Full Disclosure
Posted by Steffen Rösemann on Dec 29
Advisory: CSRF vulnerability in CMS e107 v.2 alpha2
Advisory ID: SROEADV-2014-04
Author: Steffen Rösemann
Affected Software: CMS e107 v.2 alpha2 (Release-Date: 08th-Jun-2014)
Vendor URL: http://e107.org
Vendor Status: solved
CVE-ID: –
==========================
Vulnerability Description:
==========================
The Content Management System e107 v.2 alpha2 allows an attacker to become
an administrative user (without rights) when tricking…
Posted by MustLive on Dec 29
Hello list!
These are Cross-Site Scripting and Cross-Site Request Forgery
vulnerabilities in CMS Pylot (“Пилот” on Russian).
It’s Ukrainian commercial CMS from Delta-X.
————————-
Affected products:
————————-
Vulnerable are all versions of CMS Pylot.
Developers from Delta-X haven’t answered and haven’t fixed these
vulnerabilities.
———-
Details:
———-
Cross-Site…
Posted by SECUPENT Research Center on Dec 27
Exploit Title: WordPress Frontend Uploader Cross Site Scripting(XSS)
Software Link: https://wordpress.org/plugins/frontend-uploader/
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 27-12-2014
Version: 0.9.2
Exploit :
http://TARGET/[forntEndUploaderPage]=59&errors[fu-disallowed-mime-type][0][name]=XSS
Example(p0c):…
Posted by Stefan Kanthak on Dec 27
Hi @ll,
the WWW sites msdn.microsoft.com and technet.microsoft.com still
support SSLv3 for HTTPS connections, but neither TLSv1.1 nor TLSv1.2.
Additionally they prefer the weak ciphers TLS_RSA_WITH_RC4_128_MD5
and TLS_RSA_WITH_RC4_128_SHA and offer not a single cipher that
supports “forward secrecy”.
See <https://www.ssllabs.com/ssltest/analyze.html?d=msdn.microsoft.com>
resp. <…
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
Wickr Desktop v2.2.1 Windows – Denial of Service Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1377
Video:
http://www.vulnerability-lab.com/get_content.php?id=1388
Release Date:
=============
2014-12-25
Vulnerability Laboratory ID (VL-ID):
====================================
1377
Common Vulnerability Scoring System:…
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
Wickr Desktop v2.2.1 Windows – Denial of Service Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1377
Release Date:
=============
2014-12-25
Vulnerability Laboratory ID (VL-ID):
====================================
1377
Common Vulnerability Scoring System:
====================================
3.3
Product & Service Introduction:…
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
Wickr Desktop v2.2.1 Windows – Denial of Service Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1377
Release Date:
=============
2014-12-25
Vulnerability Laboratory ID (VL-ID):
====================================
1377
Common Vulnerability Scoring System:
====================================
3.3
Product & Service Introduction:…
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
Lazarus Guestbook v1.22 – Multiple Web Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1386
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239
CVE-ID:
=======
CVE-2014-2239
Release Date:
=============
2014-12-24
Vulnerability Laboratory ID (VL-ID):
====================================
1386
Common Vulnerability Scoring System:…
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
PHPLIST v3.0.6 & v3.0.10 – SQL Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1358
Release Date:
=============
2014-12-18
Vulnerability Laboratory ID (VL-ID):
====================================
1358
Common Vulnerability Scoring System:
====================================
6.1
Product & Service Introduction:…
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
Pimcore v3.0 & v2.3.0 CMS – SQL Injection Vulnerability
References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1363
Release Date:
=============
2014-12-16
Vulnerability Laboratory ID (VL-ID):
====================================
1363
Common Vulnerability Scoring System:
====================================
6.4
Product & Service Introduction:…