Disposable mail security updates for 29 April – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

CVE-2020-11514: WordPress seo-by-rank-math Privilege Escalation

Rank Math is a WordPress SEO plugin with over 200,000 installations. Most recently, a critical RCE vulnerability was discovered that allowed an unauthenticated attacker to update arbitrary metadata, which includes the ability to grant or revoke administrative privileges for any registered user on the site.

A more detailed code analysis on the vulnerability can be found here:
https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/

Atlassian Confluence Knowledge Base Exposure

There have been numerous write-ups on the exposure of internal company documentation and web pages. As more and more companies are migrating online due to COVID-19, this issue is becoming more prevalent. Most recently, Crowdsource has implemented a module that checks Atlassian Confluence instances for the public exposure of their internal wikis.

CVE-2020-11455: LimeSurvey Path Traversal

LimeSurvey is a free and open-source online survey tool. Recently, it was found that a path traversal vulnerability was found in the software that would allow an attacker to read sensitive data from the server.

 

Questions or comments on the latest Disposable mail security updates? Let us know in the comments below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web vulnerability scanner service and we release Disposable mail security updates at least bi-weekly. Disposable mail offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Google Confirm Two New High-Severity Vulnerabilities in Chrome 81 – Disposable mail news

The new Chrome 81 version released on April 7th by Google for Windows, Mac, and Linux primarily focused on security owing to the vulnerability users are subjected to due to the coronavirus pandemic. The launch of the update was delayed for similar reasons. It brought along new features, bug fixes, and over 30 security flaw patches from Google’s security researchers and some experts from outside.

The new Chrome 81 version is being promoted to the Stable channel, meanwhile, Chrome 83 and Chrome 84 will be promoted to the Beta version and the Canary version respectively. As per sources, Chrome 82 will be disregarded because of the COVID-19 charged atmosphere, and all progress from the version will be channelized into the subsequent version, Chrome 83.

While warning users of more security flaws in Chrome 81, Google confirms two new high-severity vulnerabilities infecting the web browser. As these new security exploits could allow hackers to run commands over an affected system by gaining unauthorized control, users worldwide are being advised by the U.S Cybersecurity and Infrastructure Security Agency (CISA) to apply the latest update launched by the company in defense against these security vulnerabilities.

Both of the aforementioned security vulnerabilities were reported by Zhe Jin from Qihoo 360, a Chinese internet security services provider; for one of these, Jin received a bounty of $10,000 for CVE-2020-6462 which is a use-after-free error in the Chrome task scheduling component. The second one, CVE-2020-6461 was also of a similar use-after-free form but this one affected storage, according to the update notice from Prudhvikumar Bommana, Google Chome Technical Program Manager. 

Google has confirmed that the update will be pushed for all the users in the upcoming days and weeks, however, users are advised to remain proactive and keep looking up for updates to be applied manually by going to Help | About Google Chrome, where you can find the version you are currently running and an option to check for further updates. After installing the latest version, simply restart the web browser, and there you go being safeguarded against both the flaws.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 16 April – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

CVE-2020-7961: Liferay Portal Unauthenticated RCE

Liferay is an enterprise portal that allows the use of corporate extranets and intranets. Most recently, a JSON Object deserialization issue has been found that would allow an attacker to execute arbitrary code. 

The vulnerability is described further here: https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html

Adobe AEM Flush Dispatcher DoS

An interesting report was submitted to the Crowdsource team that showed a very simple way to invalidate or flush cached pages without any rate limiting in Adobe Experience Manager. If done repeatedly, this can lead to Denial of Service attacks.

CVE-2020-8509: Zoho ManageEngine Desktop Central Unauthenticated PDF Servlet Access

Zoho ManageEngine Desktop Central is an endpoint management solution that helps to manage servers, laptops, desktops, smartphones, and tablets from a central location. A Crowdsource researcher, is credited with finding an unauthenticated servlet access vulnerability, which allows unauthenticated users to access PDFGenerationServlet, that can lead to sensitive information disclosure.

