Full Disclosure
Posted by Jing Wang on Dec 19
*CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting)
Security Vulnerability*
Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm
pid Parameter XSS
Product: TennisConnect COMPONENTS System
Vendor: TennisConnect
Vulnerable Versions: 9.927
Tested Version: 9.927
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:…
Posted by Jing Wang on Dec 19
*CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting)
Security Vulnerability*
Exploit Title: JCE-Tech “Video Niche Script” /view.php Multiple Parameters
XSS
Product: “Video Niche Script”
Vendor: JCE-Tech
Vulnerable Versions: 4.0
Tested Version: 4.0
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8752
Credit:…
Posted by Peter Thoeny on Dec 19
This is an advisory for TWiki Administrators: A specially crafted URL parameter to the WebSearch topic may expose a
cross-site scripting vulnerability.
TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people.
* Vulnerable Software Version
* Attack Vectors
* Impact
* Severity Level
* MITRE Name for this Vulnerability
* Details
* Countermeasures
* Hotfix for…
Posted by Peter Thoeny on Dec 19
This is an advisory for TWiki Administrators: The TWiki Variables QUERYSTRING and QUERYPARAMSTRING may expose a
cross-site scripting vulnerability.
TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people.
* Vulnerable Software Version
* Attack Vectors
* Impact
* Severity Level
* MITRE Name for this Vulnerability
* Details
* Countermeasures
* Hotfix for TWiki…
Posted by Ivan .Heca on Dec 19
Get free programming and development from OS community
Posted by Ben Lincoln (F7EFC8C9 – FD) on Dec 19
Not sure if this is old news by now, but I haven’t seen it mentioned
anywhere.
I was writing some walkthroughs for the alpha version of Mimikatz 2.0,
and realized that since the “Silver Ticket” functionality involves one
of the Windows kerberos ticket encryption keys being the NTLM hash of
the account which receives the kerberos ticket, it’s possible to use it
to check passwords for IIS application pool service accounts…
Posted by SEC Consult Vulnerability Lab on Dec 18
SEC Consult Vulnerability Lab Security Advisory < 20141218-2 >
=======================================================================
title: Multiple high risk vulnerabilities
product: NetIQ Access Manager
vulnerable version: 4.0 SP1
fixed version: 4.0 SP1 Hot Fix 3
CVE number: CVE-2014-5214, CVE-2014-5215, CVE-2014-5216,
CVE-2014-5217
impact: High…
Posted by SEC Consult Vulnerability Lab on Dec 18
SEC Consult Vulnerability Lab Security Advisory < 20141218-1 >
=======================================================================
title: OS Command Execution
product: GParted – Gnome Partition Editor
vulnerable version: <=0.14.1
fixed version: >=0.15.0,
<=0.14.1 with fix for CVE-2014-7208 applied
CVE number: CVE-2014-7208
impact: medium…
Posted by SEC Consult Vulnerability Lab on Dec 18
SEC Consult Vulnerability Lab Security Advisory < 20141218-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: VDG Security SENSE (formerly DIVA)
vulnerable version: 2.3.13
fixed version: unknown – no vendor confirmation
impact: critical
homepage: https://vdgsecurity.com/
found: 2014-10-01…
Posted by Vulnerability Lab on Dec 18
Document Title:
===============
Apple iOS v8.x – Message Context & Privacy Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1346
Video: http://www.vulnerability-lab.com/get_content.php?id=1350
Release Date:
=============
2014-12-16
Vulnerability Laboratory ID (VL-ID):
====================================
1346
Common Vulnerability Scoring System:…