Full Disclosure
Posted by Vulnerability Lab on Nov 07
Document Title:
===============
BookFresh – Persistent Clients Invite Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1351
Release Date:
=============
2014-10-28
Vulnerability Laboratory ID (VL-ID):
====================================
1351
Common Vulnerability Scoring System:
====================================
3.9
Product & Service Introduction:…
Posted by Vulnerability Lab on Nov 07
Document Title:
===============
SeasonApps iTransfer 1.1 – Persistent UI Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1347
Release Date:
=============
2014-10-27
Vulnerability Laboratory ID (VL-ID):
====================================
1347
Common Vulnerability Scoring System:
====================================
2.5
Product & Service Introduction:…
Posted by Programa STIC on Nov 06
Fundación Dr. Manuel Sadosky – Programa STIC Advisory
http://www.fundacionsadosky.org.ar
Insecure management of login credentials in PicsArt Photo Studio for
Android
1. *Advisory Information*
Title: Insecure management of login credentials in PicsArt Photo
Studio for Android
Advisory ID: STIC-2014-0426
Advisory URL: http://www.fundacionsadosky.org.ar/publicaciones-2
Date published: 2014-11-06
Date of last update: 2014-11-06
Vendors…
Posted by Pedro Ribeiro on Nov 06
Hi,
This is the 6th part of the ManageOwnage series. For previous parts see [1].
This time we have two 0 day vulns (CVE-2014-6038 and 6039) that can be
abused to dump information from the database and obtain the superuser
credentials for Windows and AS/400 hosts which are managed by EventLog
Analyzer. A Metasploit module has also been released and should be
integrated in the framework in the next few days [2].
I’m releasing these as a 0…
Posted by MustLive on Nov 06
Hello participants of Mailing List.
After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I’ve made next update of the software. At 31st of October DAVOSET v.1.2.2
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub:…
Posted by Pietro Oliva on Nov 06
Vulnerability title: WordPress bulletproof-security <=.51 multiple
vulnerabilities
Author: Pietro Oliva
CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749
Vendor: AITpro
Product: bulletproof-security
Affected version: bulletproof-security <= .51
Vulnerabilities fixed in version: .51.1
Details:
xss vulnerability (CVE-2014-7958):
POST /wp-content/plugins/bulletproof-security/admin/htaccess/bpsunlock.php
HTTP/1.1…
Posted by Luciano Pedreira on Nov 06
CVE-2014-8558 – JExperts Tecnologia / Channel Software Escalation Access
Issues
Vendor Notified: 2014-10-27
INTRODUCTION:
The Channel Platform is an enterprise software project management (or
project management) developed by Brazilian company JExperts Technology and
present at thousands clients private enterprise and government enterprise.
This software consists of an integrated set of solutions in the areas of
strategy, projects and processes….
Posted by Luciano Pedreira on Nov 06
CVE-2014-8557 – JExperts Tecnologia / Channel Software Cross Site Scripting
Issues
Vendor Notified: 2014-10-27
INTRODUCTION:
The Channel Platform is an enterprise software project management (or
project management) developed by Brazilian company
JExperts Technology and present at thousands clients private enterprise and
government enterprise. This software consists of an integrated set of
solutions in the areas of strategy, projects and…
Posted by Larry W. Cashdollar on Nov 06
Title: XCloner WordPress/Joomla! backup Plugin v3.1.1 (WordPress) v3.5.1 (Joomla!) Vulnerabilities
Author: Larry W. Cashdollar, @_larry0
Date: 10/17/2014
Download: https://wordpress.org/plugins/xcloner-backup-and-restore/
Download: http://extensions.joomla.org/extensions/access-a-security/site-security/backup/665
Downloads: WordPress 313,647 Joomla! 515745 StandAlone 69175
Website: http://www.xcloner.com
Advisory:…
Posted by SEC Consult Vulnerability Lab on Nov 06
SEC Consult Vulnerability Lab Security Advisory < 20141106-0 >
=======================================================================
title: XXE & XSS & Arbitrary File Write vulnerabilities
product: Symantec Endpoint Protection
vulnerable version: 12.1.4023.4080
fixed version: 12.1.5 (RU 5)
impact: Critical
CVE number: CVE-2014-3437, CVE-2014-3438, CVE-2014-3439…