Questions or comments on the latest Disposable mail security updates? Let us know in the comments below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web vulnerability scanner service and we release Disposable mail security updates at least bi-weekly. Disposable mail offers a crowdsource-powered testbed of 1500+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Extended notes for security updates from 26 July – 10 minute mail

For continuous coverage, we push out a major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Exposed Yii Debugger:

  • Yii is a PHP framework
  • Bundles with a debugger
  • Exposure to all user requests to the server, environment variables and OS information
  • If misconfigured, this debug page can be publicly accessible for anyone that knows the URL for it
  • Similar to Flask and the Patreon Werkzeug debugger exposure

Serendipity Open Redirect:

  • Serendipity is an open source PHP blogging platform
  • An unauthenticated open-redirect exists in the system
  • Can be used in attack chains to get hold of CSRF tokens, OAuth tokens, referrals, etc.

Adobe Dreamweaver /dwsync.xml Exposure

  • Sites developed in Adobe Dreamweaver create a file called dwsync.xml and this file contains the full file/directory listing of the site
  • Can be used to conduct further attacks toward the system

Apache Drill Exposure

  • “Schema-free SQL Query Engine for Hadoop, NoSQL and Cloud Storage”
  • Have a web interface
  • If found, attacker can query all data for an organization

Apache Drill Path Traversal

  • If authentication is lacking, the system can be reconfigured
  • Allows attackers to query the local filesystem and read all files stored on the Apache Drill server

Markdown/deploy.md Exposure

  • Files ending with “.md” usually contain markdown text
  • The file deploy.md usually contains configuration details
  • Attacker could get access to sensitive information on how to manage the service

Liferay Portal SSRF

  • Liferay Portal is an enterprise CMS
  • Unauthenticated SSRF via XMLRPC (i.e, no trail is needed)
  • Attacker can send requests to services on their Intranet

Questions or comments on our latest security updates? Let us know in the comments below!

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 23 August – 10 minute mail

For continuous coverage, we push out a major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

NGINX Variable Disclosure (Crowdsource submission)

Through Crowdsource we are about to stay up-to-date will new methods the moment they are reported on different channels. This week we implemented Disclosure of internal Nginx variables. This was described in a Russian HackerOne report about two months ago. Kudos to the reporter as this took some out-of-the-box thinking to get this.

Cisco ASA Path Traversal (Crowdsource submission)

While a lot in this release has been vulnerabilities that are uniquely found or hard to categorize, a few CVEs has also been implemented. One of the examples here would be the Path Traversal-issue in one of Cisco’s product. Given that Cisco is widely used, this could be impacting many companies at the moment. To ensure quality of the report we check for the actual vulnerability and not just the running version.

Practical Web Cache Poisoning

Something that has taken up much of the time of the security researchers is the recent blog post by Portswigger, Practical Web Cache Poisoning. There are still things to do there, with different angles on the research. This is something that we expect to see more about in the near future. The potential impact varies from being able to control innocent content on a page to getting a stored XSS.

We found several findings around different types of authentication bypasses with inspiration from the Portswigger article and past experience of our security researchers. While implementing this and running towards our own test environment we were able to bypass authentication in ways that were not even supposed to be tested – a clear sign this will probably affect many out there!

Customer feedback on false positives

We now check for more administration tools that are exposed to the internet and improved accuracy on existing modules to prevent false positives. Thanks for reporting findings to us so that we can continue to improve our tool!

Questions or comments on our latest security updates? Let us know in the comments below!

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 6 September – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

Apache Struts RCE

A Remote Code Execution vulnerability was disclosed in Apache Struts in late August, meaning an attacker is able to craft code that will be executed on the target’s server. This is a framework for Java applications and is used by many enterprises around the world.

A PoC was submitted to us through Crowdsource, and has since been implemented.

