Full Disclosure
Posted by Vulnerability Lab on Jun 07
Document Title:
===============
Wordpress Levo-Slideshow v2.3 – Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1855
Release Date:
=============
2016-06-06
Vulnerability Laboratory ID (VL-ID):
====================================
1855
Common Vulnerability Scoring System:
====================================
2.5
Product & Service Introduction:…
Posted by Vulnerability Lab on Jun 07
Document Title:
===============
Mapbox (API) – Filter Bypass & Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1787
ID: #119802
Release Date:
=============
2016-06-06
Vulnerability Laboratory ID (VL-ID):
====================================
1787
Common Vulnerability Scoring System:
====================================
3.8
Product & Service Introduction:…
Posted by Sandro Gauci on Jun 02
# XML External Entity XXE vulnerability in OpenID component of Liferay
– Author: Sandro Gauci <sandro () enablesecurity com>
– Vulnerable version: Liferay 6.2.3 CE GA4 and earlier
– Liferay reference: LPS-58014
– Advisory URL:
<https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-liferay-xxe>
– Timeline:
– Report date: March 16 2015
– Liferay patch: August 26 2015
– Liferay advisory: January 18…
Posted by Gregory Pickett on Jun 02
Title
===================
rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion
Summary
===================
rConfig, the open source network device configuration management tool, is vulnerable to local file inclusion in
/lib/crud/downloadFile.php. downloadFile.php allows authenticated users to download any file on the server.
Affected Products
===================
rConfig 3.1.1 and earlier…
Posted by Francisco Javier Santiago Vázquez on Jun 02
I. VULNERABILITY
————————-
Vulnerability Cross-Site Scripting (XSS)
II. PROOF OF CONCEPT
————————-*URL: *
1. http://espanol.babylon-software.com/bht/index.html?trid=
2. http://traductor.babylon-software.com/ingles/a-espanol/
3. http://traduccion.babylon-software.com/?trid=
*Vector:* <img src=1 onerror=alert(“n0ipr0cs”);>/
*State:* unpathed
III. SYSTEMS AFFECTED…
Posted by Francesco Oddo on Jun 02
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Posted by Raiden lol on Jun 02
Title: Force allow access to Bypass windows firewall
Vulnerability: Missing Authorization
Wednesday, May 18, 2016
Credit: CoolerVoid
Technical Details
===========
Windows has the function *SendInput()*
<https://msdn.microsoft.com/pt-br/library/windows/desktop/ms646310%28v=vs.85%29.aspx>
to
simulate a keystroke. This function accepts as argument an array of INPUT
structures. The INPUT structures can be either a mouse or a keyboard event….
Posted by SEC Consult Vulnerability Lab on Jun 02
SEC Consult Vulnerability Lab Security Advisory < 20160602-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Ubee EVW3226 Advanced wireless voice gateway
vulnerable version: Firmware EVW3226_1.0.20
fixed version: –
CVE number: –
impact: critical
homepage: http://www.ubeeinteractive.com…
Posted by Manuel Garcia Cardenas on Jun 01
=============================================
MGC ALERT 2016-004
– Original release date: May 28, 2016
– Last revised: June 1, 2016
– Discovered by: Manuel Garcia Cardenas
– Severity: 4,8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
Reflected XSS in CMSimple <= v4.6.2
II. BACKGROUND
————————-
CMSimple is a php based Content Managemant System (CMS) , which…
Posted by Bogner Florian on Jun 01
MitM Attack against KeePass 2’s Update Check
Metadata
===================================================
Release Date: 02-03-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: all tested version up to the current 2.33
Tested on: Windows 7
CVE : CVE-2016-5119
URL: https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Video: https://youtu.be/gOxcQSbpA-Q
Vulnerability Status:…