Posted by Steffen Rösemann on Jan 08

Advisory: Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0
Advisory ID: SROEADV-2014-10
Author: Steffen Rösemann
Affected Software: CMS BEdita v. 3.4.0 (Release-Date: 9th-May-2014)
Vendor URL: http://www.bedita.com
Vendor Status: working on a patch
CVE-ID: –

==========================
Vulnerability Description:
==========================

The CMS BEdita v. 3.4.0 (Release: 9th-May-2014) suffers multiple persistent
XSS…

Posted by cfp2015 on Jan 08

+ + + +
+ + +
+ +
/
+ _ – _+_ – ,__
_=. .:. /= _|===|_ ||::|
| | _|. | | | | | | __===_ -=- ||::|
|==| |…

Posted by Sean Wright on Jan 07

Classification: //Dell SecureWorks/Confidential – Limited External
Distribution:

############################################################################
# * Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery
(CSRF)
# * Advisory ID: SWRX-2015-001
# * Advisory URL:
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-00
1/
# * Date published: Wednesday, January 7, 2015
# * CVE: CVE-2014-9510
# * CVSS…

Posted by Andraz Sraka on Jan 07

-=[ #BSidesLjubljana ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Event info:
#BSidesLjubljana – http://bsidesljubljana.si
Date: March 12th, 2015
Venue: Ljubljana, Slovenia, Europe
CFP: http://bsidesljubljana.si/cfp/

-=[ CALL FOR PAPERS ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

First Security B-Sides Ljubljana [1] is about to *happen*.
BSides is community driven information security conference
that will be held March 12th in Ljubljana, Slovenia,…

Posted by Pedro Ribeiro on Jan 07

Someone has asked me how CVE-2014-5302 can be exploited.

There are 3 things you got to have in mind:
1 – send a null byte (%00) after the file name
2 – send the request as mime type application/octet-stream
3 – send only ASCII data in the request body

Unfortunately it’s not as trivial as uploading an ASCII webshell to
the web root. Because of the way these applications are packaged, the
JSP compiler is not set automatically in the…

Posted by Steffen Rösemann on Jan 06

Advisory: Reflecting XSS vulnerability in CMS Kajona v. 4.6
Advisory ID: SROEADV-2015-01
Author: Steffen Rösemann
Affected Software: CMS Kajona v. 4.6
Vendor URL: https://www.kajona.de
Vendor Status: solved
CVE-ID: –

==========================
Vulnerability Description:
==========================

The CMS Kajona v. 4.6 is vulnerable to a reflecting XSS vulnerability in
its administrative backend.

==================
Technical Details:…

Posted by Steffen Rösemann on Jan 06

Advisory: Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0
Advisory ID: SROEADV-2014-06
Author: Steffen Rösemann
Affected Software: CMS Sefrengo v.1.6.0
Vendor URL: http://www.sefrengo.org/
Vendor Status: solved
CVE-ID: –

==========================
Vulnerability Description:
==========================

The CMS Sefrengo v. 1.6.0 contains a reflecting XSS vulnerability in its
administrative backend.

==================
Technical Details:…

Posted by Steffen Rösemann on Jan 06

Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0
Advisory ID: SROEADV-2015-04
Author: Steffen Rösemann
Affected Software: CMS Sefrengo v.1.6.0 (Release-Date: 18th-Feb-2014)
Vendor URL: http://www.sefrengo.org/start/start.html
Vendor Status: fixed
CVE-ID: –

==========================
Vulnerability Description:
==========================

The Content Management System Sefrengo v.1.6.0 contains SQL-Injection…

Posted by Brandon Perry on Jan 06

McAfee ePolicy Orchestrator Authenticated XXE and Credential Disclosure

Trial available here:

https://secure.mcafee.com/apps/downloads/free-evaluations/survey.aspx?mktg=ESD1172&cid=ESD1172&eval=A0C692FB-8E29-4D47-BBF1-43CAB5F10069&region=us

McAfee ePolicy Orchestrator suffers from an authenticated XXE
vulnerability, available to any authenticated user. The Server Task Log
option in the upper left menu is where the vulnerability…

Posted by Vulnerability Lab on Jan 06

Document Title:
===============
ZTE Datacard MF19 0V1.0.0B PCW – Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1392

Release Date:
=============
2015-01-06

Vulnerability Laboratory ID (VL-ID):
====================================
1392

Common Vulnerability Scoring System:
====================================
6

Product & Service Introduction:…