Posted by MustLive on Dec 13
Hello participants of Mailing List.
After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I’ve made next update of the software. At 30th of November DAVOSET v.1.2.7
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub:…
Posted by Aravind on Dec 13
Information
=================================
#Vulnerability type: Cross Site Scripting (XSS)
#Vendor: http://www.synnefoims.com/
#Product: Synnefo Client for Synnefo Internet Management Software
(IMS) 2015 (http://www.synnefoims.com/products.html)
CVE Reference:
=================================
CVE-2015-8247
Technical Details:
=================================
A reflected cross site scripting (XSS) vulnerability was found in synnefoclient
for…
Posted by CSW Research Lab on Dec 13
================================================================
SilverStripe CMS & Framework v3.2.0 – Cross-Site Scripting Vulnerability
================================================================
Information
**********************
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.2.0
Severity: Medium
Author – Arjun Basnet
CVE-ID: N/A
Homepage: https://www.silverstripe.org/download/
Description…
Posted by CSW Research Lab on Dec 13
================================================================
OcPortal CMS 9.0.20 – Cross-Site Scripting Vulnerability
================================================================
Information
**********************
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 9.0.20
Severity: Medium
Author – Arjun Basnet
CVE-ID: N/A
Homepage: https://ocportal.com/site/sites.htm/
Description
***********************…
Posted by CSW Research Lab on Dec 13
================================================================
OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability
================================================================
Information
**********************
Vulnerability Type : Cross-site Request Forgery (CSRF) Vulnerability
Vulnerable Version : 9.0.21
Severity: High
Author – Arjun Basnet
CVE-ID: N/A
Homepage: https://ocportal.com/site/sites.htm/
Description…
Posted by CSW Research Lab on Dec 13
================================================================
Bedita 3.6.0 – Cross-Site Scripting Vulnerability
================================================================
Information
**********************
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.6.0
Severity: Medium
Author – Arjun Basnet
CVE-ID: N/A
Homepage: http://www.bedita.com/
Description
***********************
Bedita is prone to URI…
The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170.
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account’s password, aka Bug ID CSCus62707.
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547.
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.