Full Disclosure
Posted by Simo Ben youssef on Oct 22
#!/usr/bin/perl
#
# Title: Incredible PBX remote command execution exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered: 1 September 2014
# Coded: 21 October 2014
# Published: 21 October 2014
# MorXploit Research
# http://www.MorXploit.com
# Vendor: PBX in a Flash
# Vendor url: http://pbxinaflash.net/
# Software: Incredible PBX 11
# Version: 2.0.6.5.0
# Product url: http://incrediblepbx.com/
# Download:…
Posted by Mario Vilas on Oct 22
Seems to me like it was. Also, wouldn’t a user who can edit those files
also be able to, for example, patch the executable files as well? I haven’t
actually checked the file permissions but it seems like a reasonable
assumption.
Posted by Larry W. Cashdollar on Oct 22
Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar, @_larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed in v2.7.2.
Full Advisory: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
CVE: 2014-8334,2014-8335
OSVDBID:…
Posted by Brandon Perry on Oct 22
Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code
Execution
Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to
create an administrator user due to a lack of permissions check in the
handler/securityService.rpc endpoint. The following HTTP request can be
made by any authenticated user, even those with a single role of Monitor.
POST /mmc-3.5.1/handler/securityService.rpc HTTP/1.1
Host:…
Posted by Vulnerability Lab on Oct 22
Document Title:
===============
File Manager v4.2.10 iOS – Code Execution Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1343
Release Date:
=============
2014-10-21
Vulnerability Laboratory ID (VL-ID):
====================================
1343
Common Vulnerability Scoring System:
====================================
9
Product & Service Introduction:…
Posted by Vulnerability Lab on Oct 22
Document Title:
===============
iFunBox Free v1.1 iOS – File Include Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1344
Release Date:
=============
2014-10-20
Vulnerability Laboratory ID (VL-ID):
====================================
1344
Common Vulnerability Scoring System:
====================================
6.4
Product & Service Introduction:
===============================…
Posted by Vulnerability Lab on Oct 21
Document Title:
===============
FileBug v1.5.1 iOS – Path Traversal Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1342
Release Date:
=============
2014-10-15
Vulnerability Laboratory ID (VL-ID):
====================================
1342
Common Vulnerability Scoring System:
====================================
5.1
Product & Service Introduction:…
Posted by Vulnerability Lab on Oct 21
Document Title:
===============
Files Document & PDF 2.0.2 iOS – Multiple Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1341
Release Date:
=============
2014-10-14
Vulnerability Laboratory ID (VL-ID):
====================================
1341
Common Vulnerability Scoring System:
====================================
8.7
Product & Service Introduction:…
Posted by Asterisk Security Team on Oct 20
Asterisk Project Security Advisory – AST-2014-011
Product Asterisk
Summary Asterisk Susceptibility to POODLE Vulnerability
Nature of Advisory Unauthorized Data Disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Medium…
Posted by Jing Wang on Oct 20
Domains:
http://lxr.mozilla.org/
http://mxr.mozilla.org/
(The two domains above are almost the same)
Websites information:
lxr.mozilla.org, mxr.mozilla.org are cross references designed to display
the Mozilla source code. The sources displayed are those that are currently
checked in to the mainline of the mozilla.org CVS server, Mercurial Server,
and Subversion Server; these pages are updated many times a day, so they
should be pretty close to…