Posted by Mark-David McLaughlin (marmclau) on Feb 22
This is message serves as Cisco PSIRT’s response to Juan Sacco’s post on
Febuary 17 regarding a zero-day exploit on the Cisco ASA.
We would like to thank Juan for reporting these issues to Cisco a couple of weeks ago.
We greatly appreciate the opportunity to work with researchers on security
vulnerabilities and welcome the opportunity to review and assist in product reports.
Juan’s original post is available in the Full Disclosure…
Posted by Etnies on Feb 22
Title: WebSVN – Reflected Cross-Site Scripting
Author: Jakub Palaczynski
Date: 22. February 2016
CVE: CVE-2016-2511
Affected software:
==================
WebSVN 2.3.3
Older versions are probably also vulnerable.
Description:
============
WebSVN offers a view onto your subversion repositories that’s been designed
to reflect the Subversion methodology. You can view the log of any file or
directory and see a list of all the files changed,…
Posted by Himanshu Mehta on Feb 22
*1. Introduction*
Affected Product: Fiyo CMS 2.0.2.1
Fixed in: Fiyo CMS 2.0.6
Fixed Version Link:
http://www.fiyo.org/blog/versi-2-0-6-banyak-perubahan-untuk-stabilitas
Vendor Website: http://www.fiyo.org/
Vulnerability Type: Persistent XSS
Remote Exploitable: Yes
Reported to vendor: 28/12/2015
Fixed by Vendor: 15/01/2016
CVE:
*2. Overview*
There are multiple persistent XSS vulnerabilities in Fiyo CMS…
PLANET IP surveillance camera model ICA-5350V suffers from authentication bypass, cross site request forgery, cross site scripting, arbitrary file read, hardcoded credential, and local file inclusion vulnerabilities.
SOLIDserver versions 5.0.4 and below suffer from a local file inclusion vulnerability.
SamenBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.
Posted by Vulnerability Lab on Feb 22
Document Title:
===============
Ubiquiti Networks Bug Bounty #9 – Invoice Persistent Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1728
Release Date:
=============
2016-02-22
Vulnerability Laboratory ID (VL-ID):
====================================
1728
Common Vulnerability Scoring System:
====================================
3.8
Product & Service Introduction:…
Posted by Vulnerability Lab on Feb 22
Document Title:
===============
InstantCoder v1.0 iOS – Multiple Web Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1738
Release Date:
=============
2016-02-22
Vulnerability Laboratory ID (VL-ID):
====================================
1738
Common Vulnerability Scoring System:
====================================
7
Product & Service Introduction:
===============================…
Linux users should not fool themselves into believing that they are somehow magically immune from malware attacks.
The post Linux Mint site hacked, users unwittingly download backdoored operating system appeared first on We Live Security.
[security bulletin] HPSBHF03544 rev.1 – HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access