Full Disclosure
Posted by Summer of Pwnage on Jul 19
————————————————————————
Cross-Site Request Forgery in Icegram WordPress Plugin
————————————————————————
Yorick Koster, July 2016
————————————————————————
Abstract
————————————————————————
A Cross-Site Request Forgery vulnerability was found in the Icegram…
Posted by Summer of Pwnage on Jul 19
————————————————————————
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress
Plugin
————————————————————————
Han Sahin, July 2016
————————————————————————
Abstract
————————————————————————
Multiple reflected Cross-Site Scripting (XSS)…
Posted by Vulnerability Lab on Jul 19
Document Title:
===============
Django CMS v3.3.0 – (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1869
Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6186
CVE-ID:
=======
CVE-2016-6186
Release Date:
=============
2016-07-19
Vulnerability…
Posted by Manuel Garcia Cardenas on Jul 15
=============================================
MGC ALERT 2016-003
– Original release date: April 14, 2016
– Last revised: July 14, 2016
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
Blind SQL Injection PivotX <= v2.3.11
II. BACKGROUND
————————-
PivotX is an open source blog software written in PHP using…
Posted by Joey Maresca on Jul 15
Congratulations…2013 called and they want their attack back:
https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python/
On Sat, Jul 9, 2016 at 7:45 AM, Alexander Korznikov <nopernik () gmail com>
wrote:
Posted by Imre RAD on Jul 15
Summary:
——–
pmount is a wrapper around the standard mount program which permits
normal users to mount removable devices without a matching /etc/fstab
entry.
Due to a missing input validation check local users could mount devices
to arbitrary destinations and thus taking over the targeted system
completely.
Prerequisites:
————–
Local user access to the target
Pmount 0.9.23 or older to be installed (any version at time of writing…
Posted by Kurt Buff on Jul 15
This seems more like an argument to not use DA accounts for NAC,
rather than a sure-fire method to undermine NAC.
I’ve not used NAC, but I’d have to guess that the machine wanting
access to the network has to announce itself by name, at least.
If that’s the case, how hard would it be to use the local
administrator account of the machine requesting admission? Assuming
that MSFT LAPS (or some similar system, such as the one from…
Posted by bashis on Jul 15
Would be interesting to know why my ‘x-originating-ip’ is [25.162.68.132] while using Office 365 OWA…
Especially when it belongs to UK Ministry of Defence.
https://apps.db.ripe.net/search/query.html?searchtext=25.162.68.132#resultsAnchor
I hope that FD don’t filter and remove my ‘x-originating-ip’ now… otherwise i think you would be able to see it..
Snip from my own test e-mails to external mail address.
-…
Posted by Harari, Eddie on Jul 15
Sorry for the resend, I change the format of the email to better fit the list…
——————————————————————–
User Enumeration using Open SSHD (<=Latest version).
——————————————————————-
Abstract:
———–
By sending large passwords, a remote user can enumerate users on system that runs SSHD. This problem exists in most
modern configuration due to the…
Posted by ERPScan inc on Jul 15
Application: SAP xMII
Versions Affected: SAP xMII 15
Vendor URL: http://SAP.com
Bugs: XSS
Sent: 04.12.2015
Reported: 05.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 12.04.2016
Reference: SAP Security Note 2201295
Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: SAP xMII – Reflected XSS vulnerability
Advisory ID: [ERPSCAN-16-021]
Risk: medium
Advisory…