Fingerprint for exposed administration tools

We fingerprint and warn about accidentally exposed administration tools. The severity of such exposure increases when no authentication is used.

This release we added/improved:

  • Apache CouchDB
  • TYPO3 Install Tool
  • FileMaker WebDirect

PrestaShop

PrestaShop is a platform used to run webshops. By default, no headers preventing iFrames are used even when logged in as an admin, meaning an attacker could do a clickjacking attack.

ACME Redirection

After blogging about how different implementation of ACME could lead to XSS or how we were able to issue certificates on domains that use a shared hosting, we have now also implemented a finding for an issue that once again could allow for malicious issuing of certificates if the server use redirections in a certain way.

Liferay

After adding Liferay as a prioritised technology for Disposable mail Crowdsource, we received several submissions with vulnerabilities that we since implemented. So far, the XSS and a server side vulnerabilities reported are affecting older versions.

Socket.IO

Socket.IO is a library for realtime communication between the browser and the server. When this is used with misconfigured CORS-headers, it will result in a session ID exposure, which can be used by an attacker to takeover that session. An attacker will be able to send requests to the server posing as the victim, as well as receiving messages intended for the victim.

The full potential impact of this varies a lot depending on what it is used for. There are instances where this is a core part of the application, which means this issue leads to account takeover.

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 20 September – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

Jolokia is a software that is used internally to setup an API that can be used to query information about the system.

Until recently the default configuration of this was to allow anyone to use it, as it was not supposed to be publicly accessible. It was possible to set a username and password, but it required a more complex setup. In a lot of instances, people went with the default. This combined with it being exposed on the internet means that malicious actors can query information about the system. This is not information that should be publicly available.

The original research can be found here.

Two versions of the WordPress plugin Loginizer have a stored XSS-vulnerability, which means that it is possible for an unauthenticated attacker to try to login on a URL that contains a XSS-payload. This attempt will then be logged, and the XSS-payload will execute when a logged in administrator reviews the log.

More information can be found here.

Similar to the vulnerability above, iThemes Security logged all non-existing URLs that someone had tried to access. By visiting a non-existing URL containing the XSS-payload, this would show up in the logs when later reviewed by a logged in administrator.

More information.

Atmosphere is a popular framework for asynchronous applications written in Java. This framework is made for building applications utilizing WebSocket, Server Sent Events, traditional Ajax Techniques among others.

The issue was in the JSONP-endpoint. It had a callback parameter that would reflect its value to the page. The response did not specify content type, which made it possible to have it treated as HTML and therefore cause XSS.

The full advisory can be found here.

A remote code execution vulnerability in a WordPress plugin called Duplicator was recently published online. This would allow an attacker to execute code on the server. Read the original research here.

After looking into this Crowdsource submission we also realised it is a big problem if directory listing is activated when running this plugin, as that would expose database backups. A test for this on this plugin, as well as related, was then also added at the same time.

 

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 4 October – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

Iframe busters used by several advertisements network were found vulnerable to XSS. That means that all the websites hosting selected iframe busters are vulnerable to XSS. In a recent query on the most popular websites, we found that 2% of websites were vulnerable.

More details about that can be found here.

There is a CSRF-vulnerability in older versions of phpMyAdmin, giving an attacker the ability to send a crafted link to someone being logged in to phpMyAdmin and by doing so force the one being logged in to execute SQL commands. This can in turn be used to upload files and thereby take over the server.

Caucho Resin admin interface has a page with a few reflected XSS vulnerabilities. Those are exploitable without logging in.

This is a few years old, but as the researcher discovered several websites still vulnerable against this which is why we decided to implement it.

The plugin logs a lot of information in a publicly available log file. This information includes error messages, path disclosure and depending on circumstances could contain other sensitive information as well.

This is not a vulnerability per se, but rather a backdoor left from another hacker attack. This backdoor seems to be commonly used in recent attacks.

