Pentest

MISP before version 2.4.146 is impacted by a stored XSS vulnerability via the “share groups” menu

https://github.com/MISP/MISP/commit/01521d614cb578de75a406394b4f0426f6036ba7

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.

Read more about this vulnerability

The plugin did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (https://wpscan.com/vulnerability/fd4352ad-dae0-4404-94d1-11083cb1f44d) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover.

Read more about this vulnerability

The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.

Read more about this vulnerability

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 contain a vulnerability that could allow an unprivileged, authenticated user to perform remote code execution (RCE) on the Tenable.sc server via hypertext preprocessor deserialization.

Read more about this vulnerability

The URL for the web client sharing details was vulnerable to an XSS attack. An attacker could perform social engineering and impersonate an authenticated user.

Read more about this vulnerability

SolarWinds Serv-U before 15.2.2 allows the injection of unauthenticated macros. These two vulnerabilities allow an unauthenticated attacker to recover user passwords in clear text.

Read more about this vulnerability

An untrusted search path vulnerability in the product.console.exe as implemented in Bitdefender Endpoint Security Tools for Windows and Endpoint Security SDK allows a local attacker to escalate privileges.

This issue affects Bitdefender Endpoinit Security Tools for Windows versions prior to 6.6.18.261; Endpoint Security SDK versions prior to 6.6.18.261.

Reference :  https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646/

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.

Reference :  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10374
https://www.paessler.com/prtg/history/stable

A vulnerability allows an attacker who is not authenticated with network access via HTTP to compromise the Oracle Trade Management component of Oracle eBusiness Suite. The attack requires human interaction and although the vulnerability is in the Oracle Trade Management component, the attack significantly impacts other components. Exploiting this vulnerability gives unauthorized access to critical data, or even full access to all data accessible by the “Oracle Trade Management” module as well as unauthorized access to read, write and modify the data accessible by the module.

Reference : https://www.oracle.com/technetwork/topics/security/cpujul2018-4258247.html

A vulnerability allows an attacker who is not authenticated with network access via HTTP to compromise the “CRM Technical Foundation” component of Oracle eBusiness Suite. The attack requires human interaction and although the vulnerability is in the Oracle CRM Technical Foundation component, the attack significantly impacts other components. Exploiting this vulnerability gives unauthorized access to critical data, or even full access to all data accessible by the “Oracle CRM Technical Foundation” module as well as unauthorized access to read, write and modify the data accessible by the module.

Reference : https://www.oracle.com/technetwork/topics/security/cpujul2018-4258247.html

A vulnerability allows a non-authenticated attacker with network access via HTTP to compromise the Oracle Applications Manager component of Oracle eBusiness Suite. Exploiting this vulnerability gives unauthorized access to critical data, or even full access to all data accessible by the “Oracle Applications Manager” module.

Reference :  https://www.oracle.com/technetwork/topics/security/cpujul2018-4258247.html

A vulnerability allows an attacker who is not authenticated with network access via HTTP to compromise the Oracle Trade Management component of Oracle eBusiness Suite. The attack requires human interaction and although the vulnerability is in the Oracle Trade Management component, the attack significantly impacts other components. Exploiting this vulnerability gives unauthorized access to critical data, or even full access to all data accessible by the “Oracle Trade Management” module as well as unauthorized access to read, write and modify the data accessible by the module.

Reference : https://www.oracle.com/technetwork/topics/security/cpujul2018-4258247.html

Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise prior to version 4.1.6.13 allow attackers to inject HTML and arbitrary JavaScript content via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter on share/page/task-edit.

Reference : https://www.kb.cert.org/vuls/id/537684/

McAfee Enterprise Mobility Manager (EMM) Agent before version 4.8 and Server before version 10.1, are vulnerable when the single provisioning mode (OTP) is enabled. They are unduly dependent on SRV DNS records, which makes it easier for remote hackers to discover user passwords, as demonstrated by a password entered on an iOS device.

Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4587

Zenprise Device Manager is a mobile device management (MDM) software that can be used to manage a company’s mobile device fleet. The web interface of the Zenprise device manager is vulnerable to intersite request falsification (CSRF) attacks. A successful CSRF attack against an administrator user will allow a remote attacker to execute commands as an administrator on any device managed by Zenprise Device Manager.

Reference : https://www.kb.cert.org/vuls/id/584363/

There is a stack overflow in the CFNetwork URL management code. Visiting a maliciously constructed website can lead to the unintended closure of the application or arbitrary execution of code. This problem has been solved by better memory management.

Reference : https://support.apple.com/en-us/HT4225

Overflow vulnerabilities in Research In Motion (RIM) BlackBerry devices prior to version 6.0.0 allowing remote attackers to cause (at a minimum) a denial of service (browser blocking) via a malicious web page designed for them.

Reference : https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000024841