DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting Vulnerabilities

Posted by DefenseCode on Apr 10 DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting
Vulnerabilities

Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor contacted, fix released
Release Date: 20170410
Risk: Medium

Full advisory available on the following URL:…

Link: http://seclists.org/bugtraq/2017/Apr/35

ssh_scan – A prototype SSH Configuration and Policy Scanner

A SSH configuration and policy scannerKey BenefitsMinimal Dependancies – Uses native Ruby and BinData to do its work, no heavy dependancies.Not Just a Script – Implementation is portable for use in another project or for automation of tasks.Simple – Just point ssh_scan at an SSH service and get a JSON report of what it supports and its policy status.Configurable – Make your own custom policies that fit your unique policy requirements.SetupTo install and run as a gem, type:gem install ssh_scanssh_scanTo run from a docker container, type:docker pull mozilla/ssh_scandocker run -it mozilla/ssh_scan /app/bin/ssh_scan -t github.comTo install and run from source, type:# clone repogit clone https://github.com/mozilla/ssh_scan.gitcd ssh_scan# install rvm,# you might have to provide root to install missing packagesgpg2 –keyserver hkp://keys.gnupg.net –recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3curl -sSL https://get.rvm.io | bash -s stable# install Ruby 2.3.1 with rvm,# again, you might have to install missing devel packagesrvm install 2.3.1rvm use 2.3.1# resolve dependenciesgem install bundlerbundle install./bin/ssh_scanExample Command-Line UsageRun ssh_scan -h to get thisssh_scan v0.0.17 (https://github.com/mozilla/ssh_scan)Usage: ssh_scan [options] -t, –target [IP/Range/Hostname] IP/Ranges/Hostname to scan -f, –file [FilePath] File Path of the file containing IP/Range/Hostnames to scan -T, –timeout [seconds] Timeout per connect after which ssh_scan gives up on the host -L, –logger [Log File Path] Enable logger -O, –from_json [FilePath] File to read JSON output from -o, –output [FilePath] File to write JSON output to -p, –port [PORT] Port (Default: 22) -P, –policy [FILE] Custom policy file (Default: Mozilla Modern) –threads [NUMBER] Number of worker threads (Default: 5) –fingerprint-db [FILE] File location of fingerprint database (Default: ./fingerprints.db) –suppress-update-status Do not check for updates -u, –unit-test [FILE] Throw appropriate exit codes based on compliance status -V [STD_LOGGING_LEVEL], –verbosity -v, –version Display just version info -h, –help Show this messageExamples: ssh_scan -t 192.168.1.1 ssh_scan -t server.example.com ssh_scan -t ::1 ssh_scan -t ::1 -T 5 ssh_scan -f hosts.txt ssh_scan -o output.json ssh_scan -O output.json -o rescan_output.json ssh_scan -t 192.168.1.1 -p 22222 ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO ssh_scan -t 192.168.1.1 -P custom_policy.yml ssh_scan -t 192.168.1.1 –unit-test -P custom_policy.ymlSee here for example videoSee here for example outputSee here for example policiesCreditsSources of Inspiration for ssh_scanMozilla OpenSSH Security Guide – For providing a sane baseline policy recommendation for SSH configuration parameters (eg. Ciphers, MACs, and KexAlgos).Download ssh_scan

Link: http://feedproxy.google.com/~r/PentestTools/~3/86BGzle-OmY/sshscan-prototype-ssh-configuration-and.html

Foscam All networked devices, multiple Design Errors. SSL bypass.

Posted by nick . m . mckenna on Apr 10Two issues in one that nullify SSL in foscam devices:
All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is
easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device.
One devices SSL keys are valid for any other device. See the below certificates CNs: *.myfoscam.org

Below are the ssl certificates of two foscam devices.

openssl s_client…

Link: http://seclists.org/bugtraq/2017/Apr/33

ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode

Posted by Nightwatch Cybersecurity Research on Apr 10[Original post can be found here:
https://wwws.nightwatchcybersecurity.com/2017/04/09/advisory-chromeos-chromebooks-persist-certain-network-settings-in-guest-mode/]

SUMMARY

Certain network settings in ChromeOS / ChromeBooks persists between
reboots when set in guest mode. These issues have been reported to the
vendor but will not be fixed since the vendor considers them to be WAI
(Working As Intended). These attacks require physical access to…

Link: http://seclists.org/bugtraq/2017/Apr/34

[SECURITY] [DSA 3827-1] jasper security update

Posted by Moritz Muehlenhoff on Apr 10————————————————————————-
Debian Security Advisory DSA-3827-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2017 https://www.debian.org/security/faq
————————————————————————-

Package : jasper
CVE ID : CVE-2016-9591 CVE-2016-10249…

Link: http://seclists.org/bugtraq/2017/Apr/31