Full Disclosure
Posted by Ricardo Iramar dos Santos on Mar 02
It seems was fixed.
HTTP/1.1 200 OK
Date: Sun, 01 Mar 2015 22:21:31 GMT
Server: Apache-Coyote/1.1
Content-Disposition: attachment; filename=autocomplete.txt
Content-Type: application/x-suggestions+json;charset=UTF-8
Content-Language: en-US
Content-Length: 34
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
[“iramar%22%7C%7Ccalc%7C%7C”, []]
They inclued the header “Content-Disposition: attachment;…
Posted by William Costa on Mar 02
I. VULNERABILITY
————————-
XSS Reflected vulnerabilities in Fortimail version 5.2.1
II. BACKGROUND
————————-
Fortinet’s industry-leading, Network Security Platforms deliver Next
Generation Firewall (NGFW) security with exceptional throughput, ultra
low latency, and multi-vector threat protection.
III. DESCRIPTION
————————-
Has been detected two XSS Reflected vulnerability in FortiMail in “…
Posted by Jing Wang on Mar 02
*NetCat CMS Multiple URL Redirection (Open Redirect) Security
Vulnerabilities*
Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 3.12
Advisory Publication: Feb 25, 2015
Latest Update: Feb 25, 2015
Vulnerability Type: URL Redirection to Untrusted Site (‘Open…
Posted by Jing Wang on Mar 02
*NetCat CMS Full Path Disclosure (Information Disclosure) Security
Vulnerabilities*
Exploit Title: NetCat CMS Full Path Disclosure Security Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 5.01 3.12
Advisory Publication: Feb 25, 2015
Latest Update: Feb 25, 2015
Vulnerability Type: Information Leak / Disclosure [CWE-200]
CVE…
Posted by Jing Wang on Mar 02
*NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities*
Exploit Title: NetCat CMS Multiple Remote File Inclusion (RFI) Security
Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 3.12
Advisory Publication: Feb 25, 2015
Latest Update: Feb 25, 2015
Vulnerability Type: Improper Control of Filename for Include/Require…
Posted by Jing Wang on Mar 02
*Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities*
Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security
Vulnerabilities
Product: SupeSite CMS (Content Management System)
Vendor: Comsenz
Vulnerable Versions: 6.0.1UC 7.0
Tested Version: 7.0
Advisory Publication: Feb 25, 2015
Latest Update: Feb 25, 2015
Vulnerability Type: Improper Control of Generation of Code (‘Code
Injection’) [CWE 94]
CVE…
Posted by Vulnerability Lab on Feb 28
Document Title:
===============
Swiss File Knife v1.7.4 HTTP – Buffer Overflow Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1441
Release Date:
=============
2015-02-27
Vulnerability Laboratory ID (VL-ID):
====================================
1441
Common Vulnerability Scoring System:
====================================
8.4
Product & Service Introduction:…
Posted by SEC Consult Vulnerability Lab on Feb 27
SEC Consult Vulnerability Lab Security Advisory < 20150227-0 >
=======================================================================
title: Multiple vulnerabilities
product: Loxone Smart Home
vulnerable version: Firmware: 5.49; Android-App: 3.4.1
fixed version: 6.3
impact: High
homepage: http://www.loxone.com
found: 2014-07-02
by: Daniel Schwarz…
Posted by Vulnerability Lab on Feb 26
Document Title:
===============
Wireless File Transfer Pro Android – CSRF Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1437
Release Date:
=============
2015-02-25
Vulnerability Laboratory ID (VL-ID):
====================================
1437
Common Vulnerability Scoring System:
====================================
2.3
Product & Service Introduction:…
Posted by Vulnerability Lab on Feb 26
Document Title:
===============
Data Source: Scopus CMS – SQL Injection Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1436
Release Date:
=============
2015-02-25
Vulnerability Laboratory ID (VL-ID):
====================================
1436
Common Vulnerability Scoring System:
====================================
8.9
Abstract Advisory Information:…