Full Disclosure
Posted by Gynvael Coldwind on Dec 22
To be honest I’m getting rather annoyed by how Check Point is (mis)handling
this vulnerability. I mean, there is already a “cool marketing name”, there
is a website dedicated to it, there is already this huge FAQ not answering
the basic questions, etc.
But there is no information on it except for “vulnerability in the Cookie
parsing module of these SOHO”.
Seriously, if you can’t disclose the vulnerability yet,…
Posted by Vulnerability Lab on Dec 19
Document Title:
===============
Facebook BB #18 – IDOR Issue & Privacy Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1371
Facebook Security ID: 219208937
Release Date:
=============
2014-12-12
Vulnerability Laboratory ID (VL-ID):
====================================
1371
Common Vulnerability Scoring System:
====================================
4.7
Product & Service…
Posted by Vulnerability Lab on Dec 19
Document Title:
===============
Mobilis MobiConnect 3G ZDServer v1.0.1.2 – Privilege Escalation Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385
Release Date:
=============
2014-12-19
Vulnerability Laboratory ID (VL-ID):
====================================
1385
Common Vulnerability Scoring System:
====================================
6.4
Product & Service Introduction:…
Posted by Vulnerability Lab on Dec 19
Document Title:
===============
iBackup v10.0.0.45 – Privilege Escalation Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1382
Release Date:
=============
2014-12-18
Vulnerability Laboratory ID (VL-ID):
====================================
1382
Common Vulnerability Scoring System:
====================================
6.2
Product & Service Introduction:…
Posted by SEC Consult Vulnerability Lab on Dec 19
SEC Consult Vulnerability Lab Security Advisory < 20141219-0 >
=======================================================================
title: XSS & Memory Disclosure
product: NetIQ eDirectory NDS iMonitor
vulnerable version: 8.8 SP8, 8.8 SP7
fixed version: 8.8 SP8 HF 4,
fix available for versions 8.8 SP7 (8.8.7.4 HF 4,
8.8.7.6 HF 3)
CVE number:…
Posted by Michal Zalewski on Dec 19
I think you might have accidentally pasted the wrong link. This one
doesn’t seem to contain additional information.
Cheers,
/mz
Posted by Jing Wang on Dec 19
*Yahoo Yahoo.com Yahoo.co.jp <http://Yahoo.co.jp> Open Redirect Security
Vulnerabilities*
Though Yahoo lists open redirect vulnerability on its bug bounty program.
However, it seems Yahoo do not take this vulnerability seriously at all.
Multiple Open Redirect vulnerabilities were reported Yahoo. All Yahoo’s
responses were “this intended behavior”. However, these vulnerabilities
were patched later.
Several other security…
Posted by Shahar Tal on Dec 19
Hey there,
Recently our group has uncovered a serious vuln in RomPager – the most popular web server in the world, found in
millions of embedded devices (mostly residential gateways / SOHO routers), which unfortunately allows gaining admin
access to the router from the WAN (port 80 access not required! 7547 works like a charm).
This is not the “rom-0” vulnerability revealed earlier this year. In fact, it’s about an order of…
Posted by Matteo Beccati on Dec 19
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2014-002
————————————————————————
http://www.revive-adserver.com/security/revive-sa-2014-002
————————————————————————
CVE-IDs: CVE-2014-8793, CVE-2014-8875
Date: 2014-12-17
Risk Level:…
Posted by MustLive on Dec 19
Hello list!
There are Brute Force and Cross-Site Scripting vulnerabilities in D-Link
DCS-2103 (IP camera). If previous Path Traversal and Full path disclosure
vulnerabilities were post-auth, then these BF and XSS vulnerabilities are
pre-auth.
————————-
Affected products:
————————-
Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. For BF
vulnerability version 1.20 and previous versions are…