Acadmic Microsoft – API Query Filter Cross Site Scripting Vulnerability

Posted by Vulnerability Lab on Jan 21

Document Title:
===============
Acadmic Microsoft – API Query Filter Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2056

MSRC ID: 0001010174

Release Date:
=============
2018-01-20

Vulnerability Laboratory ID (VL-ID):
====================================
2056

Common Vulnerability Scoring System:
====================================
3.2

Vulnerability Class:…

Read more

15-Year-Old Schoolboy Posed as CIA Chief to Hack Highly Sensitive Information

crackas-with-attitude-hacker

Remember “Crackas With Attitude“?

A notorious pro-Palestinian hacking group behind a series of embarrassing hacks against United States intelligence officials and leaked the personal details of 20,000 FBI agents, 9,000 Department of Homeland Security officers, and some number of DoJ staffers in 2015.

Believe or not, the leader of this hacking group was just 15-years-old when he used “social engineering” to impersonate CIA director and unauthorisedly access highly sensitive information from his Leicestershire home, revealed during a court hearing on Tuesday.

Kane Gamble, now 18-year-old, the British teenager hacker targeted then CIA director John Brennan, Director of National Intelligence James Clapper, Secretary of Homeland Security Jeh Johnson, FBI deputy director Mark Giuliano, as well as other senior FBI figures.

Between June 2015 and February 2016, Gamble posed as Brennan and tricked call centre and helpline staff into giving away broadband and cable passwords, using which the team also gained access to plans for intelligence operations in Afghanistan and Iran.

The teenager also taunted his victims and their families, released their personal details, bombarded them with calls and messages, downloaded and installed pornography onto their computers and took control of their iPads and TV screens.

He also made hoax calls to Brennan’s home and took control of his wife’s iPad.

At one point, Gamble also sent DHS secretary Johnson a photograph of his daughter and said he would f*** her, phoned his wife, leaving a voicemail message which said: “Hi Spooky, am I scaring you?,” and even managed to get the message “I own you” on the couple’s home television.

Gamble was arrested in February 2016 at his council home in Coalville and last October he pleaded guilty to 8 charges of “performing a function with intent to secure unauthorised access” and 2 charges of “unauthorised modification of computer material.”

Gamble said he targeted the US government because he was “getting more and more annoyed about how corrupt and cold-blooded the US Government” was and “decided to do something about it.

Gamble’s defence said he was technically gifted but emotionally immature and has an autistic spectrum disorder, at the time of his offending, he had the mental development of a 12 or 13-year-old.

Also, the defence said, at no point did Gamble attempt to profit from his actions.

Out of 10 counts, Gamble previously admitted 8 charges of performing a function with intent to secure unauthorised access.

The teenager will be sentenced when the hearing resumes at a later date.

Two other members of Crackas With Attitude hacking group, Andrew Otto Boggs and Justin Gray Liverman, were arrested by FBI in September 2016 and had already been sentenced to five years in federal prison.

CVE-2017-17837

CVE-2017-17837 : The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the window

CVEdetails.com the ultimate security vulnerability data source

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get’s cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.

Publish Date : 2018-01-04 Last Update Date : 2018-01-19


CVSS Scores & Vulnerability Types

CVSS Score

4.3

Confidentiality Impact None
(There is no impact to the confidentiality of the system.)
Integrity Impact Partial
(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None
(There is no impact to the availability of the system.)
Access Complexity Medium
(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required
(Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID 79


Products Affected By CVE-2017-17837


Number Of Affected Versions By Product


References For CVE-2017-17837


Metasploit Modules Related To CVE-2017-17837

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

CentOS Web Panel v0.9.8.12 – Non-Persistent Cross Site Scripting Vulnerabilities

Posted by Vulnerability Lab on Jan 19

Document Title:
===============
CentOS Web Panel v0.9.8.12 – Non-Persistent Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1835

Release Date:
=============
2018-01-17

Vulnerability Laboratory ID (VL-ID):
====================================
1835

Common Vulnerability Scoring System:
====================================
3.3

Vulnerability Class:…

Read more

Shopware 5.2.5 & v5.3 – Multiple Cross Site Scripting Web Vulnerabilities

Posted by Vulnerability Lab on Jan 19

Document Title:
===============
Shopware 5.2.5 & v5.3 – Multiple Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1922

