Full Disclosure

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Posted by Matthias Deeg on Oct 11

Advisory ID: SYSS-2019-035
Product: Surface Mouse
Manufacturer: Microsoft
Affected Version(s): WS3-00002
Tested Version(s): WS3-00002
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: –
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS GmbH)…

Posted by Matthias Deeg on Oct 11

Advisory ID: SYSS-2019-034
Product: Surface Keyboard
Manufacturer: Microsoft
Affected Version(s): WS2-00005
Tested Version(s): WS2-00005
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: –
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS…

Posted by Matthias Deeg on Oct 11

Advisory ID: SYSS-2019-033
Product: Designer Bluetooth Desktop
Manufacturer: Microsoft
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: –
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS GmbH)…

Posted by Martin Heiland via Fulldisclosure on Oct 11

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 66094 (Bug ID)
Vulnerability type: Server-Side Request Forgery (CWE-918)
Vulnerable…

Posted by Daniel Bishtawi on Oct 11

Hello,

We are informing you about the vulnerabilities in Openfire 4.4.1.

Here are the details:

Information
——————–

Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1
Affected Software: Openfire
Affected Versions: 4.4.1
Vendor Homepage: https://www.igniterealtime.org/
Vulnerability Type: Cross-site Scripting
Severity: Medium
Status: Fixed
CVSS Score (3.0):…

Posted by Egidio Romano on Oct 10

—————————————————————
SugarCRM <= 9.0.1 Multiple Phar Deserialization Vulnerabilities
—————————————————————

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 9.0.1 and prior versions, 8.0.3 and prior versions.

[-] Vulnerabilities Description:

1) User input passed through the "backup_dir" parameter when handling
the…

Posted by Egidio Romano on Oct 10

—————————————————————
SugarCRM <= 9.0.1 Multiple PHP Object Injection Vulnerabilities
—————————————————————

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 9.0.1 and prior versions, 8.0.3 and prior versions.

[-] Vulnerabilities Description:

1) The vulnerability exists because the "/modules/Emails/DetailView.php"…

Posted by Egidio Romano on Oct 10

————————————————————-
SugarCRM <= 9.0.1 Multiple PHP Code Injection Vulnerabilities
————————————————————-

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 9.0.1 and prior versions, 8.0.3 and prior versions.

[-] Vulnerabilities Description:

1) When handling the "Locale" action within the "Administration" module…

Posted by Egidio Romano on Oct 10

———————————————————
SugarCRM <= 9.0.1 Multiple Path Traversal Vulnerabilities
———————————————————

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 9.0.1 and prior versions, 8.0.3 and prior versions.

[-] Vulnerabilities Description:

1) User input passed to the "/Mail/attachment" REST API endpoint is not
properly
sanitized…

Posted by Egidio Romano on Oct 10

—————————————————————-
SugarCRM <= 9.0.1 Multiple Broken Access Control Vulnerabilities
—————————————————————-

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 9.0.1 and prior versions, 8.0.3 and prior versions.

[-] Vulnerabilities Description:

1) There is a Broken Access Control vulnerability with regards to the…

Posted by Egidio Romano on Oct 10

——————————————————–
SugarCRM <= 9.0.1 Multiple SQL Injection Vulnerabilities
——————————————————–

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 9.0.1 and prior versions, 8.0.3 and prior versions.

[-] Vulnerabilities Description:

1) User input passed to the "/pmse_Inbox/changeCaseUser" REST API
endpoint
is not properly…

Posted by Egidio Romano on Oct 10

————————————————————————-
SugarCRM <= 9.0.1 Multiple Reflected Cross-Site Scripting
Vulnerabilities
————————————————————————-

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 9.0.1 and prior versions, 8.0.3 and prior versions.

[-] Vulnerabilities Description:

1) User input passed through the "form"…

Posted by ProSec Security Team on Oct 08

Hello together,

we’ve found the following vulnerability below.

Affected software: RENPHO V3.0.0 (iOS App)
Vulnerability type: Missing Encryption and Integrity Check of Sensitive Data
Vulnerable version: Renpho Mobile Application V3.0.0 for iOS
Vulnerable component: Client app, transmitting data to server backend
Vendor report confidence: Unconfirmed
Fixed version: –
Vendor notification: 13/08/19
Solution date:
CVE reference: CVE-2019-14808…

Posted by Apple Product Security via Fulldisclosure on Oct 08

APPLE-SA-2019-10-07-4 iCloud for Windows 7.14

iCloud for Windows 7.14 is now available and addresses the following:

UIFoundation
Available for: Windows 7 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's
Zero Day Initiative

WebKit
Available for: Windows…

Posted by Apple Product Security via Fulldisclosure on Oct 08

APPLE-SA-2019-10-07-1 macOS Catalina 10.15

macOS Catalina 10.15 is now available and addresses the following:

AMD
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory…