Full Disclosure
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE ID,thank you!;
Details
=======
Software:CopySafe Web
version:<2.6
description:Add copy protection from PrintScreen and screen capture. Copysafe Web uses encrypted images and domain lock
to extend copy protection for all media displayed on a web page.
========
Description
==========
CSRF in wordpress copysafe web allows attacker changes plugin settings
========
POC:
=======
<form…
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE id, thank you!
Details
======
Software: WordPress WHIZZ
Version: <1.1.1
Homepage: https://wordpress.org/plugins/whizz/
=======
Description
================
Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status
POC:
========
include in the page ,then attack will occur:
delete user:
<img
src=”…
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE ID with some issues of e107 CMS.
==========================
Title:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4
Author:Zhiyang Zeng
Product:
—————
e107 is a powerful website content management system designed for bootstrap v3 from http://e107.org/get-started
—————
Fix
—————
Fixed in git source code…
Posted by Ian Ling on Apr 07
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313
Vendor:
=================
http://www.dragonwaveinc.com/
Product:
======================
-DragonWave Horizon
Vulnerability Details:
=====================
DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface….
Posted by Karn Ganeshen on Apr 07
Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code
Execution
Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
AFFECTED PRODUCTS
The following Sielco Sistemi products are affected:
Winlog Lite SCADA Software, versions prior to Version 3.02.01, and
Winlog Pro SCADA Software, versions prior to…
Posted by Karn Ganeshen on Apr 07
LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
Access Control Vulnerability
Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Improper Access Control
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01
AFFECTED PRODUCTS
The following versions of LAquis SCADA, an industrial automation software,
are affected:
LAquis SCADA software,…
Posted by Stefan Kanthak on Apr 07
Hi @ll,
1Password-4.6.1.619.exe, available from
<https://d13itkw33a7sus.cloudfront.net/dist/1P/win4/1Password-4.6.1.619.exe>
is vulnerable to DLL hijacking: it loads UXTheme.dll or DWMAPI.dll
from its “application directory” instead Windows
“system directory”.
For downloaded applications like 1Password-4.6.1.619.exe the
“application directory” is Windows’ “Downloads” folder.
See <…
Posted by MustLive on Apr 07
Hello participants of Mailing List.
Since announcement of DAVOSET in 2010 and after making its public release in
2013, I’ve made next update of the software. At 4th of April DAVOSET v.1.3.1
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.3.1:…
Posted by SEC Consult Vulnerability Lab on Apr 07
SEC Consult Vulnerability Lab Security Advisory < 20170407-0 >
=======================================================================
title: Server Side Request Forgery (SSRF) Vulnerability
product: MyBB
vulnerable version: 1.8.10
fixed version: 1.8.11
CVE number: CVE-2017-7566
impact: Medium
homepage: https://mybb.com/
found: 2017-03-03
by:…
Posted by DefenseCode on Apr 06
Hi,
Few years ago, we have discovered a remotely exploitable preauth Format
String vulnerability in Broadcom UPnP implementation used in popular
routers.
Vendors were notified and advisory was published –
http://defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf .
Broadcom fixed the vulnerability in their UPnP implementation and some
router vendors did it also.
Vulnerability was initially discovered on Cisco Linksys (now Belkin)…