Posted by Lorenzo Primiterra on Nov 02

Hi all,
if nobody has already posted it, I would like to link this new security
event, witch is going to be held in Italy but all in English, bringing
together the Italian culture (food, wine, culture) and the InfoSec world.

It will be held in Turin on November 7th and 8th in the Italian Association
of Sommeliers of Piedmont.

The agenda is looking good with speakers from Europe and USA:Dean Sysman,
Philippe Langlois, Michele…

Posted by Jing Wang on Nov 02

*TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber
Attacks*

*Website Description:*
http://www.telegraph.co.uk

“The Daily Telegraph is a British daily morning English-language broadsheet
newspaper, published in London by Telegraph Media Group and distributed
throughout the United Kingdom and internationally. The newspaper was
founded by Arthur B. Sleigh in June 1855 as The Daily Telegraph and
Courier, and since 2004 has…

Posted by Jing Wang on Nov 02

*Daily Mail Registration Page Unvalidated Redirects and Forwards & XSS Web
Security Problem*

*Website Description:*
“The Daily Mail is a British daily middle-market tabloid newspaper owned by
the Daily Mail and General Trust. First published in 1896 by Lord
Northcliffe, it is the United Kingdom’s second biggest-selling daily
newspaper after The Sun. Its sister paper The Mail on Sunday was launched
in 1982. Scottish and Irish…

Posted by MustLive on Nov 02

Hello participants of Mailing List.

After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I’ve made next update of the software. At 30th of October DAVOSET v.1.2.6
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

GitHub:…

Posted by ITAS Team on Nov 02

#Vulnerability: Cross-Site Scripting
#Vendor: http://www.zeuscart.com
#Download link: http://zeuscart.com/download/
#Affected version: Zeuscart V4
#CVSS v3.0 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
#Condition: The attack is performed by an “Anonymous User”
#Payload: “–><ScRipt>alert(/ITASVN/)</ScRipT>
#Fix version: N/A
#Author: Dang Quoc Thai – thai.q.dang () itas vn và ITAS Team

::PROOF OF CONCEPT::
+…

Posted by Curesec Research Team (CRT) on Nov 02

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: SQL Buddy 1.3.3
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: nom () deliciousbrains com
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 08/18/2015
Disclosed to public: 10/07/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Vulnerability…

Posted by Curesec Research Team (CRT) on Nov 02

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: SQL Buddy 1.3.3
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: nom () deliciousbrains com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 08/18/2015
Disclosed to public: 10/07/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Vulnerability…

Posted by Curesec Research Team (CRT) on Nov 02

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Chyrp CMS 2.5.2
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Github: https://github.com/chyrp/chyrp
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed to public: 10/07/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Vulnerability…