Full Disclosure

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Posted by SEC Consult Vulnerability Lab on Nov 23

SEC Consult Vulnerability Lab Security Advisory < 20201123-0 >
=======================================================================
title: Multiple Vulnerabilities
product: ZTE WLAN router MF253V
vulnerable version: V1.0.0B04
fixed version: V1.0.0B05
CVE number:
impact: Medium
homepage: https://www.zte.com.cn
found: 2020-01-07
by: T. Weber…

Posted by Ken Williams via Fulldisclosure on Nov 23

CA20201116-01: Security Notice for CA Unified Infrastructure Management

Issued: November 16th, 2020
Last Updated: November 16th, 2020

CA Technologies, A Broadcom Company, is alerting customers to a
vulnerability in CA Unified Infrastructure Management. A vulnerability
exists that can allow a local attacker to elevate privileges. CA
published solutions to address this vulnerability and recommends that
all affected customers implement these…

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20

KL-001-2020-009 : Barco wePresent Insecure Firmware Image

Title: Barco wePresent Insecure Firmware Image
Advisory ID: KL-001-2020-009
Publication Date: 2020.11.20
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-009.txt

1. Vulnerability Details

     Affected Vendor: Barco
     Affected Product: wePresent WiPG-1600W
     Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19
     Platform: Embedded Linux…

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20

KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password

Title: Barco wePresent Global Hardcoded Root SSH Password
Advisory ID: KL-001-2020-008
Publication Date: 2020.11.20
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt

1. Vulnerability Details

     Affected Vendor: Barco
     Affected Product: wePresent WiPG-1600W
     Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19
    …

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20

KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI

Title: Barco wePresent Undocumented SSH Interface Accessible Via Web UI
Advisory ID: KL-001-2020-007
Publication Date: 2020.11.20
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt

1. Vulnerability Details

     Affected Vendor: Barco
     Affected Product: wePresent WiPG-1600W
     Affected Version: 2.5.1.8
    …

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20

KL-001-2020-006 : Barco wePresent Authentication Bypass

Title: Barco wePresent Authentication Bypass
Advisory ID: KL-001-2020-006
Publication Date: 2020.11.20
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt

1. Vulnerability Details

     Affected Vendor: Barco
     Affected Product: wePresent WiPG-1600W
     Affected Version: 2.5.1.8
     Platform: Embedded Linux
     CWE Classification:…

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20

KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text

Title: Barco wePresent Admin Credentials Exposed In Plain-text
Advisory ID: KL-001-2020-005
Publication Date: 2020.11.20
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt

1. Vulnerability Details

     Affected Vendor: Barco
     Affected Product: wePresent WiPG-1600W
     Affected Version: 2.5.1.8
     Platform: Embedded…

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20

KL-001-2020-004 : Barco wePresent Hardcoded API Credentials

Title: Barco wePresent Hardcoded API Credentials
Advisory ID: KL-001-2020-004
Publication Date: 2020.11.20
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-004.txt

1. Vulnerability Details

     Affected Vendor: Barco
     Affected Product: wePresent WiPG-1600W
     Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19
     Platform: Embedded…

Posted by Vulnerability Lab on Nov 20

Document Title:
===============
VTiger v7.0 CRM – (To) Persistent Email Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2227

Release Date:
=============
2020-11-18

Vulnerability Laboratory ID (VL-ID):
====================================
2227

Common Vulnerability Scoring System:
====================================
4.8

Vulnerability Class:
====================
Cross Site Scripting…

Posted by Marcin Kozlowski on Nov 18

Hi List,

Maybe you will find this interesting/useful.

Below is the TCMalloc tool that can inspect TCMalloc allocations:

https://github.com/marcinguy/tcmalloc-inspector

Here is my attempt to do the same for Chromium (Chrome) based browsers,
since they also used a tuned/adjusted TCMalloc. However without success.
Let me know if you know how to fix it.

https://github.com/marcinguy/tcmalloc-chromium

Did this to play some more with…

Posted by hacker on Nov 18

# Title: SOWA.OPAC Reflected Cross Site Scripting
# Vulnerability
Type: Cross Site Scripting (XSS)
# Attack Type: Account Hijacking,
Credential Theft, Data Leakage
# Author: Marek Holka
# Date:
2020-11-08
# Vendor: SOKRATES-software
# Software Link:
https://www.demo.sowwwa.pl/sowacgi.php
# Version: SOWA.OPAC all versions
up to 5.6.2
# CVE: CVE-2020-28350
# Description: A Cross Site Scripting
(XSS) vulnerability exists in Sokrates SOWA
SowaSQL…

Posted by SEC Consult Vulnerability Lab on Nov 17

SEC Consult Vulnerability Lab Security Advisory < 20201117-0 >
=======================================================================
title: Blind Out-Of-Band XML External Entity Injection (Authenticated)
product: Avaya Web License Manager
vulnerable version: 6.x, 7.0 through 7.1.3.6, 8.0 through 8.1.2.0.0
fixed version: 7.1.3.7 and 8.1.3
CVE number: CVE-2020-7032
impact: medium (6.5)…

Posted by Jonathan Gregson via Fulldisclosure on Nov 17

## About Fancy Product Designer for WooCommerce
Fancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor's
WooCommerce store. It is sold through the third-party marketplace "Envato Market" and boasts over 15,000 sales.

## Unrestricted File Upload
Fancy Product Designer for WooCommerce before and including version 4.5.1 contains an Unrestricted File Upload…

Posted by Jonathan Gregson via Fulldisclosure on Nov 17

## About Fancy Product Designer for WooCommerce
Fancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor's
WooCommerce store. It is sold through the third-party marketplace "Envato Market" and boasts over 15,000 sales.

## Stored XSS via SVG upload
Fancy Product Designer for WooCommerce before version 4.5.1 permits the upload of unsanitized SVG files by
unauthenticated…

Posted by Vulnerability Lab on Nov 16

Document Title:
===============
SugarCRM v6.5.18 – (Contacts) Persistent Cross Site Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2249

Release Date:
=============
2020-11-16

Vulnerability Laboratory ID (VL-ID):
====================================
2249

Common Vulnerability Scoring System:
====================================
5.1

Vulnerability Class:
====================
Cross…