hyp3rlinx | 29 Jun 06:08 2016
Picon

Symantec SEPM v12.1 Multiple Vulnerabilities

[+] Credits: John Page aka HYP3RLINX 

[+] Website: hyp3rlinx.altervista.org

[+] Source:  http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt

[+] ISR: ApparitionSec

Vendor:
================
www.symantec.com

Product:
===========
SEPM
Symantec Endpoint Protection Manager and client v12.1

SEPM provides a centrally managed solution. It handles security policy enforcement, host integrity
checking (Symantec Network Access Control only),
and automated remediation over all clients. The policies functionality is the heart of the Symantec
software. Clients connect to the server to get the
latest policies, security settings, and software updates.

Vulnerability Type(s):
======================
Multiple Cross Site Scripting (XSS)
Cross Site Request Forgeries (CSRF)
Open Redirect

CVE Reference(s):
(Continue reading)

Vulnerability Lab | 28 Jun 14:05 2016

Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

Document Title:
===============
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1862

CWE-89
CWE-79
CWE-264

http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions/79
http://cwe.mitre.org/data/definitions/264

CWE-ID:
======
89

Release Date:
=============
2016-06-28

Vulnerability Laboratory ID (VL-ID):
====================================
1862

Common Vulnerability Scoring System:
====================================
(Continue reading)

Vulnerability Lab | 28 Jun 14:03 2016

Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

Document Title:
===============
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1863

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
====================================
1863

Common Vulnerability Scoring System:
====================================
8.1

Product & Service Introduction:
===============================
ALFiNE IT solutions Ltd was founded in 2004 by a group of entrepreneurs with vast experience in the IT
industry. 
We are multi-skilled software service provider with a highly competent workforce and strong global
presence. 
With years of honed expertise in cross-platform skills and quality-integrated methodologies, ALFiNE
adopts a 
competent global delivery model in providing value-based solutions as well as professional services to
clients worldwide. 
(Continue reading)

Vulnerability Lab | 28 Jun 14:02 2016

Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

Document Title:
===============
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1858

Release Date:
=============
2016-06-21

Vulnerability Laboratory ID (VL-ID):
====================================
1858

Common Vulnerability Scoring System:
====================================
7.6

Product & Service Introduction:
===============================
http://www.mutualaid.org/

Abstract Advisory Information:
==============================
An independent vulnerability laboratory researcher discovered a remote sql-injection web
vulnerability in the official Mutualaid CMS v4.3.1 content management system.

Vulnerability Disclosure Timeline:
(Continue reading)

Vulnerability Lab | 28 Jun 14:00 2016

Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability


Document Title:
===============
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1849

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
====================================
1849

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:
===============================
Strengthen relationships with your customers. Be number one in customer service and let them spread the
good word and 
experience about you. Increase your sales. Seize the throne! Collect communication from your customers,
let 
LiveAgent process it and route it to the right support representatives at the right time.

(Copy of the Homepage: https://www.ladesk.com/features/ )
(Continue reading)

Salvatore Bonaccorso | 28 Jun 11:56 2016
Picon

[SECURITY] [DSA 3607-1] linux security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3607-1                   security <at> debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 28, 2016                         https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2015-7515 CVE-2016-0821 CVE-2016-1237 CVE-2016-1583
                 CVE-2016-2117 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185
                 CVE-2016-2186 CVE-2016-2187 CVE-2016-3070 CVE-2016-3134
                 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140
                 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3951
                 CVE-2016-3955 CVE-2016-3961 CVE-2016-4470 CVE-2016-4482
                 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569
                 CVE-2016-4578 CVE-2016-4580 CVE-2016-4581 CVE-2016-4805
                 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998 CVE-2016-5243
                 CVE-2016-5244

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186,
CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138,
CVE-2016-3140

    Ralf Spenneberg of OpenSource Security reported that various USB
    drivers do not sufficiently validate USB descriptors.  This
    allowed a physically present user with a specially designed USB
(Continue reading)

Securify B.V. | 27 Jun 21:58 2016
Picon

Craft CMS affected by server side template injection

------------------------------------------------------------------------
Craft CMS affected by server side template injection
------------------------------------------------------------------------
Nelson Berg & Jurgen Kloosterman, June 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that Craft CMS is vulnerable to server-side
template injection. An authenticated attacker can exploit this issue
to compromise Craft CMS, for example by retrieving sensitive data from
configuration files.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
All versions of Craft CMS prior to build 2791 are affected by this
vulnerability.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Pixel & Tonic, Inc. released Craft CMS build 2791 that resolves this
vulnerability. This build can easily be installed through the Control
Panel. After the fix is applied the rendering of templates is globally
limited in TemplatesService.php and TwigEnvironment.php.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
(Continue reading)

mehmet | 27 Jun 13:22 2016
Picon
Gravatar

BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability

1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS  
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs:  SQL Injection
Author: Mehmet Ince
Date of found: 27 Jun 2016

2. CREDIT
========================================
Those vulnerabilities was identified during external penetration test
by Mehmet INCE from PRODAFT / INVICTUS.

Netsparker was used for initial detection.

3. DETAILS
========================================

Following codes shows $page variable is used at inside SQL query without proper escaping nor PDO.

File : /core/inc/bigtree/admin.php

Lines 6866 - 6879

function submitPageChange($page,$changes) {
	if ($page[0] == "p") {
		// It's still pending...
(Continue reading)

Matt Bush | 27 Jun 09:36 2016
Picon

[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection

Product: 

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') 

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing
non-root users to execute arbitrary commands with root privileges and gain remote shell access to the
appliance. 

This vulnerability can be triggered via modifying any request made via functionality accessible from the
Network->Troubleshooting->Network Tests window using an intercepting proxy or with otherwise
crafted requests to abuse the execEvil() function.

The appliance web interface is accessible via unsecured HTTP by default. This leaves the appliance
vulnerable to Man-in-the-Middle attacks that allow attackers to intercept plaintext credentials,
facilitating exploitation of this vulnerability for further elevation of privileges.

Solution:

No official solution is currently available. Restrict access, consider Administrator interface access
equivalent to root privileges.

Vulnerability Discovery:
Matthew Bush (The Missing Link)

Proof of Concept:
With a local intercepting proxy, alter the "params" field for any POST request to execEvil to execute any
(Continue reading)

hyp3rlinx | 27 Jun 07:05 2016
Picon

MyLittleForum v2.3.5 PHP Command Injection

[+] Credits: hyp3rlinx 

[+] Website: hyp3rlinx.altervista.org

[+] Source:  http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product:
===================
MyLittleForum 2.3.5

my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded
view (tree structure). The main claim of this web forum is simplicity. Furthermore it should be easy to install
and run on a standard server configuration with PHP and MySQL.

Vulnerability Type:
=======================
PHP Command Execution

CVE Reference:
==============
N/A
(Continue reading)

Slackware Security Team | 25 Jun 01:46 2016

[slackware-security] php (SSA:2016-176-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.23-i486-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.23
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(Continue reading)


Gmane