Full Disclosure
Posted by Fernando Gont on Jan 12
Folks,
I’m curious about whether folks are filtering ICMPv6 PTB<1280
and/or IPv6 fragments targeted to BGP routers (off-list datapoints are
welcome).
In any case, you mind find it worth reading to check if you’re affected
(from Section 2 of recently-published RFC8021):
—- cut here —-
The security implications of IP fragmentation have been discussed at
length in [RFC6274] and [RFC7739]. An attacker can leverage the…
Posted by Open Security on Jan 12
===[ Introduction ]===
cPanel offers web hosting software that automates the intricate workings
of web hosting servers.
cPanel equips server administrators with the necessary tools to provide
top-notch hosting to customers on tens of thousands of servers worldwide.
===[ Description ]===
I) Cross Domain Scripting :
A local user can run JavaScript code in other user’s domain and access
cookies and compromise the victim website.
POC : User…
Posted by Sysdream Labs on Jan 12
# CVE-2016-3403: Multiple CSRF in Zimbra Administration interface
## Description
Multiple CSRF vulnerabilities have been found in the administration
interface of Zimbra, giving possibilities like adding, modifying and
removing admin accounts.
## Vulnerability
Every forms in the Administration part of Zimbra are vulnerable to CSRF
because of the lack of a CSRF token identifying a valid session. As a
consequence, requests can be forged and…
Posted by Vulnerability Lab on Jan 11
Document Title:
===============
Cobi Tools v1.0.8 iOS – Persistent Web Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2028
Release Date:
=============
2017-01-10
Vulnerability Laboratory ID (VL-ID):
====================================
2028
Common Vulnerability Scoring System:
====================================
3.5
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 11
Document Title:
===============
Boxoft Wav v1.1.0.0 – Buffer Overflow Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2027
Release Date:
=============
2017-01-09
Vulnerability Laboratory ID (VL-ID):
====================================
2027
Common Vulnerability Scoring System:
====================================
5.8
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 11
Document Title:
===============
Huawei Flybox B660 – (POST Reboot) CSRF Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2025
Release Date:
=============
2017-01-10
Vulnerability Laboratory ID (VL-ID):
====================================
2025
Common Vulnerability Scoring System:
====================================
4.4
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 11
Document Title:
===============
Bit Defender #39 – Auth Token Bypass Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1683
Release Date:
=============
2017-01-09
Vulnerability Laboratory ID (VL-ID):
====================================
1683
Common Vulnerability Scoring System:
====================================
5.9
Product & Service Introduction:
===============================…
Posted by Vulnerability Lab on Jan 11
Document Title:
===============
BlackBoard LMS 9.1 SP14 – (Title) Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1901
Release Date:
=============
2017-01-10
Vulnerability Laboratory ID (VL-ID):
====================================
1901
Common Vulnerability Scoring System:
====================================
3.6
Product & Service Introduction:…
Posted by Vulnerability Lab on Jan 11
Document Title:
===============
Blackboard LMS 9.1 SP14 – (Profile) Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1900
Release Date:
=============
2017-01-09
Vulnerability Laboratory ID (VL-ID):
====================================
1900
Common Vulnerability Scoring System:
====================================
4.2
Product & Service Introduction:…