WordPress MaxButtons 1.26.0 Cross Site Scripting

16 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23237
Product: MaxButtons WordPress plugin
Vendor: Max Foundry
Vulnerable Version(s): 1.26.0 and probably prior
Tested Version: 1.26.0
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: October 2, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7181
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress WP Google Maps 6.0.26 Cross Site Scripting

16 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23236
Product: WP Google Maps WordPress plugin
Vendor: WP Google Maps 
Vulnerable Version(s): 6.0.26 and probably prior
Tested Version: 6.0.26
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: September 29, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7182
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

CMS Subkarma Cross Site Scripting / SQL Injection

14 ottobre 2014 - Fonte: http://www.mondounix.com
# Multiple SQL Injection & XSS on CMS SUBKARMA
 
# Risk: High
 
# CWE number: CWE-89,CWE-79
 
# Date: 13/10/2014
 
# Vendor: www.jttel.com.tw
 
# Author: Felipe " Renzi " Gabriel
 
# Contact: renzi@linuxmail.org
 
# Tested on:  Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906
 
# Vulnerables File: news.php ; product.php ; pro_con.php
 
# Exploits: http://www.target.com/news.php?id=[XSS]
 
            http://www.target.com/product.php?cat_id=[SQLI] & [XSS]
 
            http://www.target.com/pro_con.php?id=[SQLI] & [XSS]
 
 
# PoC:      http://www.cideko.com/product.php?cat_id=18  
 
            http://www.cideko.com/pro_con.php?id=3...

Leggi il seguito »

SAP BusinessObjects Explorer 14.0.5 XXE Injection

12 ottobre 2014 - Fonte: http://www.mondounix.com
#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product:           BusinessObjects Explorer
# Vendor:            SAP AG
# Subject:           Untrusted XML input parsing possible in SBOP Explorer
# Risk:              High
# Effect:            Remotely exploitable
# Author:            Stefan Horlacher
# Date:              2014-10-10
# SAP Security Note: 1908531 [0]
#
#######################################################################
 
Abstract:
-------------
BusinessObjects Explorer is vulnerable against XML External Entity (XXE) 
attacks....

Leggi il seguito »

SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing

12 ottobre 2014 - Fonte: http://www.mondounix.com
#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product:           BusinessObjects Explorer
# Vendor:            SAP AG
# Subject:           Cross Site Flashing
# Risk:              High
# Effect:            Remotely exploitable
# Author:            Stefan Horlacher
# Date:              2014-10-10
# SAP Security Note: 1908647 [0]
#
#######################################################################
 
Abstract:
-------------
BusinessObjects Explorer is vulnerable against Cross Site Flashing [1]
attacks, allowing an attacker to e.g. steal...

Leggi il seguito »

neuroML Multiple Vulnerabilities CSNC-2014-004

11 ottobre 2014 - Fonte: http://www.mondounix.com
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product:  neuroML
# Version:  <=v1.8.1 (Confirmed: v1.8.1)
# Vendor:   neuroML.org
# CSNC ID:  CSNC-2014-004
# CVD ID:   <none>
# Subject:  Multiple Vulnerabilities
# Risk:     High
# Effect:   Remotely exploitable
# Author:   Philipp Promeuschel <philipp.promeuschel () csnc ch>
# Date:     10.10.2014
#
#############################################################
 
Abstract:
-------------
The NeuroML project focuses on the development of an XML (eXtensible Markup Language) based description language...

Leggi il seguito »

WordPress EWWW Image Optimizer 2.0.1 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23234
Product: EWWW Image Optimizer WordPress plugin
Vendor: Shane Bishop
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: September 24, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-6243
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress Contact Form DB 2.8.13 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23233
Product: Contact Form DB WordPress plugin
Vendor: Michael Simpson
Vulnerable Version(s): 2.8.13 and probably prior
Tested Version: 2.8.13
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: September 25, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7139
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress Google Calendar Events 2.0.1 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23235
Product: Google Calendar Events WordPress plugin
Vendor: Phil Derksen
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: October 7, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7138
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

ZyXEL SBG-3300 Security Gateway Stored Server XSS

6 ottobre 2014 - Fonte: http://www.mondounix.com
########################################
#Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway
#Date: 02/10/2014
#CVE-ID: CVE-2014-7277 
#Product: ZyXEL SBG3300-N series
#Vendor: www.zyxel.com
#Affected Firmware: Latest version at the time of disclosure V1.00(AADY.4)C0 and below (tested)
#Patch: Unpatched
#Authored by: Mirko Casadei
########################################
 
#Disclosure Timeline:
13/08/2014  Vendor Contact with Acknowledgment 
13/09/2014  No response from Vendor after first contact
02/10/2014  Full Disclosure 
 
#Technical details:
The web interface of the Security Gateway is affected by a Stored Server XSS vulnerability in the main login page. 
Abusing the login 'welcome message'...

Leggi il seguito »