Full Disclosure
Posted by Jing Wang on Feb 18
*DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities*
Exploit Title: DLGuard Multiple XSS (Cross-Site Scripting) Security
Vulnerabilities
Product: DLGuard
Vendor: DLGuard
Vulnerable Versions: v5 v4.6 v4.5
Tested Version: v5 v4.6
Advisory Publication: Feb 18, 2015
Latest Update: Feb 18, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Credit: Wang Jing [Mathematics, Nanyang Technological…
Posted by Juan Martinez on Feb 18
Hi, I turn to you because I want to make public a bug, a web server called
Trade Winds, by which much compromising information of internal servers
exposed … Through a Dork on google: inurl: cgi-shl / twserver.exe run?.
They are vulnerable server, injecting this url: http:
//victim/cgi-shl/twserver.exe run (example: CityInfo?). Which brings us
back an error with this data: TradeWinds: Environment variables sent by
Microsoft-IIS / 6.0…
Posted by agoraagoraagora on Feb 18
Ladies and gentlemen
Boys and girls
It come to our attention that a brave warrior for the people Ross
William Ulbricht was unlawfully convicted by the corporation known as
the American government.
This mockery of justice has not gone unnoticed.
In order to protect the next generation of darknet markets we will be
disclosing vulnerabilities for these sites in order to make these
sites safer from attack.
To start, the Agora Marketplace…
Posted by RedTeam Pentesting GmbH on Feb 18
Advisory: Directory Traversal and Arbitrary File Disclosure in hybris
Commerce Software Suite
During a penetration test, RedTeam Pentesting discovered a Directory
Traversal vulnerability in hybris Commerce software suite. This
vulnerability allows attackers to download arbitrary files of any size
from the affected system.
Details
=======
Product: hybris Commerce Software Suite
Affected Versions:
Release 5.3: <= 5.3.0.1…
Posted by Vulnerability Lab on Feb 17
Document Title:
===============
Ebay Inc Magento Bug Bounty #5 – Persistent Validation & Mail Encoding Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1226
eBay Inc. Bug Bounty Program ID: EIBBP-27288
Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2015/02/14/ebay-inc-magento-2015q1-official-bug-bounty-program-rewards-security-researcher
Release…
Posted by SCADA StrangeLove on Feb 16
New vulnerabilities from out team and new patches from Siemens
CVE-2015-1358 and CVE-2014-4686 are all abut VNC code reuse.
CVE-2015-1355 and CVE-2015-1356 we can’t name vulnerabilities. Local
weaknesses, defects in security feature implementations… But it fixed,
thanks Siemens.
Kudos: Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, Aleksandr Timorin and
Sergey Gordeychik…
Posted by A. W. on Feb 14
[+] HumHub .htaccess file upload vulnerability and remote code execution
[+] Discovered by: Jos Wetzels
[+] Vendor: HumHub
[+] Product: HumHub
[+] Versions affected: 0.10.0 and earlier.
[+] Advisory URL: https://www.leakfree.nl/advisories/leakfree_2015_003.html
HumHub [1] versions 0.10.0 and prior suffer from a file upload
sanitation vulnerability which allows an attacker to upload arbitrary
.htaccess files with varying consequences [2]. On…
Posted by Hector Marco on Feb 14
Hi,
A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has
been found. The issue is that the stack for processes is not properly
randomized on some 64 bit architectures due to an integer overflow.
Affected systems have reduced the stack entropy of the processes by four.
Details at:
http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
Regards,
Hector Marco.
http://hmarco.org
Posted by Hector Marco on Feb 14
Hello,
Summary:
A bug in the stock Google email application version 4.4.2.0200 has been
found. An attacker can remotely perform an Denial Of Service attack by
sending a specially crafted email. No interaction from the user is
needed to produce the crash just receive the malicious email.
The CVE-2015-1574 has been assigned. Version 4.2.2.0200 running on a
Samsung Galaxy 4 mini fully updated (19 Jan 2015) is affected. Newer
versions…
Posted by Julius Kivimäki on Feb 13
Even though deleting everything is kind of a big deal, it still does not
get you anywhere near that CVSS score.
Here’s my very generous calculator inputs:
http://puu.sh/fQVB5/76c526ed5d.png
