Full Disclosure
Posted by 朱东海 on Apr 24
1. Advisory Information
Advisory URL:
http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19
Date published: 2015-04-23
Date of last update: 2015-04-23
2. Vulnerability Information
Class: heap overflow
Impact: memory information leak and remote code execution
Remote Exploitable: Yes
Local Exploitable: No
CVE Name: CVE-2015-1863
Vulnerability Information and Patch: http://w1.fi/security/2015-1/
3. Vulnerability…
Posted by Vulnerability Lab on Apr 23
Document Title:
===============
Socrata Bug Bounty #1 – Persistent Encoding Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1438
Release Date:
=============
2015-04-22
Vulnerability Laboratory ID (VL-ID):
====================================
1438
Common Vulnerability Scoring System:
====================================
3.3
Product & Service Introduction:…
Posted by Shahar Tal on Apr 23
RCE on the most popular eCommerce (/shopping cart) platform out there – we have been urging admins to patch for a while
now.
This one is as serious as it gets, auth bypass + SQLi + RFI converted to LFI. Props to our own Netanel Rubin for the
top research.
Check Point was awarded with a $20k USD bounty for this report, which we have decided to donate to charity.
Check out the complete technical analysis at…
Posted by Martin Jartelius on Apr 22
SCADA – EXPLOITING CVE-2015-0984 FOR SHELL ACCESS
This post is a follow up detailing how to achieve control of the actual
XLWEB SCADA controller. The vulnerability is assigned with reference
CVE-2015-0984.
Rather than the application level administrative access as discussed in
the email regarding CVE-2014-2717, this focuses on issues with the FTP,
default accounts which could not be changed, and high privileges of the
web server user resulting…
Posted by Vulnerability Lab on Apr 22
Document Title:
===============
HomeAdvisor (Bug Bounty #1) – Filter Bypass & Client Side Exception Handling Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1452
Release Date:
=============
2015-04-21
Vulnerability Laboratory ID (VL-ID):
====================================
1452
Common Vulnerability Scoring System:
====================================
3.6
Product & Service…
Posted by ma sh on Apr 22
Security Issue:
===============
It is possible to fool Android users into performing
undesired actions on their devices.
Namely, it is possible to force them downloading
malicious applications without being aware of it.
It seems to affect all versions of Android.
Reference (source):
===================
http://www.nes.fr/securitylab/?p=1865
Proof Of Concept:
=================
https://www.youtube.com/watch?v=ekvdO8tdJ34
Posted by Vulnerability Lab on Apr 22
Document Title:
===============
iPassword Manager v2.6 iOS – Persistent Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1453
Release Date:
=============
2015-04-21
Vulnerability Laboratory ID (VL-ID):
====================================
1455
Common Vulnerability Scoring System:
====================================
3.7
Product & Service Introduction:…
Posted by Vulnerability Lab on Apr 22
Document Title:
===============
Apple iOS 8.0 – 8.0.2 – Controls Re Auth Bypass Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1322
Video: http://www.vulnerability-lab.com/get_content.php?id=1334
Release Date:
=============
2015-03-02
Vulnerability Laboratory ID (VL-ID):
====================================
1322
Common Vulnerability Scoring System:…
Posted by Mario Vilas on Apr 22
This looks like a reflected XSS, not a code execution vulnerability as the
term is commonly understood.
Posted by Jouko Pynnonen on Apr 22
*Overview*
Google Analytics by Yoast is one of the most popular WordPress plug-ins
with over 7 million downloads and “1+ million” active installs. Last month
Yoast patched a stored XSS we reported in the plug-in. Shortly after this
we identified another bug of a similar severity. The second stored XSS has
now been corrected.
An unauthenticated attacker can store JavaScript in the WordPress
administrator’s Dashboard on the target…