Hacking and random thoughts

Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages

A HTML injection vulnerability flaw in the Nextcloud and Owncloud. Through this vulnerability an attacker could manipulate the website. This vulnerability could affect to the logged users. An attacker could send a malicious link (that contains the manipulated URL) to a legitimate user that he is logged in and simulate the login screen to stole the password (phishing), or multiple attacks more, like XSS. Nextcloud and ownCloud use Content-Security-Policy which prevents execution of inline JavaScript. However, as of now prominently Internet Explorer hasn't implemented Content-Security-Policy thus being at risk against this reflected Cross-Site Scripting
CVE: CVE-2017-0891, CVE-2017-8896

Both have bug bounty programs via HackerOne platform. I got rewards for both, NextCloud was very fast with the fix and good rewards, NextCloud rewarded me with 450$. Owncloud rewarded me with 150$ and they didn't give enough answers via HackerOne.

Authentication Bypass in Pandora FMS 5.0 and 5.1

A vulnerability has been discovered in Pandora FMS that permits an unautheticated user to change the password for any Pandora user without knowing the actual user password. The vulnerability occurs at the login screen due to the session not being checked before the password is changed.

Celoxis <= 9.5 - Cross Site Scripting (XSS)

Exist a vulnerability in the calendar.wm that allow an attacker execute arbitrary javascript in the browser context of a victim. Also, the attacker could steal the cookie because it is not being protected by HTTPOnly flag and is possible avoid the filters with the eval function.

Visual Paradigm Server v10.0 - Cross Site Scripting (XSS)

A vulnerability has been detected in login.jsp that allow an attacker execute arbitrary javascript in the browser context of a victim and could steal the cookie of a user and hijack his session.

Fireware XTM Web UI Open Redirect

An open redirect vulnerability has been detected in the login form. This vulnerability allows to an attacker redirect to arbitrary websites through the WatchGuard Fireware XTM Web UI Page.

Reflected XSS in Squert (securityOnion)

A Reflected Cross Site Scripting has been discover in Squert. Thought this issue an attacker could run arbitrary javascript code in the client browser.

PHP Power Browse 1.2 - Directory Traversal

This file browser is vulnerable to path traversal and allow to an attacker to access to files and directories that are stored outside the web root folder.

K2 Joomla! Extension < 2.7.1 - Reflected Cross Site Scripting

The administrator panel of K2 suffers multiple reflected cross site scripting. An attacker could trick to an administrator to click in a malicious URL and steal his cookie or redirect to a malicious site to generate new attack vectors (e.g. launch exploits against his browser). This XSS just affects to administrators so the range of attacks is limited but still is being a risk.

© 2021 Manu