Full Disclosure
Posted by Manuel Garcia Cardenas on Feb 14
=============================================
MGC ALERT 2017-001
– Original release date: Feb 07, 2017
– Last revised: Feb 12, 2017
– Discovered by: Manuel Garcia Cardenas
– Severity: 4,8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
WordPress Plugin Easy Table 1.6 – Persistent Cross-Site Scripting
II. BACKGROUND
————————-
Easy Table is a WordPress plugin that…
Posted by Sandra Evans on Feb 10
InfoSec2017 Invitation
CALL FOR PAPERS and PARTICIPATION in The Third International Conference on
Information Security and Cyber Forensics (INFOSEC2017) to be hosted by
Faculty of Management, Comenius University in Bratislava, Slovakia on June
29-July 1, 2017. The event will be held over three days, with presentations
delivered by researchers from the international community, including
presentations from keynote speakers and state-of-the-art…
Posted by Pierre Kim on Feb 09
## Advisory Information
Title: TP-Link C2 and C20i vulnerable to command injection
(authenticated root RCE), DoS, improper firewall rules
Advisory URL: https://pierrekim.github.io/advisories/2017-tplink-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
Date published: 2017-02-09
Vendors contacted: TP-Link
Release mode: Released
CVE: no current CVE
## Product Description
TP-Link is a Chinese…
Posted by Securify B.V. on Feb 08
————————————————————————
Authentication bypass vulnerability in Western Digital My Cloud
————————————————————————
Remco Vermeulen, Januari 2017
————————————————————————
Abstract
————————————————————————
It was discovered that Western Digital My Cloud is…
Posted by Stefan Kanthak on Feb 07
Hi @ll,
the executable installer [°] and the “portable” version
of SumatraPDF 3.1.2 (available from
<https://www.sumatrapdfreader.org/download-free-pdf-viewer.html>)
are vulnerable to DLL hijacking [‘]:
The executable installers SumatraPDF-3.1.2-install.exe and
SumatraPDF-3.1.2-64-install.exe load and execute (tested on
a fully patched Windows 7 SP1) at least Version.dll, OLEACC.dll,
CryptBase.dll, NTMARTA.dll,…
Posted by Wiswat A on Feb 07
[+] Exploit Title: Responsive Filemanger <= 9.11.0 – Arbitrary File
Disclosure/Deletion
[+] Date: 7 Feb 2017
[+] Vulnerability and Exploit Author: Wiswat Aswamenakul
[+] Vendor Homepage: http://www.responsivefilemanager.com/
[+] Affected version: only tested on 9.11.0 and 9.7.3 (other versions
might be affected)
[+] Tested on: Ubuntu 14.04, PHP 5.5.9
[+] Category: webapps
[+] Description
Responsive filemanger is a PHP based file manager that…
Posted by SEC Consult Vulnerability Lab on Feb 07
SEC Consult Vulnerability Lab Security Advisory < 20170207-0 >
=======================================================================
title: Path Traversal, Backdoor accounts & KNX group address
password bypass
product: JUNG Smart Visu Server
vulnerable version: Firmware v1.0.804/1.0.830/1.0.832
fixed version: Firmware v1.0.900
CVE number: –
impact: Critical…
Posted by Jeff Bollinger on Feb 07
We would like to announce a “Save the Date” and “Call for Speakers” for
the annual FIRST Amsterdam Technical Colloquium (TC). The main event,
hosted by Cisco Systems in Amsterdam, Netherlands will be a plenary
style conference held on the 25th and 26th of April 2017. We are also
offering an optional, free, training on Monday April 24th.
The event website: https://www.first.org/events/colloquia/amsterdam2017
Event…
Posted by Andrzej Dyjak on Feb 07
Greetings FD,
I’ve recently published fuzzing results for various interpreters [1].
FD members might find them interesting.
/ad
Posted by Pierre Kim on Feb 06
## Advisory Information
Title: Remote DoS against OpenBSD http server (up to 6.0)
Advisory URL: https://pierrekim.github.io/advisories/CVE-2017-5850-openbsd.txt
Blog URL: https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html
Date published: 2017-02-07
Vendors contacted: OpenBSD
Release mode: Released
CVE: CVE-2017-5850
## Product Description
The OpenBSD project produces a FREE, multi-platform 4.4BSD-based
UNIX-like…