Full Disclosure
Posted by Securify B.V. on Mar 19
————————————————————————
Advent JMX Servlet of Citrx Command Center is accessible to
unauthenticated users
————————————————————————
Han Sahin, August 2014
————————————————————————
Abstract
————————————————————————
It was discovered that the Advent JMX…
Posted by Securify B.V. on Mar 19
————————————————————————
Citrix Command Center allows downloading of configuration files
————————————————————————
Han Sahin, August 2014
————————————————————————
Abstract
————————————————————————
It was discovered that Citrix Command Center stores…
Posted by Rehan Ahmed on Mar 19
I. Overview
========================================================
Chamilo LMS 1.9.10 or prior versions are prone to a multiple Cross-Site Scripting (Stored + Reflected) & CSRF
vulnerabilities. These vulnerabilities allows an attacker to gain control over valid user accounts in LMS, perform
operations on their behalf, redirect them to malicious sites, steal their credentials, and more.
II. Severity…
Posted by Brandon Perry on Mar 19
Version 1.2.5 of the ECommerce-WD plugin for Joomla! has multiple
unauthenticated SQL injections available via the advanced search
functionality.
http://extensions.joomla.org/extension/ecommerce-wd
The vulnerable parameters are search_category_id, sort_order, and
filter_manufacturer_ids within the following request:
POST
/index.php?option=com_ecommercewd&controller=products&task=displayproducts
HTTP/1.1
Host: 172.31.16.49
User-Agent:…
Posted by James Hooker on Mar 19
Hi XZ,
I managed to get a number of CVEs last year, but towards the end of the
year they simply stopped replying, so I’ve given up. Whether they stopped
replying due to work load, or whether my submissions were not up to their
requirements I’m not sure.
If you find out any more, I’d be interested in knowing why they’ve stopped
assigning CVEs to certain submission sources.
Kind regards,
James H
Posted by Luca Todesco on Mar 19
Hello,
I have recently found an exploitable heap overflow in a core OS X driver.
Particularly, the injectString function is vulnerable to an heap overflow and can be triggered without privileges of
any kind.
The vulnerable function can be seen at
http://opensource.apple.com/source/IOHIDFamily/IOHIDFamily-503.200.2/IOHIDSystem/IOHIDSecurePromptClient.cpp
I wrote a weaponized poc at http://github.com/kpwn/vpwn.
The KASLR leak included is…
Posted by Luca Todesco on Mar 19
Hello,
I have recently found an exploitable heap overflow in a core OS X driver.
Particularly, the injectString function is vulnerable to an heap overflow and can be triggered without privileges of
any kind.
The vulnerable function can be seen at
http://opensource.apple.com/source/IOHIDFamily/IOHIDFamily-503.200.2/IOHIDSystem/IOHIDSecurePromptClient.cpp
I wrote a weaponized poc at http://github.com/kpwn/vpwn.
The KASLR leak included is…
Posted by info on Mar 19
Hello,
I have recently found an exploitable heap overflow in a core OS X driver.
Particularly, the injectString function is vulnerable to an heap overflow and can be triggered without privileges of
any kind.
The vulnerable function can be seen at
http://opensource.apple.com/source/IOHIDFamily/IOHIDFamily-503.200.2/IOHIDSystem/IOHIDSecurePromptClient.cpp
I wrote a weaponized poc at http://github.com/kpwn/vpwn.
The KASLR leak is not reliable….
Posted by Securify B.V. on Mar 18
————————————————————————
EMC Secure Remote Services Virtual Edition Provisioning component is
affected by SQL injection
————————————————————————
Han Sahin, November 2014
————————————————————————
Abstract
————————————————————————
An SQL injection…
Posted by Securify B.V. on Mar 18
————————————————————————
Command injection vulnerability in EMC Secure Remote Services Virtual
Edition
————————————————————————
Han Sahin, November 2014
————————————————————————
Abstract
————————————————————————
A command injection vulnerability was found…