Posted by Walter Hop on Sep 19

Unrestricted Upload/RCE in Neosense theme for WordPress
https://lifeforms.nl/20160919/unrestricted-upload-neosense <https://lifeforms.nl/20160919/unrestricted-upload-neosense>

Vulnerability:

Neosense is a WordPress theme by dynamicpress.
(https://themeforest.net/item/neosense-multipurpose-wordpress-theme/6363229
<https://themeforest.net/item/neosense-multipurpose-wordpress-theme/6363229>)

Neosense theme version 1.7 contains an…

Posted by Brandon Perry on Sep 19

This is a segfault in the Oracle Outside In File ID library version 8.5.3.

http://www.oracle.com/technetwork/middleware/content-management/downloads/oit-dl-otn-097435.html

==22240== Memcheck, a memory error detector
==22240== Copyright (C) 2002-2015, and GNU GPL’d, by Julian Seward et al.
==22240== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22240== Command: ./fisimple…

Posted by Hicham A. Tolimat on Sep 19

Oh hai o/

TL;DR:
This is not your usual full disclo delivery.
it’s a 4chan-style lampoon, or what we could call in French “un pamphlet
2.0″.

Excuse my French, Kudos for challenging/improving my English.

If you’re only interested in technicalities, this “vuln” can be written
down to:

“FB Search/AI Injection” using “English, M**, do you speak it?”
-> Insecure Direct Object Reference +…