Full Disclosure
Posted by Henri Salo on Oct 14
Can you confirm that this should be CVE-2014-2021 and not 2013 ID, thank you.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021 says:
“pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial
of service (out-of-bounds-read) via a crafted length value in an encrypted PDF
file.”
—
Henri Salo
Posted by omarbv on Oct 14
______ _ _ ____ ___ _ _
/ / _ ___ ___ | |_ ___ __| |/ ___/ _ | | |
/ /| |_) / _ / _ | __/ _ / _` | | | | | | | |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | | |
/_/ |_| ____/ ___/ _____|__,_|_______/|_| _|
RootedCON 2015 – ‘Call for Papers’
PLEASE, READ CAREFULLY ALL THE DETAILS IN THIS DOCUMENT.
-=] About RootedCON
RootedCON is a security congress that will take…
Posted by E Boogie on Oct 14
Hello again Full disclosure,
One final email. A couple things to note about this.
I’ve been testing A LOT on A LOT of different browsers and Android
Devices.. The more I test, the more It becomes clear that my u0000
vulnerability is not legit and there is a different much larger CSP issues
at play here. (I did a lot of testing before reporting but there is a lot
going on here that caused me to mess up here).
First – The issue is not that…
Posted by Abraham Aranguren on Oct 14
Dear Full Disclosure friends,
We are pleased to let you know that OWASP OWTF 1.0 “Lionheart” has been released!
Dedicated to the courage and hard work shown by all OWASP OWTF contributors,
mentors, everybody that gave us cool ideas, etc. to make this amazing
release happen, to all of you, thank you!
Some links:
– – Handy redirect: http://owtf.org/
(takes you to: https://www.owasp.org/index.php/OWASP_OWTF)
– – Getting started -…
Posted by oststrom (public) on Oct 13
Hash: SHA1
*Preliminary VulnNote*
CVE-2014-2023 – Tapatalk for vbulletin 4.x – multiple blind sql injection
(pre-auth)
============================================================================
========
Overview
——–
date : 10/12/2014
cvss : 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) base
cwe : 89
vendor : Tapatalk Inc
product : Tapatalk for vBulletin 4.x
versions affected: latest (to…
Posted by oststrom (public) on Oct 13
Hash: SHA1
CVE-2014-2022 – vbulletin 4.x – SQLi in breadcrumbs via xmlrpc API
(post-auth)
============================================================================
==
Overview
——–
date : 10/12/2014
cvss : 7.1 (AV:N/AC:H/Au:S/C:C/I:C/A:C) base
cwe : 89
vendor : vBulletin Solutions
product : vBulletin 4
versions affected : latest 4.x (to date); verified <= 4.2.2
*…
Posted by oststrom (public) on Oct 13
Hash: SHA1
CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via
xmlrpc API (post-auth)
============================================================================
====================
Overview
——–
date : 10/12/2014
cvss : 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P) base
cwe : 79
vendor : vBulletin Solutions
product : vBulletin 4
versions affected : latest 4.x and 5.x (to date);…
Posted by Dirk-Willem van Gulik on Oct 13
Security Advisory
DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)
CVE-2014-3671
references:
CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278
CVE-2014-7186 and, CVE-2014-7187
* Summary:
Above CVEs detail a number of flaws in bash prior related to the parsing
of environment variables (aka BashBug, Shellshock). Several networked
vectors for…
Posted by E Boogie on Oct 13
I’ve done a little more testing and what I’ve found is pretty startling.
I tested on a Galaxy Note 2 running Android 4.4.2 and the CSP bypass worked.
I also tested on an old version of Safari on an iPad (Safari/7534.48.3) and
the CSP bypass also worked.
If you are so kind, please use ejj.io/test.php to test this for me. If it
worked, please press the “IT WORKED” button.
This way I can compile a large finger print of…
Posted by Vulnerability Lab on Oct 13
Document Title:
===============
PayPal Inc BB #85 MB iOS 4.6 – Auth Bypass Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=895
PayPal Security UID: Vxda0S
Video: http://www.vulnerability-lab.com/get_content.php?id=1338
View: https://www.youtube.com/watch?v=RXubXP_r2M4
Release Date:
=============
2014-10-09
Vulnerability Laboratory ID (VL-ID):
====================================…