Shopware Security Tracking ID: SW-19834

Security Update:
http://community.shopware.com/Downloads_cat_448.html#5.3.4
http://community.shopware.com/_detail_2035.html

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15374

CVE-ID:…

Read more

CentOS Web Panel v0.9.8.12 – Multiple Persistent Web Vulnerabilities

Posted by Vulnerability Lab on Jan 19

Document Title:
===============
CentOS Web Panel v0.9.8.12 – Multiple Persistent Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1836

Release Date:
=============
2018-01-19

Vulnerability Laboratory ID (VL-ID):
====================================
1836

Common Vulnerability Scoring System:
====================================
4.4

Vulnerability Class:
====================
Cross…

Read more

Photo Vault v1.2 iOS – Insecure Authentication Vulnerability

Posted by Vulnerability Lab on Jan 19

Document Title:
===============
Photo Vault v1.2 iOS – Insecure Authentication Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2110

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
====================================
2110

Common Vulnerability Scoring System:
====================================
4.8

Vulnerability Class:
====================
Insecure…

Read more

OnePlus confirms up to 40,000 customers affected by Credit Card Breach

oneplus-credit-card-breach

OnePlus has finally confirmed that its online payment system was breached, following several complaints of fraudulent credit card transactions from its customers who made purchases on the company’s official website.

In a statement released today, Chinese smartphone manufacturer admitted that credit card information belonging to up to 40,000 customers was stolen by an unknown hacker between mid-November 2017 and January 11, 2018.

According to the company, the attacker targeted one of its systems and injected a malicious script into the payment page code in an effort to sniff out credit card information while it was being entered by the users on the site for making payments.

The malicious script was able to capture full credit card information, including their card numbers, expiry dates, and security codes, directly from a customer’s browser window.

The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated,” OnePlus said on its official forum. “We have quarantined the infected server and reinforced all relevant system structures.”

However, the company believes users who shopped on its website using their saved credit card, PayPal account or the “Credit Card via PayPal” method are not affected by the breach.

OnePlus is still investigating the incident and committed to conducting an in-depth security audit to identify how hackers successfully managed to inject the malicious script into its servers.

Meanwhile, credit card payments will remain disabled on the OnePlus.net store until the investigation is complete as a precaution, though users can make purchases through PayPal.

We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down. We are in contact with potentially affected customers. We are working with our providers and local authorities to address the incident better,” OnePlus says.

OnePlus is notifying all possibly affected OnePlus customers via an email and advises them to keep a close eye on their bank account statements for any fraudulent charges or look into cancelling their payment card.

The company is also looking into offering a one-year subscription of credit monitoring service for free to all affected customers.

WordPress MediaElement Cross Site Scripting Vulnerability

Vulnerable:

WordPress WordPress 4.9.1
WordPress WordPress 4.8.3
WordPress WordPress 4.8.2
WordPress WordPress 4.8.1
WordPress WordPress 4.7.4
WordPress WordPress 4.7.2
WordPress WordPress 4.7.1
WordPress WordPress 4.6.1
WordPress WordPress 4.5.2
WordPress WordPress 4.5.1
WordPress WordPress 4.5
WordPress WordPress 4.4.1
WordPress WordPress 4.4
WordPress WordPress 4.2.4
WordPress WordPress 4.2.3
WordPress WordPress 4.2.2
WordPress WordPress 4.2.1
WordPress WordPress 4.1.2
WordPress WordPress 4.1.1
WordPress WordPress 4.1
WordPress WordPress 3.9.2
WordPress WordPress 3.9.1
WordPress WordPress 3.9
WordPress WordPress 3.8.2
WordPress WordPress 3.8.1
WordPress WordPress 3.7.4
WordPress WordPress 3.7.1
WordPress WordPress 4.9
WordPress WordPress 4.7.5
WordPress WordPress 4.7.3
WordPress WordPress 4.7
WordPress WordPress 4.6
WordPress WordPress 4.5.3
WordPress WordPress 4.4.2
WordPress WordPress 4.3.1
WordPress WordPress 4.3
WordPress WordPress 4.2
WordPress WordPress 4.0.1
WordPress WordPress 4.0
WordPress WordPress 3.9.3
WordPress WordPress 3.9
WordPress WordPress 3.8.5
WordPress WordPress 3.8.4
WordPress WordPress 3.8.3
WordPress WordPress 3.8
WordPress WordPress 3.7.5
WordPress WordPress 3.7

Software and Security Information