Posted by Gsunde Orangen on Apr 08

Thanks, Matthew, for having spotted this.
As only current versions of Appweb (4 & 5) have been addressed so far,
but legacy versions (see http://embedthis.com/appweb/download.html) were
not mentioned yet in https://github.com/embedthis/appweb/issues/413 :

– Appweb V3: vulnerable, too
— Source code audit on Appweb 3.4.2:
The vulnerable code is not in the parseRange() function in
paks/http/httpLib.c, but similarly in http/request.c
–…

Posted by Levon Kayan on Apr 08

Hi,

Today, nullsecurity released a new tool: smalisca.

[ DESCRIPTION ]

Static Code Analysis tool for Smali files.

If you ever have looked at Android applications you know to appreciate
the ability of analyzing your target at the most advanced level. Dynamic
programm analysis will give you a pretty good overview of your
applications activities and general behaviour. However sometimes you’ll
want to just analyze your application *without*…

Posted by Pedro Ribeiro on Apr 08

Hi,

I’ve found a reported an unrestricted file upload vulnerability in
Novell ZenWorks Configuration Management which can be abused to
achieve remote code execution.

The full advisory text is below, and can also be obtained from my repo
[1]. A Metasploit module has been submitted and should hopefully be
accepted soon [2].

Regards,
Pedro

=================================================================================
Disclosure:…

Posted by Bhadresh Patel on Apr 08

Title:
====

HotExBilling Manager – Cross-site scripting (XSS) vulnerability

Credit:
======

Name: Bhadresh Patel
Company/affiliation: HelpAG
Website: www.helpag.com

CVE:
=====

CVE-2015-2781

Date:
====

12-03-2015 (dd/mm/yyyy)

Vendor:
======

Hotspot Express has been in the billing solution business since 1997 in its earlier name EasyBrowsing. Initially, it
designed billing solution to address Internet Café. Till today we have more 10000…