Full Disclosure
Posted by Evex ola on May 08
‘Yet Another Related Posts Plugin’ options can be updated with no
token/nonce protection which an attacker may exploit via tricking website’s
administrator to enter a malformed page which will change YARPP options,
and since some options allow html the attacker is able to inject malformed
javascript code which can lead to code execution/administrator actions when
the injected code is triggered by an admin user.
injected javascript…
Posted by Darya Maenkova on May 08
Recently, HP published their yearly Cyber Risk Report 2015
(http://info.hpenterprisesecurity.com/LP_460192_Cross_CyberriskFullReport_0315_gate
). Having many typical things spotlighted in this report such as
growing number of ATM and IOT Security buzz you can find everywhere,
ERPScan found some parts which are relevant to business application
security. We have prepared deep article from this research, add all
details and also collected…
Posted by Vulnerability Lab on May 08
Document Title:
===============
Pimcore v3.0.5 CMS – Multiple Web Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1482
Release Date:
=============
2015-05-08
Vulnerability Laboratory ID (VL-ID):
====================================
1482
Common Vulnerability Scoring System:
====================================
6.2
Product & Service Introduction:
===============================…
Posted by Vulnerability Lab on May 07
Document Title:
===============
Grindr v2.1.1 iOS & Account System – Breach Attack Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1420
Release Date:
=============
2015-05-03
Vulnerability Laboratory ID (VL-ID):
====================================
1420
Common Vulnerability Scoring System:
====================================
6.7
Product & Service Introduction:…
Posted by Vulnerability Lab on May 07
Document Title:
===============
Yahoo eMarketing Bug Bounty #31 – Cross Site Scripting Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1491
Yahoo Security ID (H1): #55395
Release Date:
=============
2015-05-07
Vulnerability Laboratory ID (VL-ID):
====================================
1491
Common Vulnerability Scoring System:
====================================
3.3
Product &…
Posted by Vulnerability Lab on May 07
Document Title:
===============
Album Streamer v2.0 iOS – Directory Traversal Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1481
Release Date:
=============
2015-05-07
Vulnerability Laboratory ID (VL-ID):
====================================
1481
Common Vulnerability Scoring System:
====================================
6.6
Product & Service Introduction:…
Posted by Just A Fake on May 07
Does anyone have any info on the two pydio vulnerabilities announced today?
They have been given CVE-2015-3431 and CVE-2015-3432 but a search on mitre
just says those are reserved.
There is no information or explanation about what the issues are.
Thanks for any info anyone has.
Robot
Posted by Security Explorations on May 06
Hello All,
Security Explorations released technical details and POC codes for
additional security vulnerabilities found in Google App Engine for
Java. All relevant materials can be found at our SE-2014-02 project
details page:
http://www.security-explorations.com/en/SE-2014-02-details.html
The above link contains technical description of the following four
weaknesses discovered after initial 31 issues were patched by Google
in March 2015:
-…
Posted by Peter Lapp on May 06
Details
=======
Product: Alienvault OSSIM/USM
Vulnerability: Multiple Vulnerabilities (XSS, SQLi, Command Execution)
Author: Peter Lapp, lappsec () gmail com
CVE: None assigned
Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects
all previous versions as well.
Fixed Version: No fix has been released.
Summary
=======
Alienvault OSSIM is an open source SIEM solution designed to collect
and correlate log data. The vulnerability…
Posted by Vulnerability Lab on May 06
Document Title:
===============
TORNADO Computer Trading CMS – SQL Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1489
Release Date:
=============
2015-05-05
Vulnerability Laboratory ID (VL-ID):
====================================
1489
Common Vulnerability Scoring System:
====================================
7.4
Product & Service Introduction:…