osClass 3.6.1: Remote Code Execution via Image File

19 Dec 2016 by Robin Peraglie

osClass

In todays calendar gift, we present another beautiful chain of vulnerabilities which, in the end, allows an attacker to remotely execute arbitrary PHP code. This time, an attacker can smuggle his PHP payload through a valid image file. The issues were detected by RIPS in the open source marketplace software osClass 3.6.1 used for creating classifieds sites.

Read More ...

OpenConf 5.30 - Multi-Step Remote Command Execution

17 Dec 2016 by Johannes Dahse

OpenConf

Today, we present a multi-step command execution vulnerability in the popular conference management software OpenConf. The vulnerability was reported and fixed a while ago, but the chain of 4 exploitation steps involved makes it a very interesting vulnerability sample for our advent calendar. 4 - 3 - 2 - 1 …

Read More ...

Teampass 2.1.26.8: Unauthenticated SQL Injection

12 Dec 2016 by Martin Bednorz

Teampass

The next gift in our advent calendar reveals security issues in Teampass, a collaborative password manager first published in late 2011. We detected a critical unauthenticated SQL injection and many file inclusions which could have led to many leaked passwords and angry users. The issues were reported and fixed earlier this year.

Read More ...