Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Java 8u40 released: why?

Posted by paul . szabo on Mar 05

I notice that Java (JDK, JRE) update 8u40 has been released.
Though
http://www.oracle.com/technetwork/java/javase/downloads/index.html
says “this release includes important security fixes”, the release notes
http://www.oracle.com/technetwork/java/javase/8u40-relnotes-2389089.html
says the “security baseline” is 1.8.0_31 (unchanged).
I do not notice any major “useability” issues fixed.
So: why this out-of-band…

Full Disclosure

Webshop hun v1.062S SQL Injection Security Vulnerabilities

Posted by Jing Wang on Mar 05

*Webshop hun v1.062S SQL Injection Security Vulnerabilities*

Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters SQL
Injection Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: Mar 04, 2015
Latest Update: Mar 04, 2015
Vulnerability Type: Improper Control of Generation of Code (‘Code
Injection’) [CWE-94]
CVE Reference: *
Credit: Wang…

Full Disclosure

Webshop hun v1.062S Directory Traversal Security Vulnerabilities

Posted by Jing Wang on Mar 05

*Webshop hun v1.062S Directory Traversal Security Vulnerabilities*

Exploit Title: Webshop hun v1.062S /index.php &mappa Parameter Directory
Traversal Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: Mar 04, 2015
Latest Update: Mar 04, 2015
Vulnerability Type: Improper Limitation of a Pathname to a Restricted
Directory (‘Path Traversal’)…

Full Disclosure

Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities

Posted by Jing Wang on Mar 05

*Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities*

Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters XSS
Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: Mar 04, 2015
Latest Update: Mar 04, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Credit: Wang Jing [CCRG, Nanyang Technological…

Full Disclosure

WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities

Posted by Jing Wang on Mar 05

*WordPress “Max Banner Ads” Plug-in XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: WordPress “Max Banner Ads” Plugin /info.php &zone_id
Parameter XSS Security Vulnerabilities
Product: WordPress “Max Banner Ads” Plugin
Vendor: MaxBlogPress
Vulnerable Versions: 1.9 1.8 1.4 1.3.* 1.2.* 1.1 1.09
Tested Version: Check All Related Versions’ Source Code
Advisory Publication: Mar 04,…

Full Disclosure

WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities

Posted by Jing Wang on Mar 05

*WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security
Vulnerabilities*

Exploit Title: WordPress Newsletter Plug-in /do.php &nr parameter URL
Redirection Security Vulnerabilities
Product: WordPress Newsletter Plug-in
Vendor: Satollo.net
Vulnerable Versions: 2.6.* 2.5.*
Tested Version: Check Related Versions’ Source Code
Advisory Publication: March 04, 2015
Latest Update: March 04, 2015
Vulnerability Type: URL…

Full Disclosure

Partial pointer leaks

Posted by Christophe Hauser on Mar 05

Hi everyone,

I am posting this message in the hope to gather suggestions about
potential past vulnerabilities of a specific kind (described below), or
ideas about applications, libraries or APIs that might potentially be
subject to it.

As part of an academic project, I am looking for examples of partial,
and eventually indirect pointer leaks in the wild. I am basically after
leaks that only reveal several bits (but not all) of an address (heap,…

Full Disclosure

CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin)

Posted by dxw Security on Mar 04

Details
================
Software: Contact Form DB
Version: 2.8.29
Homepage: https://wordpress.org/plugins/contact-form-7-to-database-extension/
Advisory report:
https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-delete-all-stored-form-submissions/
CVE: CVE-2015-1874
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description
================
CSRF in Contact Form DB allows attacker to delete all stored form…

Full Disclosure

[Call for Papers] SOURCE Boston (May 27/28)

Posted by Squirrel Herder Productions on Mar 03

The SOURCE Boston CFP is open through March 9th

SOURCE Conference brings security experts and business professionals
together in an intimate and personal environment to discuss the security
industry’s most important issues, technologies, and business trends. SOURCE
places the technical excellence and expertise found at top hacker
conferences in an executive environment where business professionals can
gain insight into the security…

Full Disclosure

PHPMoAdmin Unauthorized Remote Code Execution (0-Day)

Posted by Pichaya Morimoto on Mar 03

######################################################################
# _ ___ _ _ ____ ____ _ _____
# | | / _ | | |/ ___|/ ___| / |_ _|
# | | | | | | | | | _| | / _ | |
# | |__| |_| | | | |_| | |___ / ___ | |
# |________/|_| _|____|____/_/ __|
#
# PHPMoAdmin Unauthorized Remote Code Execution (0-Day)
# Website : http://www.phpmoadmin.com/
# Exploit Author : @u0x (Pichaya Morimoto), Xelenonz, pe3z,…