Payment Module Multiple Vulnerabilities
 
   - ·         Affected Vendor: Mpay24
   - ·         Affected Software: Mpay24 Payment Module
   - ·         Affected Version: 1.5 and earlier
   - ·         Issue Type: SQL injection and information disclosure
   - ·         Notification Date: 10 February 2014
   - ·         Release Date: 03 September 2014
   - ·         Discovered by: Eldar Marcussen
   - ·         Issue status: Patch available
 
Summary
 
BAE Systems Applied Intelligence researcher, Eldar Marcussen has identified
two high impact vulnerabilities in the Mpay24 payment module for the
Prestashop e-commerce solution.
 
“Mpay24 is the online-payment platform for e- and m-commerce...

Leggi il seguito »