[FD] SEC Consult SA-20170822-0 :: Multiple vulnerabilities in Progress Sitefinity CMS

2017-08-22 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170822-0 > === title: Multiple vulnerabilities product: Progress Sitefinity vulnerable version: 9.1 fixed version: 10.1 CVE

[FD] [RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates

2017-08-22 Thread RedTeam Pentesting GmbH
Advisory: WebClientPrint Processor 2.0: No Validation of TLS Certificates RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in

[FD] [RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification

2017-08-22 Thread RedTeam Pentesting GmbH
Advisory: WebClientPrint Processor 2.0: Unauthorised Proxy Modification RedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor (WCPP). This proxy setting may be distributed via specially crafted websites

[FD] [RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates

2017-08-22 Thread RedTeam Pentesting GmbH
Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Updates RedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor (WCPP). These updates may be distributed through specially crafted websites and are processed

[FD] [RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs

2017-08-22 Thread RedTeam Pentesting GmbH
Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs RedTeam Pentesting discovered that malicious print jobs can be used to trigger a remote code execution vulnerability in WebClientPrint Processor (WCPP). These print jobs may be distributed via specially crafted websites