Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Re: full name disclosure information leak in google drive

January 21, 2015 007admin Leave a comment

Posted by kevin mcsheehan on Jan 21

when they say “create a profile” they’re referring to google plus. the
302 on https://profiles.google.com should be a solid indicator of
that. this vulnerability is capable of targeting non-g+ users, and
that’s the point.

here is an example of google acknowledging that names are personal
information: http://i.imgur.com/VHLfcC2.png

Quoting Daniel Miller <bonsaiviking () gmail com>:

Full Disclosure

Re: full name disclosure information leak in google drive

January 21, 2015 007admin Leave a comment

Posted by Daniel Miller on Jan 21

On Wed, Jan 21, 2015 at 2:26 PM, kevin mcsheehan <kevin () mcsheehan com>
wrote:

I’m pretty sure Google doesn’t consider this sort of thing a vulnerability.
Here’s their “it’s not a bug” page for it:
https://sites.google.com/site/bughunteruniversity/nonvuln/discover-your-name-based-on-e-mail-address

Dan

Full Disclosure

full name disclosure information leak in google drive

January 21, 2015 007admin Leave a comment

Posted by kevin mcsheehan on Jan 21

exploit title: full name disclosure information leak in google drive
software link: https://drive.google.com/drive/#my-drive
author: kevin mcsheehan
website: http://mcsheehan.com
email: kevin () mcsheehan com
date: 01/20/15

source: http://mcsheehan.com/?p=15

description: google drive leaks the full name of a target email
address when said email address is associated with an uploaded file.
the full name is displayed whether or not the target…

Full Disclosure

CVE-2015-1169 – CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.

January 21, 2015 007admin Leave a comment

Posted by J. Tozo on Jan 21

=====[Alligator Security Team – Security Advisory]========

CVE-2015-1169 – CAS Server 3.5.2 allows remote attackers to bypass LDAP
authentication via crafted wildcards.

Reporter: José Tozo < juniorbsd () gmail com >

=====[Table of Contents]==================================

1. Background
2. Detailed description
3. Other contexts & solutions
4. Timeline
5. References

=====[1. Background]======================================…

Full Disclosure

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

January 21, 2015 007admin Leave a comment

Posted by RedTeam Pentesting GmbH on Jan 21

Advisory: AVM FRITZ!Box: Firmware Signature Bypass

The signature check of FRITZ!Box firmware images is flawed. Malicious
code can be injected into firmware images without breaking the RSA
signature. The code will be executed either if a manipulated firmware
image is uploaded by the victim or if the victim confirms an update on
the webinterface during a MITM attack.

Details
=======

Product: AVM FRITZ!Box 7490, 7390, 7270v3 and other models…

Full Disclosure

PhotoSync v1.1.3 Android – Command Inject Vulnerability

January 21, 2015 007admin Leave a comment

Posted by Vulnerability Lab on Jan 21

Document Title:
===============
PhotoSync v1.1.3 Android – Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1410

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
====================================
1410

Common Vulnerability Scoring System:
====================================
5.2

Product & Service Introduction:…

Full Disclosure

iExplorer 3.6.3 – DLL Hijacking Exploit itunesmobiledevice.dll

January 21, 2015 007admin Leave a comment

Posted by Vulnerability Lab on Jan 21

Document Title:
===============
iExplorer 3.6.3 – DLL Hijacking Exploit itunesmobiledevice.dll

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1415

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9600

CVE-ID:
=======
CVE-2014-9600

Release Date:
=============
2015-01-19

Vulnerability Laboratory ID (VL-ID):
====================================
1415

Common Vulnerability Scoring System:…

Full Disclosure

LizardSquad DDoS Stresser – Multiple Vulnerabilities

January 21, 2015 007admin Leave a comment

Posted by Vulnerability Lab on Jan 21

Document Title:
===============
LizardSquad DDoS Stresser – Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1417

http://magazine.vulnerability-db.com/?q=articles/2015/01/20/lizardsquad-ddos-stresser-multiple-vulnerabilities-revealed-takeover-ddos#

Release Date:
=============
2015-01-20

Vulnerability Laboratory ID (VL-ID):
====================================
1417

Common…

Full Disclosure

Remote Desktop v0.9.4 Android – Multiple Vulnerabilities

January 21, 2015 007admin Leave a comment

Posted by Vulnerability Lab on Jan 21

Document Title:
===============
Remote Desktop v0.9.4 Android – Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1413

Release Date:
=============
2015-01-20

Vulnerability Laboratory ID (VL-ID):
====================================
1413

Common Vulnerability Scoring System:
====================================
4.4

Product & Service Introduction:…

Full Disclosure

SQL injection vulnerability in articleFR CMS 3.0.5

January 21, 2015 007admin Leave a comment

Posted by Tien Tran Dinh on Jan 21

#Vulnerability title: SQL injection vulnerability in articleFR CMS 3.0.5

#Product: articleFR CMS

#Vendor: http://freereprintables.com

#Affected version: version 3.0.5

#Download link: https://github.com/articlefr/articleFR

#Fixed version: N/A

#Google dork: N/A

#Author: Tran Dinh Tien (tien.d.tran () itas vn) & ITAS Team (www.itas.vn)

::PROOF OF CONCEPT::

+ REQUEST:

POST /articlefr/register/ HTTP/1.1

Host: target.org

User-Agent:…

Software and Security Information