Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Micron CMS v5.3 – (cat_id) SQL Injection Vulnerability

Posted by Vulnerability Lab on Jul 06

Document Title:
===============
Micron CMS v5.3 – (cat_id) SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1872

Release Date:
=============
2016-07-06

Vulnerability Laboratory ID (VL-ID):
====================================
1872

Common Vulnerability Scoring System:
====================================
6.8

Product & Service Introduction:…

Full Disclosure

Teampass 2.1.26 – Authenticated File Upload Vulnerability

Posted by Vulnerability Lab on Jul 06

Document Title:
===============
Teampass 2.1.26 – Authenticated File Upload Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1866

Release Date:
=============
2016-07-06

Vulnerability Laboratory ID (VL-ID):
====================================
1866

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:…

Full Disclosure

IBM BlueMix Cloud – (API) Persistent Web Vulnerability

Posted by Vulnerability Lab on Jul 06

Document Title:
===============
IBM BlueMix Cloud – (API) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1846

IBM Security Tracking ID: 5377-12593283

Release Date:
=============
2016-07-04

Vulnerability Laboratory ID (VL-ID):
====================================
1846

Common Vulnerability Scoring System:
====================================
3.7

Product & Service…

Full Disclosure

OpenDocMan v1.3.5 – Full Path Disclosure Vulnerability

Posted by Vulnerability Lab on Jul 04

Document Title:
===============
OpenDocMan v1.3.5 – Full Path Disclosure Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1868

Release Date:
=============
2016-07-04

Vulnerability Laboratory ID (VL-ID):
====================================
1868

Common Vulnerability Scoring System:
====================================
3.1

Product & Service Introduction:…

Full Disclosure

KWSPHP CMS v1.6.995 – Persistent Cross Site Scripting Web Vulnerability

Posted by Vulnerability Lab on Jul 04

Document Title:
===============
KWSPHP CMS v1.6.995 – Persistent Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1867

Release Date:
=============
2016-07-01

Vulnerability Laboratory ID (VL-ID):
====================================
1867

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…

Full Disclosure

KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

Posted by KoreLogic Disclosures on Jul 01

KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

Title: SQLite Tempdir Selection Vulnerability
Advisory ID: KL-001-2016-003
Publication Date: 2016.07.01
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt

1. Vulnerability Details

Affected Vendor: SQLite/Hwaci
Affected Product: SQLite
Affected Version: All versions prior to 3.13.0
Platform: UNIX, GNU/Linux
CWE Classification:…

Full Disclosure

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

Posted by KoreLogic Disclosures on Jun 28

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

Title: Ubiquiti Administration Portal CSRF to Remote Command Execution
Advisory ID: KL-001-2016-002
Publication Date: 2016.06.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt

1. Vulnerability Details

Affected Vendor: Ubiquiti
Affected Product: AirGateway, AirFiber, mFi
Affected Version: 1.1.6, 3.2, 2.1.11…

Full Disclosure

[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability

Posted by Egidio Romano on Jun 28

——————————————————————————-
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
——————————————————————————-

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerability Description:

The vulnerable code is located within the…

Full Disclosure

[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities

Posted by Egidio Romano on Jun 28

————————————————————————-
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
————————————————————————-

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerabilities Description:

1) User input passed through the “uEmail” and…

Full Disclosure

[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities

Posted by Egidio Romano on Jun 28

————————————————————————–
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
————————————————————————–

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerabilities Description:

Concrete5 implements a Synchronizer Token Pattern in order to provide…