Full Disclosure
Posted by flanker on May 26
Hi: I’m posting some vulnerabilities I reported to Android and fixed last year prior to the Android Security Bounty
program launch. Since there’re no public bulletins for these ancient reports, I’m writing to the maillist for the
record. Details ======= A permission leakage exists in Android 5.x that enables a malicious application to acquire the
system-level protected permission of DEVICE_POWER. There exists a permission…
Posted by Ulisses Montenegro on May 25
This looks very similar to the persistent XSS reported a while ago on the
Teampass github, is it the same vulnerability?
https://github.com/nilsteampassnet/TeamPass/issues/1244
On 25 May 2016 at 19:10, Vulnerability Lab <research () vulnerability-lab com>
wrote:
Posted by Elar Lang on May 25
Title: CVE-2016-4803 dotCMS – Email Header Injection
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: Email Header Injection
Vulnerable version: before 3.5 / 3.3.2
CVE: CVE-2016-4803
Vendor: dotCMS (http://dotcms.com/)
# Description
dotCMS has an email sending functionality at path /dotCMS/sendEmail/
Some parameters are vulnerable to Email Header Injection.
# Preconditions
There is no pre-condition on authentication or on…
Posted by Julien Ahrens on May 25
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: XenAPI for XenForo
Vendor URL: github.com/Contex/XenAPI
Type: SQL Injection [CWE-89]
Date found: 2016-05-20
Date published: 2016-05-23
CVSSv3 Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: –
2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE…
Posted by Vulnerability Lab on May 25
Document Title:
===============
Bashi v1.6 iOS – Persistent Mail Encoding Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852
Release Date:
=============
2016-05-25
Vulnerability Laboratory ID (VL-ID):
====================================
1852
Common Vulnerability Scoring System:
====================================
3.4
Product & Service Introduction:…
Posted by Vulnerability Lab on May 25
Document Title:
===============
Bugcrowd Bug Bounty #7 – Persistent Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1830
ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b
Release Date:
=============
2016-05-10
Vulnerability Laboratory ID (VL-ID):
====================================
1830
Common Vulnerability Scoring System:
====================================…
Posted by Vulnerability Lab on May 25
Document Title:
===============
Teampass v2.1.26 – Stored Cross Site Scripting Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1845
Release Date:
=============
2016-05-24
Vulnerability Laboratory ID (VL-ID):
====================================
1845
Common Vulnerability Scoring System:
====================================
3.4
Product & Service Introduction:…
Posted by Vulnerability Lab on May 25
Document Title:
===============
Teampass v2.1.25 – Unauthenticated Access Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1844
Release Date:
=============
2016-05-18
Vulnerability Laboratory ID (VL-ID):
====================================
1844
Common Vulnerability Scoring System:
====================================
6.8
Product & Service Introduction:…
Posted by Vulnerability Lab on May 25
Document Title:
===============
Teampass v2.1.25 – Arbitrary File Download Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1843
Release Date:
=============
2016-05-17
Vulnerability Laboratory ID (VL-ID):
====================================
1843
Common Vulnerability Scoring System:
====================================
8.1
Product & Service Introduction:…
Posted by Advisories Advisories on May 24
Mogwai Security Advisory MSA-2016-01
———————————————————————-
Title: PowerFolder Remote Code Execution Vulnerability
Product: PowerFolder Server
Affected versions: 10.4.321 (Linux/Windows) (Other version might be also
affected)
Impact: high
Remote: yes
Product link: https://www.powerfolder.com
Reported: 02/03/2016
by:…