Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Elefant CMS v1.3.9 – Persistent Name Update Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 16

Document Title:
===============
Elefant CMS v1.3.9 – Persistent Name Update Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1365

Release Date:
=============
2014-12-03

Vulnerability Laboratory ID (VL-ID):
====================================
1365

Common Vulnerability Scoring System:
====================================
3.9

Product & Service Introduction:…

Full Disclosure

Fuzzylime v3.03b CMS – CS Cross Scripting Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 16

Document Title:
===============
Fuzzylime v3.03b CMS – CS Cross Scripting Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1357

Release Date:
=============
2014-12-02

Vulnerability Laboratory ID (VL-ID):
====================================
1357

Common Vulnerability Scoring System:
====================================
2.4

Product & Service Introduction:…

Full Disclosure

iWifi for Chat v1.1 iOS – Denial of Service Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 16

Document Title:
===============
iWifi for Chat v1.1 iOS – Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

Release Date:
=============
2014-12-16

Vulnerability Laboratory ID (VL-ID):
====================================
1376

Common Vulnerability Scoring System:
====================================
4.6

Product & Service Introduction:…

Full Disclosure

iUSB v1.2 iOS – Arbitrary Code Execution Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 16

Document Title:
===============
iUSB v1.2 iOS – Arbitrary Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1374

Release Date:
=============
2014-12-10

Vulnerability Laboratory ID (VL-ID):
====================================
1374

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:…

Full Disclosure

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

Leave a comment

Posted by Onapsis Research Labs on Dec 16

Onapsis Security Advisory ONAPSIS-2014-034: SAP Business Objects Search
Token Privilege Escalation via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote and potentially
unauthenticated attacker would be able to access or modify any
information stored on the SAP BusineesObjects server.
The attacker could also connect to the business systems depending on the
configuration of the BO infrastructure.

Risk…

Full Disclosure

[SE-2014-02] Google App Engine Java security sandbox bypasses (status update)

Leave a comment

Posted by Security Explorations on Dec 16

Hello All,

We would like to provide a status update to the initial
announcement [1] made a week ago regarding our SE-2014-02
security research project targeting Google App Engine
for Java.

Information regarding vulnerabilities and associated PoC
codes (Issues 1-22 / unconfirmed Issues 23-35) was sent
to Google on Dec 07, 2014.

Google has been able to reproduce the issues locally, but
when tried in production some of them didn’t seem to…

Full Disclosure

fulldisclosure:你的文件

Leave a comment

Posted by 庄容如 on Dec 16

庄容如:您好!!

《销售精英技能提升训练营》
【培训时间】2014年12月13-14北京、12月18-19上海、12月20-21深圳
【培训对象】总经理、销售总监、区域经理、销售经理、业务代表、销售培训专员等。
【授课方式】讲师讲授 + 视频演绎 + 案例研讨 +角色扮演 + 讲师点评 + 落地工具
【培训费用】1980元/2天/1人,(含资料费、午餐、茶点)…

Full Disclosure

CA20141215-01: Security Notice for CA LISA Release Automation

Leave a comment

Posted by Williams, Ken on Dec 16

CA20141215-01: Security Notice for CA LISA Release Automation

Issued: December 15, 2014

CA Technologies Support is alerting customers to multiple
vulnerabilities in CA Release Automation (formerly CA LISA Release
Automation, change effective 2014-09-19).

The first vulnerability, CVE-2014-8246, is a cross-site request forgery
(CSRF) issue related to insufficient validation. A remote attacker can
potentially execute privileged actions on a…

Full Disclosure

CVE-2014-5438: Arris TG862G – Cross-site Scripting (XSS)

Leave a comment

Posted by Seth Art on Dec 16

———–
Vendor:
———–
Arris Interactive, LLC (http://www.arrisi.com/)
ISP: Comcast Xfinity

—————————————–
Affected Products/Versions:
—————————————–
HW: Arris Touchstone TG862G/CT (Xfinity branded)
SW: Version 7.6.59S.CT (Tested)

—————–
Description:
—————–
Title: Cross-site Scripting (XSS)
CVE: CVE-2014-5438
CWE: CWE-79:…

Full Disclosure

CVE-2014-5437: Arris TG862G – Cross-site Request Forgery (CSRF)

Leave a comment

Posted by Seth Art on Dec 16

———–
Vendor:
———–
Arris Interactive, LLC (http://www.arrisi.com/)
ISP: Comcast Xfinity

—————————————–
Affected Products/Versions:
—————————————–
HW: Arris Touchstone TG862G/CT (Xfinity branded)
SW: Version 7.6.59S.CT (Tested)

—————–
Description:
—————–
Title: Cross-site Request Forgery (CSRF)
CVE: CVE-2014-5437
CWE: CWE-352:…