Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

PDF Converter & Editor 2.1 iOS – File Include Vulnerability

Posted by Vulnerability Lab on May 06

Document Title:
===============
PDF Converter & Editor 2.1 iOS – File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1480

Release Date:
=============
2015-05-06

Vulnerability Laboratory ID (VL-ID):
====================================
1480

Common Vulnerability Scoring System:
====================================
6.9

Product & Service Introduction:…

Full Disclosure

Oracle Business Intelligence Mobile HD v11.x iOS – Persistent UI Vulnerability

Posted by Vulnerability Lab on May 06

Document Title:
===============
Oracle Business Intelligence Mobile HD v11.x iOS – Persistent UI Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1361

Oracle Security ID: S0540289
Tracking ID: S0540289
Reporter ID: #1 2015Q1

Release Date:
=============
2015-05-06

Vulnerability Laboratory ID (VL-ID):
====================================
1361

Common Vulnerability Scoring System:…

Full Disclosure

F5 ASM JSON Profile Bypass

Posted by Peter Lapp on May 06

Details
=======

Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Web Application Firewall Bypass
Author: Peter Lapp, lappsec () gmail com
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Should apply to all releases.
Fixed Version: None

Summary
=======

The F5 ASM is a web application firewall designed to protect web
applications from attacks. Due to the way that the system processes
JSON content, it’s…

Full Disclosure

[CVE-2014-8146/8147] – ICU heap and integer overflows / I-C-U-FAIL

Posted by Pedro Ribeiro on May 05

tl;dr heap and integer overflows in ICU, many packages affected,
unknown if these can be exploited or not – everyone names vulns
nowadays, so I name these I-C-U-FAIL.

Hi,

I have found two vulnerabilities in the ICU library while fuzzing
LibreOffice, full details in the advisory below.
Disclosure of these was done initially to LibreOffice and then to
distro-security. I then reported it to Chromium, Android and finally
CERT, so I ended up…

Full Disclosure

Fortinet FortiAnalyzer & FortiManager – Client Side Cross Site Scripting Vulnerability

Posted by Vulnerability Lab on May 05

Document Title:
===============
Fortinet FortiAnalyzer & FortiManager – Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1354

Security Bulletin FortiGuard: http://www.fortiguard.com/advisory/FG-IR-15-005/

PSIRT ID: 1327458

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3620

CVE-ID:
=======
CVE-2015-3620

Release Date:
=============…

Full Disclosure

vPhoto-Album v4.2 iOS – File Include Web Vulnerability

Posted by Vulnerability Lab on May 05

Document Title:
===============
vPhoto-Album v4.2 iOS – File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1477

Release Date:
=============
2015-05-05

Vulnerability Laboratory ID (VL-ID):
====================================
1477

Common Vulnerability Scoring System:
====================================
6.2

Product & Service Introduction:…

Full Disclosure

PhotoWebsite v3.1 iOS – File Include Web Vulnerability

Posted by Vulnerability Lab on May 04

Document Title:
===============
PhotoWebsite v3.1 iOS – File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1474

Release Date:
=============
2015-05-04

Vulnerability Laboratory ID (VL-ID):
====================================
1476

Common Vulnerability Scoring System:
====================================
6.6

Product & Service Introduction:…

Full Disclosure

Grindr 2.1.1 iOS Bug Bounty #2 – Denial of Service Software Vulnerability

Posted by Vulnerability Lab on May 04

Document Title:
===============
Grindr 2.1.1 iOS Bug Bounty #2 – Denial of Service Software Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1418

Release Date:
=============
2015-05-02

Vulnerability Laboratory ID (VL-ID):
====================================
1418

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:…

Full Disclosure

Grindr v2.1.1 iOS – (eMail) Session Vulnerability

Posted by Vulnerability Lab on May 04

Document Title:
===============
Grindr v2.1.1 iOS – (eMail) Session Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1426

Release Date:
=============
2015-05-04

Vulnerability Laboratory ID (VL-ID):
====================================
1426

Common Vulnerability Scoring System:
====================================
6.8

Product & Service Introduction:
===============================…

Full Disclosure

Grindr v2.1.1 iOS Bounty #1 – (Session) Auth Bypass Vulnerabilities

Posted by Vulnerability Lab on May 04

Document Title:
===============
Grindr v2.1.1 iOS Bounty #1 – (Session) Auth Bypass Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1419

Release Date:
=============
2015-05-04

Vulnerability Laboratory ID (VL-ID):
====================================
1419

Common Vulnerability Scoring System:
====================================
9.3

Product & Service Introduction:…