Full Disclosure
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
ZTE Ucell 3G Modem App – Privilege Escalation Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1387
Release Date:
=============
2014-12-24
Vulnerability Laboratory ID (VL-ID):
====================================
1387
Common Vulnerability Scoring System:
====================================
6
Product & Service Introduction:…
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
Mobilis MobiConnect 3G ZDServer 1.x – Privilege Escalation Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385
Release Date:
=============
2014-12-19
Vulnerability Laboratory ID (VL-ID):
====================================
1385
Common Vulnerability Scoring System:
====================================
6.4
Product & Service Introduction:…
Posted by Vulnerability Lab on Dec 25
Document Title:
===============
Facebook Bug Bounty #17 – Migrate Privacy Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1370
Facebook Security ID: 216850649
Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2014/12/23/facebook-social-network-privacy-issue-disclosed-bug-bounty-program-whitehat
Release Date:
=============
2014-12-23
Vulnerability Laboratory…
Posted by Steffen Rösemann on Dec 24
Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5
Advisory ID: SROEADV-2014-03
Author: Steffen Rösemann
Affected Software: CMS Contenido 4.9.x-4.9.5 (Release: 10th Dec 2014)
Vendor URL: http://www.contenido.org/de/
Vendor Status: fixed
CVE-ID: –
==========================
Vulnerability Description:
==========================
The Content Management System Contenido 4.9.x to 4.9.5 has a reflecting XSS
vulnerability in its…
Posted by Jon Hart on Dec 23
At least on the pile of RomPager 4.01 devices that I have access to,
they use straight HTTP authentication by default and do not use any
cookies from what I can see. That’s not to say that there isn’t
cookie handling code exposed in some way. It is also possible that
these devices have already been patched against this vulnerability and
the version was unchanged, or that they are so highly customized that
the vulnerability is…
Posted by freeman on Dec 23
https://nuitduhack.com/2015/cfp.html
If you’re reading this, you know what NDH and a CFP stands for, so I
won’t bother you that long.
Conference format: 45min, including 5 to 10min of Q&A
Submission: https://submit.hackerzvoice.net
Deadline: April 5th
Announcement: April 20th
Beer, kudos, awkward hugs, travel expenses, and many more for the
lucky ones.
If you’re not familiar with all this, let us present you Le…
Posted by Steffen Rösemann on Dec 23
Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1
Advisory ID: SROEADV-2014-02
Author: Steffen Rösemann
Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014)
Vendor URL: http://www.s9y.org/
Vendor Status: fixed
CVE-ID: –
==========================
Vulnerability Description:
==========================
The Content Management System Serendipity v.2.0-rc1 has a stored
XSS-vulnerability in its comment…
Posted by Patrick Webster on Dec 23
ObSecure ObSecure360 Unauthenticated SQL Injection Vulnerability
Release Date:
23-Dec-2014
Software:
ObSecure 360
http://obsecure.com.au/Solutions.html
“obsecure is an innovative cyber security software company that provides
high
security information distribution and transfer solutions that take the
risk
out of doing business.”
Clients include government, healthcare & doctors, corporate, legal and
law enforcement….
Posted by Paris Zoumpouloglou on Dec 22
It’s true utilities are pretty buggy. I’ve stumbled upon many duplicate
bugs in the tracker, probably because of all the afl action 🙂
What is also worth noting (I didn’t notice at first) is that the latest
available stable source code of libtiff (found here
http://download.osgeo.org/libtiff/) hasn’t been updated since 2012.
Since then many bugs have been reported which have been fixed in the CVS
repo and distribution…
Posted by MustLive on Dec 22
Hello list!
There are Information Leakage and Insufficient Authorization vulnerabilities
in SyncThru Web Service. This is web application for Samsung printers,
particularly I found it with Samsung ML-1865W and other printers. Earlier I
informed Samsung about it.
————————-
Affected products:
————————-
Vulnerable are SyncThru Web Service, Network Firmware 6.01 and previous
versions (there are 7 different…