Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service with exponentially growing memory payloads. Versions 0.9.40 and below are affected.
ed8acdbe74a60413ec64bf7ee626907c637009037aa099593ef2ffdb4b694c81Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. Versions of Crowd and Crowd Data Center starting with version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
985c2d75d6a00aea412d56a69bb859b3edd00658270d8705e9aa0d84f96b275dShopware versions 4.0.1 through 5.3.7 suffer from a cross site request forgery vulnerability. Malicious, third-party websites may abuse this API to list, add or remove products from a user's cart.
0c973cc0b8b396e326136493e77ee67e1e021b531a57d187e3ca1760ce5aca8aRedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the document's signature. This might lead to a complete bypass of authorisation mechanisms. Versions prior to 2.6.1 are affected.
3161025b44bdf506c94fc43a995ecee6fe36a5a17cca6bee9d2de7e64bc0814fRedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor (WCPP). This proxy setting may be distributed via specially crafted websites and is set without any user interaction as soon as the website is accessed. Version 2.0.15.109 is affected.
09c0e3cd68348e506a9714a171060413afaa79dbee57b201c4d67e7fd6a31b1cRedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor (WCPP). These updates may be distributed through specially crafted websites and are processed without any user interaction as soon as the website is accessed. However, the browser must run with administrative privileges. Version 2.0.15.109 is affected.
16d24709c0cb5cba7e8f5f98b3f1f03545ac4ec24730922aafb7e643bd7c27d7RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive information and the integrity of printed documents cannot be guaranteed. Version 2.0.15.109 is affected.
d5d5ce3f3fb5bf4d769947dc95fa513fec9e066196c762f799c032bd2ce628d1WebClientPrint Processor version 2.0.15.109 suffers from a remote code execution vulnerability via print jobs.
76fbb2cc02917553f3f3564e781c290894efa3b6b06fcd52855df0eeb4b137ecTYPO3 Formhandler version 2.4.0 suffers from a cross site scripting vulnerability.
1d3622f0e4f3d15078215547598f31908bda1104d6de15ccb96b0669109dc293RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.
becde93c067e78ba68597a35f6d477408561832538f83bbfc9c5867a28459d85RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network traffic on the appliance's interfaces. Affected versions include build 2032 and 2.0.625.
acd4c88b4e6b269475472b9ac9f07228d4f40087768925bc7eb00ecfecd3522cRedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Affected versions include build 2032 and 2.0.625.
566d35f51e7eacf080b67dde2ac3e518fc64eab804ca996a361d492a9d1e33b8RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Affected versions include build 2032 and 2.0.625.
73f166953c9826d6cb5ced2e73d23f83f1666942751bbe3a859d6bd211d10a9aRedTeam Pentesting discovered a cross site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Affected versions include build 2032 and 2.0.625.
24d8f1cffd703098f7bc99803e67978d1404d5582276c79f31555172622b593bRedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files from the affected system with root permissions. Affected versions include build 2032 and 2.0.625.
4b2a83e33f783d6780df2b94816103795f01791ce55f04a8febcf31ae4a50c00RedTeam Pentesting discovered an information disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Affected versions include build 2032 and 2.0.625.
c1999c59bf1a49e27b345dcd1c7259a0a82d09f67464808f16ff746ad4c41449PDNS Manager from Git master 3bf4e28 (2016-12-12) through 2bb00ea (2017-05-22) suffer from a remote command execution vulnerability.
4cb7a145d0b426916656de00ed970ff40d01438a3a5fda816ce6c6a34d716786The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence. All versions of Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed version for 6.0.x) are affected by this vulnerability.
81936b182168b27dc4d9e1c13e26ed7b479fb032c93be23162cb3365c172323eApache mod_session_crypto versions 2.3 through 2.5 suffer form a padding oracle vulnerability.
390f7fdc6969dd238103bdc9a74a406df47dd249a11cddc2a73743e36e51e549RedTeam Pentesting discovered behavior in the Less.js compiler, which allows execution of arbitrary code if an untrusted LESS file is compiled.
f903fc3389d263eceac3b7b2bbfa6a60d22496d0fa2b4102b24b08fb703421b5Relay Ajax Directory Manager versions relayb01-071706, 1.5.1, and 1.5.3 suffer from an unauthenticated file upload vulnerability that can result in a shell upload.
86f16a585b31311d54705ed9a9f89e3e7f9a9f7fb81cc770e74eb4ff7bc82dbcWebsockify versions 0.8.0 and below suffer a buffer overflow vulnerability that allows for remote code execution.
caea35c7d2790c9ab4ea828774b280bdbc0c89b8236bbec43cd1a0bed3e1876fPRTG Network Monitor version 14.4.12.3282 suffers from an XML eXternal Entity expansion vulnerability.
41babc73fc9bda76f17c48714fa073370cc3e8261d71210d28b3b5a3b479575fSecurimage version 3.6.2 suffers from a cross site scripting vulnerability.
cef5c2470c562793c29df7022f016d538fa8aecde6d8f3749e5047f3dfdb89eeThe o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.
f61935b3b37229ff1b4f27ebaef671d58dbbebb3c4c012e1603981367b17881bRedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device. Versions prior to 6.30 are affected.
228e71e3485b2cc97ccb9ddbef86d309e9fbac2497428d5179defa994f72604b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed