Category Archives: Full Disclosure

Full Disclosure

[v2] [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation

Posted by Rodrigo Menezes on Jan 16

Title

========

Neon 1.6.14 for iOS Missing SSL Certificate Validation

Date

========

2018-01-15

Author

========

Rodrigo Laneth

Twitter: @rlaneth

CVE-ID

========

CVE-2018-5258

Vendor

========

Banco Neon S.A.

Software

========

Neon

https://itunes.apple.com/app/neon/id1127996388

Version

========

1.6.14

Previous versions have not been tested, but may also be affected.

Platform

========

iOS

Summary

========

The Neon app…

Read more

Re: [CVE-2018-5258] Neon 1.6.14 for iOS Missing SSL Certificate Validation

Posted by Rodrigo Menezes on Jan 16

The three events listed with dates from January, 2017 on the “Timeline” section

actually occurred on January, 2018.

This is the correct timeline:

—-

– [2017-12-30] First attempt to contact the vendor (no response).

– [2018-01-06] Second attempt to contact the vendor. The vendor affirms the

report will be forwarded to the app’s development team, but does not provide a

deadline for the release of an update addressing…

Read more

SSD Advisory – GitStack Unauthenticated Remote Code Execution

Posted by Maor Shwartz on Jan 16

SSD Advisory – GitStack Unauthenticated Remote Code Execution

Write-up: https://blogs.securiteam.com/index.php/archives/3557

Vulnerability Summary
The following advisory describes an unauthenticated action that allows a
remote attacker to add a user to GitStack and then used to trigger an
unauthenticated remote code execution.

GitStack is “a software that lets you setup your own private Git server for
Windows. This means that you create a…

Read more

Zenario v7.6 CMS – SQL Injection Web Vulnerability

Posted by Vulnerability Lab on Jan 15

Document Title:
===============
Zenario v7.6 CMS – SQL Injection Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2043

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
====================================
2043

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
SQL Injection

Current…

Read more

MagicSpam 2.0.13 – Insecure File Permission Vulnerability

Posted by Vulnerability Lab on Jan 15

Document Title:
===============
MagicSpam 2.0.13 – Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2113

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
====================================
2113

Common Vulnerability Scoring System:
====================================
2.8

Vulnerability Class:
====================
Privacy Violation…

Read more

[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2

Posted by RedTeam Pentesting GmbH on Jan 15

Advisory: Truncation of SAML Attributes in Shibboleth 2

RedTeam Pentesting discovered that the shibd service of Shibboleth 2
does not extract SAML attribute values in a robust manner. By inserting
XML entities into a SAML response, attackers may truncate attribute
values without breaking the document’s signature. This might lead to a
complete bypass of authorisation mechanisms.

Details
=======

Product: Shibboleth 2
Affected Versions:…

Read more

Kentico CMS v11.0 – Stack Buffer Overflow Vulnerability

Posted by Vulnerability Lab on Jan 13

Document Title:
===============
Kentico CMS v11.0 – Stack Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1943

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5282

CVE-ID:
=======
CVE-2018-5282

Release Date:
=============
2018-01-04

Vulnerability Laboratory ID (VL-ID):
====================================
1943

Common Vulnerability Scoring System:…

Read more

[Fixed Link] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough

Posted by Kurtis on Jan 13

** Advisory Information

Title: [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough
Blog URL: https://www.fidusinfosec.com/jungo-windriver-code-execution-cve-2018-5189/
Vendor: Jungo
Date Published: 10/01/2017
CVE: CVE-2018-5189

** Vulnerability Summary

Leveraging a race condition/double fetch to trigger a pool overflow
within the Jungo Windriver allowing a local privilage escalation to SYSTEM.

** Vendor Response

Jungo have…

Read more

PyroBatchFTP <= 3.18 – Local Buffer Overflow (SEH)

Posted by Manuel Garcia Cardenas on Jan 13

=============================================
MGC ALERT 2018-001
– Original release date: December 22, 2017
– Last revised: January 12, 2018
– Discovered by: Manuel García Cárdenas
– Severity: 7,5/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
PyroBatchFTP <= 3.18 – Local Buffer Overflow (SEH)

II. BACKGROUND
————————-
PyroBatchFTP is a Windows software that…

Read more

Seagate Media Server allows deleting of arbitrary files and folders

Posted by Summer of Pwnage via Fulldisclosure on Jan 13

————————————————————————
Seagate Media Server allows deleting of arbitrary files and folders
————————————————————————
Yorick Koster, September 2017

————————————————————————
Abstract
————————————————————————
Seagate Personal Cloud is a consumer-grade…

Read more