The backdoor has no authorization at all, meaning anyone can use it to execute code on the server. This itself is a problem, but it is also proof of an existing hacker attack.

Nagiso is a network monitoring tool used by many large organizations. This is intended for internal use, but it happens that developers expose it to the internet. As there is no authorization required, anyone could access it and thereby get information just intended for internal use.

Umbraco creates a few folders, that according to their documentation, should be locked down. However, security through documentation do not always work when not everyone reads everything, meaning there are vulnerable instances out there.

 

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 19 October – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

CVE-2018-18069: WordPress wpml Stored XSS

Sitepress Multilingual CMS Plugin prior to version 3.6.3 is vulnerable to a stored cross site scripting in the WordPress admin login interface. This could lead to an unauthenticated attacker being able to completely take over a WordPress site.

CVE-2018-2894: Oracle WebLogic RCE

The CVE-2018-2894 which is affecting versions 12.1.3.0, 12.2.1.2 and 12.2.1.3 of Oracle Weblogic is a remote code execution (RCE) which allows unauthenticated attackers to upload arbitrary Java Server Pages-files (JSP) to the server. This could lead to a complete server takeover.

CVE-2018-1673: IBM WebSphere XSS

The CVE-2018-1673 is affecting several versions of IBM WebSphere Portal. The vulnerability is a reflected cross site scripting attack where an attacker can execute arbitrary Javascript in the context of the victim’s browser.

 

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail security updates for 31 October – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

CVE-2017-7529: NGINX Remote Integer Overflow / Memory Leak

Some older versions of Nginx contain a known integer overflow vulnerability which can be exploited to leak memory from the web server. Leaking memory from a web server is generally harmful, as it would contain requests from the visitors including user passwords. It can also hold keys for certificates.

Read more about that here: https://github.com/nixawk/labs/issues/15

F5-Networks / Big-IP Cookie Information Exposure

F5 BIG-IP load balancer uses cookies to store a lot of data. Among other things, this data can expose internal IP-addresses. This is not a vulnerability in itself, but this information can certainly aid an attacker in further attacks.

More information can be found here: https://www.tenable.com/plugins/nessus/20089

CVE-2018-9206: jQuery-File-Upload Arbitrary File Upload

The default configuration of jQuery-File-Upload allowsed a user to upload any file type. This meanst the ability of uploading a .php-file that would execute on the server, and thereby allow execution of any code.

This was reported to us by several different researchers and seems to be a issue both talked about by many and, but also affecting a lot of different websites.

More information can be found here: http://www.vapidlabs.com/advisory.php?v=204

Spring Boot Actuator Revealing Heap Dump Route

Some configurations of Spring Boot causes an endpoint to disclose a heapdump. A heapdump is a copy of the memory of a server. Similar to when describing the nginx memory leak, this memory can contain a lot of sensitive information which should not be disclosed.
This is more a misconfiguration rather than an actual vulnerability in Spring Boot.

Documentation for this can be found here: https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html#production-ready-endpoints-exposing-endpoints

NGINX Alias Directory Listing

A common misconfiguration of alias used in Nginx web servers allows an attacker to disclose source code and files on the server. This was submitted through Disposable mail Crowdsource some time ago, and we’ve added several improvements of detections in the latest release.

More information about this vulnerability can be found here: https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

Deprecated PHP

We utilize a lot of fingerprinting to make each scan as efficient as possible as well as making sure we run all relevant tests against all websites. We will now start to alert customers when the version of PHP in use is no longer supported.

Read more about this issue here: https://www.zdnet.com/article/around-62-of-all-internet-sites-will-run-an-unsupported-php-version-in-10-weeks/

Persistent XSS in Laravel setup

Previous versions of Laravel have a persistent XSS in the default setup. More information about this can be found in this detailed write-up by x1m, https://x1m.nl/posts/laravel-xss-vuln/.

 

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.