Full Disclosure
Posted by Steffen Rösemann on Jan 18
Advisory: Reflecting XSS vulnerability in CMS Websitebaker v.2.8.3 SP3
Advisory ID: SROEADV-2015-03
Author: Steffen Rösemann
Affected Software: CMS Websitebaker v.2.8.3 SP3
Vendor URL: http://www.websitebaker.org/de/home.php
Vendor Status: Vendor did not respond
CVE-ID: CVE-2015-0553
Tested with:
– Firefox 34
– Mac OS X 10.10
==========================
Vulnerability Description:
==========================
In the administrative backend of the…
Posted by David Coomber on Jan 18
McAfee Advanced Threat Defense – Sandbox Fingerprinting & Bypass
Posted by admin () evolution-sec com on Jan 18
Document Title:
===============
Pandora FMS v5.1 SP1 – Persistent SNMP Editor Vulnerability
References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1356
Release Date:
=============
2015-01-14
Vulnerability Laboratory ID (VL-ID):
====================================
1356
Common Vulnerability Scoring System:
====================================
3.4
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 16
Document Title:
===============
Facebook Bug Bounty #19 – Filter Bypass Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1381
Facebook Security ID: 221374210
Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2015/01/14/facebook-bug-bounty-restriction-filter-bypass-vulnerability-id-221374210
Release Date:
=============
2015-01-14
Vulnerability Laboratory ID…
Posted by Vulnerability Lab on Jan 16
Document Title:
===============
File Pro Mini v5.2 iOS – Multiple Web Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1403
Release Date:
=============
2015-01-15
Vulnerability Laboratory ID (VL-ID):
====================================
1403
Common Vulnerability Scoring System:
====================================
6.9
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 16
Document Title:
===============
WiFi File Browser Pro v2.0.8 – Code Execution Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1406
Release Date:
=============
2015-01-14
Vulnerability Laboratory ID (VL-ID):
====================================
1406
Common Vulnerability Scoring System:
====================================
7.1
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 16
Document Title:
===============
VeryPhoto v3.0 iOS – Command Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1401
Release Date:
=============
2015-01-13
Vulnerability Laboratory ID (VL-ID):
====================================
1401
Common Vulnerability Scoring System:
====================================
5.6
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 16
Document Title:
===============
CatBot v0.4.2 (PHP) – SQL Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1408
Release Date:
=============
2015-01-15
Vulnerability Laboratory ID (VL-ID):
====================================
1408
Common Vulnerability Scoring System:
====================================
7.3
Product & Service Introduction:
===============================…
Posted by Peter Lapp on Jan 15
Details
=======
Product: Alienvault OSSIM/USM
Vulnerability: Command Execution
Author: Peter Lapp, lappsec () gmail com
CVE: None assigned
Vulnerable Versions: <=4.14.X
Fixed Version: 4.15.0
Summary
=======
Alienvault OSSIM is an open source SIEM solution designed to collect
and correlate log data. The automatic deployment option for OSSEC
agents is vulnerable to command execution as root. Authentication to
the web UI is required to exploit…
Posted by Diéyǔ on Jan 14
The attached file is exactly the code that I sent to
Microsoft Security Response Center “MSRC”
(Screenshot pictures are deleted)
Technical details were said in this post:
MS14-080 CVE-2014-6365 Technical Details Without “Nonsense”
(So I don’t repeat here)
The attached file is 4124 bytes.
The attached file contains html/php/txt.
(All readable by plain text editor)
Regards,
PS
I didn’t publish this in the first…