Full Disclosure
Posted by Jing Wang on Mar 16
*724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities*
Exploit Title: 724CMS /section.php Module Parameter Directory Traversal
Security Vulnerabilities
Vendor: 724CMS
Product: 724CMS
Vulnerable Versions: 3.01 4.01 4.59 5.01
Tested Version: 5.01
Advisory Publication: March 14, 2015
Latest Update: March 14, 2015
Vulnerability Type: Improper Limitation of a Pathname to a Restricted
Directory (‘Path Traversal’) [CWE-22]…
Posted by Jing Wang on Mar 16
*724CMS 5.01 Multiple Information Leakage Security Vulnerabilities*
Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities
Vendor: 724CMS
Product: 724CMS
Vulnerable Versions: 3.01 4.01 4.59 5.01
Tested Version: 5.01
Advisory Publication: March 14, 2015
Latest Update: March 14, 2015
Vulnerability Type: Information Exposure [CWE-200]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.0…
Posted by Aris Adamantiadis on Mar 12
Le 12/03/15 17:00, Nick Boyce a écrit :
There are countless reports of the attack working on desktops. It worked
on one of the two non-ecc desktops I’ve tried it on. It’s an AMD FX 8150.
Aris
Posted by Rehan Ahmed on Mar 12
Product: OpenCms
Vendor: Alkacon Software
Vulnerable Version(s): 9.5.1 and probably prior
Tested Version: 9.5.1
Vendor Notification: Mar 05, 2015 (https://github.com/alkacon/opencms-core/issues/304)
Vendor Patch: Not Yet (No Specific Time-line)
Public Disclosure: Mar 12, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Not Yet (…
Posted by Advisories on Mar 12
Small correction (copy & paste error), sorry for that:
Mogwai Security Advisory MSA-2015-03
———————————————————————-
Title: iPass Mobile Client service local privilege escalation
Product: iPass Mobile Client
Affected versions: iPass Mobile Client 2.4.2.15122 (Newer version might be also
affected)
Impact: medium
Remote: no
Product link:…
Posted by Ryan Dewhurst on Mar 12
Title: WordPress SEO by Yoast <= 1.7.3.3 – Blind SQL Injection
Version/s Tested: 1.7.3.3
Patched Version: 1.7.4
CVSSv2 Base Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
CVSSv2 Temporal Score: 7 (AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
WPVULNDB: https://wpvulndb.com/vulnerabilities/7841
Description:
WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used
to improve the Search Engine Optimization (SEO) of…
Posted by Nick Boyce on Mar 12
(I’m just posting the news – haven’t seen this here yet)
A team of Google security researchers recently reported on discoveries
they have made over the last few months which show it is possible to
alter contents of DRAM locations by simply *reading* the contents of
neighbouring locations. Using this technique they were able to
develop an exploit which modified page tables to allow write access to
the whole of physical memory and thus…
Posted by Jouko Pynnonen on Mar 12
*OVERVIEW*
WPML is the industry standard for creating multi-lingual WordPress sites.
Three vulnerabilities were found in the plug-in. The most serious of them,
an SQL injection problem, allows anyone to read the contents of the
WordPress database, including user details and password hashes, without
authentication.
System administrators should update to version 3.1.9.1 released earlier
this week to resolve the issues.
*DETAILS*
*1. SQL…
Posted by Advisories on Mar 12
Mogwai Security Advisory MSA-2015-03
———————————————————————-
Title: iPass Mobile Client service local privilege escalation
Product: Hewlett-Packard Universal CMDB (UCMDB)
Affected versions: iPass Mobile Client 2.4.2.15122 (Newer version might be
also affected)
Impact: medium
Remote: no
Product link: http://www.ipass.com/laptops/…
Posted by Programa STIC on Mar 12
Fundación Dr. Manuel Sadosky – Programa STIC Advisory
www.fundacionsadosky.org.ar
*Vulnerabilities in the Samsung SNS Provider application for Android*
1. *Advisory Information*
Title: Vulnerabilities in the Samsung SNS Provider application for Android
Advisory ID: STIC-2014-0511
Advisory URL: http://www.fundacionsadosky.org.ar/publicaciones-2
Date published: 2015-3-11
Date of last update: 2015-3-11
Vendors contacted:…