Posted by SECUPENT Research Center on Mar 20
Exploit Title: Achievo Cross Site Scripting vulnerability
Vendor: www.achievo.org
Software Link: http://www.opensourcecms.com/scripts/details.php?scriptid=98
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 20-3-2016
Cross Site scripting link:
http://site/achievo/index.php?%27%22–%3E%3C%2fstyle%3E%3C%2fscRipt%3E%3CscRipt%3Ealert%280×000912%29%3C%2fscRipt%3E
Screenshot:…
Posted by Laël Cellier on Mar 20
Oh………………………… Big mistake. I might advertised too soon.
I saw changes were pushed in master, so I thought the next version
(which was 2.7.1) would be the one which will include the fix.
But as pointed out on
https://security-tracker.debian.org/tracker/CVE-2016-2324 no versions
including the fixes were released yet, and even 2.7.3 still include
path_name(). I didn’t checked the code (Sorrrry).
So the only way to fix it…
Posted by 0x3d5157636b525761 iddqd on Mar 20
Brief
====
AsusTEK asio.sys driver accepts IOCTLs that allow the user to freely
manipulate MSRs.
Disclosure timeline
================
March 4th, 2016: contacted AsusTEK via mail and online chat. AsusTEK blamed
it on Microsoft!
March 5th, 2016: contacted the Microsoft security response center.
March 10th, 2016: Microsoft acknowledged and asked AsusTEK to fix.
March 16th, 2016: AsusTEK refuse to admit their mistakes.
March 17th, 2016: public…
Posted by 0x3d5157636b525761 iddqd on Mar 20
Disclosure timeline
===================
February 10th, 2016: discovered 3 issues: memory corruption, authorization
bypass, CSRF.
February 10th, 2016; supplying technical details to Netgear, including POC
code.
February 12th, 2016: Netgear’s response – they said that only the Bezeq
firmware is vulneable.
February 13th, 2016: discovering command injection vulnerability, updating
Netgear.
February 14th, 2016: contacted Bezeq.
February 21st,…
Posted by SECUPENT Research Center on Mar 20
Exploit Title: DORG – Disc Organization System SQL Injection And Cross Site Scripting
Software Link: http://www.opensourcecms.com/scripts/details.php?scriptid=479
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 20-3-2016
SQL Injection:
link: http://localhost/dorg/results.php?q=3&search=%2527&type=3
Screenshot: http://secupent.com/exploit/images/drogsql.jpg
Cross Site Scripting (XSS):…
Posted by Javier Nieto on Mar 20
Description
===================================================================
The FortiOS webui accepts a user-controlled input that specifies a link to
an external site, and uses that link in a redirect.
The redirect input parameter is also prone to a cross site scripting.
Public Fortinet Security Advisory (Mar 16 2016):
http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability
PoC…
More than 30 photos of the celebrities have been posted on Twitter by a hacker who appears to have stolen the pictures from the iCloud account of Styles’s mother, Anne.
The post Photos of Harry Styles and Kendall Jenner leak online after iCloud account hack appeared first on We Live Security.
Tanvir Hassan Zoha, a 34-year-old security researcher, who spoke to media on the $81 Million Bangladesh Bank cyber theft, has gone missing since Wednesday night, just days after accusing Bangladesh’s central bank officials of negligence.
Zoha was investigating a recent cyber attack on Bangladesh’s central bank that let hackers stole $81 Million from the banks’ Federal Reserve bank account.
This update disables the Graphite font shaping library in Iceweasel,
Debian’s version of the Mozilla Firefox web browser.
It was discovered that the ActiveMQ Java message broker performs unsafe
deserialisation. For additional information, please refer to the
upstream advisory at
http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt.
