Monthly Archive: September 2020

The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html

The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html

The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html

The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html

The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html

The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities). Date published : 2020-09-03 https://discussions.eramba.org/t/bug-security-vulnerabilities-not-serious/1650/2 https://gitlab.com/gitlab-com/gl-security/disclosures/-/blob/master/005_eramba/eramba_weak_password_reset.md

eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension. Date...

silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview)...

Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. NOTE: The manufacturer...

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to...

An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access. Date published : 2020-09-03 https://github.com/rweather/noise-java/pull/12 http://seclists.org/fulldisclosure/2020/Sep/13

An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. Date published : 2020-09-03 https://github.com/rweather/noise-java/pull/12 http://seclists.org/fulldisclosure/2020/Sep/11

An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access. Date published : 2020-09-03 https://github.com/rweather/noise-java/pull/12 http://seclists.org/fulldisclosure/2020/Sep/14