Full Disclosure
Posted by Sysdream Labs on Sep 12
# Cross-site scripting vulnerability found on www.google.fr
We were able to identify a cross-site scripting (XSS) vulnerability in the main domain of Google: www.google.fr.
### Description
Cross-site scripting is a kind of vulnerability that allows an attacker to send malicious code, usually in the form of
Javascript, to another user. Exploiting an XSS may lead to private information compromise, cookie theft or even browser
take over….
Posted by Summer of Pwnage on Sep 10
————————————————————————
Persistent Cross-Site Scripting in Woocommerce WordPress plugin
————————————————————————
Sipke Mellema, July 2016
————————————————————————
Abstract
————————————————————————
A vulnerability exists in the Woocommerce API that allows…
Posted by Summer of Pwnage on Sep 10
————————————————————————
Authorization bypass in InfiniteWP Admin Panel
————————————————————————
Sipke Mellema, July 2016
————————————————————————
Abstract
————————————————————————
An authorization bypass was found in the InfiniteWP Admin Panel that
allows…
Posted by Summer of Pwnage on Sep 10
————————————————————————
Command injection in InfiniteWP Admin Panel
————————————————————————
Sipke Mellema, July 2016
————————————————————————
Abstract
————————————————————————
The InfiniteWP Admin Panel can be used to execute arbitrary system
commands….
Posted by Summer of Pwnage on Sep 10
————————————————————————
Reflected Cross-Site Scripting vulnerability in MailPoet Newsletters
plugin
————————————————————————
Sipke Mellema, July 2016
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found…
Posted by Asterisk Security Team on Sep 08
Asterisk Project Security Advisory – AST-2016-007
Product Asterisk
Summary RTP Resource Exhaustion
Nature of Advisory Denial of Service
Susceptibility Remote Authenticated Sessions
Severity Moderate…
Posted by Asterisk Security Team on Sep 08
Asterisk Project Security Advisory – AST-2016-006
Product Asterisk
Summary Crash on ACK from unknown endpoint
Nature of Advisory Remote Crash
Susceptibility Remote unauthenticated sessions
Severity Critical…
Posted by Karn Ganeshen on Sep 08
*ELNet **Energy & Electrical Power Meter – Mulitple Vulnerabilities*
http://elnet.feniks-pro.com/Elnet-LT.php
http://www.elnet.cc/product/elnet-lt/
Powermeter with color graphic display for all electrical measurements and
harmonics, with TCP/IP and RS485 communication (ModBus and Bacnet), panel
mounted 96X96 mm.
*Product Description*
General
Simple operated menus.
– Multilingual support.
– Up to One year of energy data logging….
Posted by Karn Ganeshen on Sep 08
*Powerlogic/Schneider Electric IONXXXX series Smart Meters – Multiple
security issues*
*Impacted devices:*
*ION7300 and potentially all IONXXXX models (based off of Powerlogic) *For
example, Power Measurement Ltd. Meter ION 7330V283 ETH ETH7330V274
http://www.schneider-electric.com/download/hk/en/details/2254511-ETH-7330-V274/?reference=ETH7330V274
*About*
Power & Energy Monitoring System
Compact energy and power quality meters for feeders…
Posted by Rio Sherri on Sep 08
# Title : Unrar 0.0.1 Memory Corruption
# Date : 05/09/2016
# Author : R-73eN
# Tested on : Linux VM 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:50
UTC 2011 i686 i686 i386 GNU/Linux
# Software : https://github.com/defiant-labs/unrar-free
root@VM:~/unrar-free/src# unrar –version
unrar 0.0.1
root@VM:~/unrar-free/src# gdb –args ./unrar ~/test.rar
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc….