Full Disclosure
Posted by Popovici, Alejo (LATCO – Buenos Aires) on Jan 28
Mantis BugTracker 1.2.19 URL Redirection to Untrusted Site (‘Open Redirect’)
******************************************************************************
– Affected Vendor: Mantis
– Affected System: BugTracker 1.2.19
– Vulnerabilities’ Status: Fixed
******************************************************************************
– Associated CWEs:
CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)…
Posted by Amplia Security Advisories on Jan 28
OS X Gatekeeper Bypass Vulnerability
Amplia Security – Amplia Security Research Advisory (AMPLIA-ARA100614)
Advisory ID: AMPLIA-ARA100614
Advisory URL:
http://www.ampliasecurity.com/advisories/os-x-gatekeeper-bypass-vulnerability.html,
http://www.ampliasecurity.com/advisories/AMPLIA-ARA100614.txt
Date Published: 01-07-2015
Vendors Contacted: Apple (www.apple.com) (notified 10-06-2014)
Release Mode: Coordinated Release
Last Updated: 01-27-2105…
Posted by VMware Security Response Center on Jan 27
————————————————————————
VMware Security Advisory
Advisory ID: VMSA-2015-0001
Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion
updates address security issues
Issue date: 2015-01-27
Updated on: 2015-01-27 (Initial Advisory)
CVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044
— OPENSSL—
CVE-2014-3513,…
Posted by CORE Advisories Team on Jan 27
Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/
FreeBSD Kernel Multiple Vulnerabilities
1. *Advisory Information*
Title: FreeBSD Kernel Multiple Vulnerabilities
Advisory ID: CORE-2015-0003
Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-multiple-vulnerabilities
Date published: 2015-01-27
Date of last update: 2015-01-27
Vendors contacted: FreeBSD
Release mode: Coordinated release
2. *Vulnerability…
Posted by BSidesLV on Jan 26
We’re a small, non-profit volunteer organization so please help us by
spreading the word.
Scope
The 2015 BSides SF aims at bringing together researchers in the field of
reliability, network security, privacy, cryptography and information
security, practitioners, developers, and users to foster cooperation,
exchange techniques, tools, experiences and ideas. The conference seeks
submissions from independent researchers, academia, government,…
Posted by bkm () evolution-sec com on Jan 26
Document Title:
===============
Barracuda Networks Cloud Series – Filter Bypass Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=754
Barracuda Networks Security ID (BNSEC): 731
Release Date:
=============
2015-01-19
Vulnerability Laboratory ID (VL-ID):
====================================
754
Common Vulnerability Scoring System:
====================================
4.1
Abstract…
Posted by CORE Advisories Team on Jan 26
Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/
Android WiFi-Direct Denial of Service
1. *Advisory Information*
Title: Android WiFi-Direct Denial of Service
Advisory ID: CORE-2015-0002
Advisory URL:
http://www.coresecurity.com/advisories/android-wifi-direct-denial-service
Date published: 2015-01-26
Date of last update: 2015-01-26
Vendors contacted: Android Security Team
Release mode: User release
2. *Vulnerability…
Posted by Vulnerability Lab on Jan 26
Document Title:
===============
Mangallam CMS – SQL Injection Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1421
Release Date:
=============
2015-01-26
Vulnerability Laboratory ID (VL-ID):
====================================
1421
Common Vulnerability Scoring System:
====================================
8.9
Abstract Advisory Information:
==============================
An…
Posted by Vulnerability Lab on Jan 25
Document Title:
===============
SWFupload 2.5.0 – Cross Frame Scripting (XFS) Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1422
Release Date:
=============
2015-01-25
Vulnerability Laboratory ID (VL-ID):
====================================
1422
Common Vulnerability Scoring System:
====================================
2.3
Product & Service Introduction:…
Posted by Tien Tran Dinh on Jan 22
#Vulnerability title: XSS vulnerability in articleFR CMS 3.0.5
#Product: articleFR
#Vendor: http://freereprintables.com
#Affected version: version 3.0.5
#Download link: https://github.com/articlefr/articleFR
#Fixed version: N/A
#Google dork: N/A
#Author: Tran Dinh Tien (tien.d.tran () itas vn) & ITAS Team (www.itas.vn)
::PROOF OF CONCEPT::
+ REQUEST:
GET /demo/search/v/?q=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E
HTTP/1.1…