Category Archives: Full Disclosure

Full Disclosure

FortiManager & FortiAnalyzer – (filename) Persistent Web Vulnerability

June 15, 2016 007admin

Posted by Vulnerability Lab on Jun 15

Document Title:
===============
FortiManager & FortiAnalyzer – (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fortios-5.4.0-release-notes.pdf
Release Notes #2: http://docs.fortinet.com/uploaded/files/2861/fortios-v5.2.6-release-notes.pdf
Release Notes #3:…

Full Disclosure

CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder

June 14, 2016 007admin

Posted by ljj on Jun 14

Title: CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder
Author: lukasz.juszczyk at ingservicespolska.pl
Date: 25.03.2016

Affected software :
=============
nGrinder v3.3
http://naver.github.io/ngrinder/

Description :
=============
nGrinder is a platform for stress tests that enables you to execute script creation, test execution, monitoring, and
result report generator simultaneously. The open-source nGrinder offers easy…

Full Disclosure

Bashi v1.6 iOS – Persistent Mail Encoding Vulnerability

June 14, 2016 007admin

Posted by Vulnerability Lab on Jun 14

Document Title:
===============
Bashi v1.6 iOS – Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852

Release Date:
=============
2016-05-25

Vulnerability Laboratory ID (VL-ID):
====================================
1852

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:…

Full Disclosure

Samsung SW Update – Insecure ACLs on SW Update Service Directory – EoP Vulnerability

June 13, 2016 007admin

Posted by Benjamin Gnahm on Jun 13

Blue Frost Security GmbH
https://www.bluefrostsecurity.de/
research(at)bluefrostsecurity.de
BFS-SA-2016-003
25-April-2016

Full Disclosure

nagios phishing vector & xss

June 13, 2016 007admin

Posted by randomsec guy on Jun 13

corewindow can be used to phish users:
http://jdoe:jdoe () nagioscore demos nagios com/nagios/index.php?corewindow=http://wikipedia.com

also to perform xss:
http://jdoe:jdoe () nagioscore demos nagios
com/nagios/index.php?corewindow=javascript://zz%250a;onload=alert(document.domain)//

Full Disclosure

FlashFXP v5.3.0 (Windows) – Memory Corruption Vulnerability

June 13, 2016 007admin

Posted by Vulnerability Lab on Jun 13

Document Title:
===============
FlashFXP v5.3.0 (Windows) – Memory Corruption Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1853

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
====================================
1853

Common Vulnerability Scoring System:
====================================
5.1

Product & Service Introduction:…

Full Disclosure

CM Ad Changer 1.7.7 WordPress Plugin – Cross Site Scripting Web Vulnerability

June 13, 2016 007admin

Posted by Vulnerability Lab on Jun 13

Document Title:
===============
CM Ad Changer 1.7.7 WordPress Plugin – Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1856

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
====================================
1856

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…

Full Disclosure

SQL Injection Vulnerabilities found in European Commisssion & European Parliament

June 8, 2016 007admin

Posted by Vulnerability Lab on Jun 08

Press|News: (SecurityWeek) Researchers have discovered several SQL
injection vulnerabilities in the websites of the European Parliament and
the European Commission — both hosted on the official domain of the
European Union (europa.eu).

URL:
http://www.securityweek.com/sql-injection-flaws-found-european-union-websites

Full Disclosure

Microsoft Education – Code Execution Vulnerability

June 7, 2016 007admin

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Microsoft Education – Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1669

MSRC Case: 32314
TRK: 0001002809

Research Article: http://www.kieranclaessens.be/uncategorized/microsoft-education-remote-code-execution/

Release Date:
=============
2016-06-07

Vulnerability Laboratory ID (VL-ID):
====================================
1669…

Full Disclosure

WordPress Levo-Slideshow 2.3 – Arbitrary File Upload Vulnerability

June 7, 2016 007admin

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Wordpress Levo-Slideshow 2.3 – Arbitrary File Upload Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1854

Release Date:
=============
2016-06-07

Vulnerability Laboratory ID (VL-ID):
====================================
1854

Common Vulnerability Scoring System:
====================================
7.5

Product & Service Introduction:…

007 Software

Category Archives: Full Disclosure

FortiManager & FortiAnalyzer – (filename) Persistent Web Vulnerability

CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder

Bashi v1.6 iOS – Persistent Mail Encoding Vulnerability

Samsung SW Update – Insecure ACLs on SW Update Service Directory – EoP Vulnerability

nagios phishing vector & xss

FlashFXP v5.3.0 (Windows) – Memory Corruption Vulnerability

CM Ad Changer 1.7.7 WordPress Plugin – Cross Site Scripting Web Vulnerability

SQL Injection Vulnerabilities found in European Commisssion & European Parliament

Microsoft Education – Code Execution Vulnerability

WordPress Levo-Slideshow 2.3 – Arbitrary File Upload Vulnerability

Software and Security Information