Full Disclosure
Posted by Vulnerability Lab on Jun 28
Document Title:
===============
Iranian Weblog Services v3.3 CMS – Multiple Web Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1862
CWE-89
CWE-79
CWE-264
http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions/79
http://cwe.mitre.org/data/definitions/264
CWE-ID:
======
89
Release Date:
=============
2016-06-28
Vulnerability Laboratory ID (VL-ID):…
Posted by Vulnerability Lab on Jun 28
Document Title:
===============
Alfine CMS v2.6 – (Login) Auth Bypass Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1863
Release Date:
=============
2016-06-27
Vulnerability Laboratory ID (VL-ID):
====================================
1863
Common Vulnerability Scoring System:
====================================
8.1
Product & Service Introduction:…
Posted by Vulnerability Lab on Jun 28
Document Title:
===============
Mutualaid CMS v4.3.1 – SQL Injection Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1858
Release Date:
=============
2016-06-21
Vulnerability Laboratory ID (VL-ID):
====================================
1858
Common Vulnerability Scoring System:
====================================
7.6
Product & Service Introduction:…
Posted by Vulnerability Lab on Jun 28
Document Title:
===============
Ladesk Agent #1 (Bug Bounty) – Session Reset Password Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1849
Release Date:
=============
2016-06-27
Vulnerability Laboratory ID (VL-ID):
====================================
1849
Common Vulnerability Scoring System:
====================================
8.7
Product & Service Introduction:…
Posted by Securify B.V. on Jun 27
————————————————————————
Craft CMS affected by server side template injection
————————————————————————
Nelson Berg & Jurgen Kloosterman, June 2016
————————————————————————
Abstract
————————————————————————
It was discovered that Craft CMS is vulnerable…
Posted by thedeadcow on Jun 27
Armadito (https://github.com/armadito) is a cross-platform open-source
antivirus, that was originally the DAVFI project, financed through a french
government program.
As a security product supposed to protect computers against malware, its
update system fails at multiple points:
* the public key used to check update packages is retrieved using plain HTTP.
The same goes for the packages themselves.
* if Armadito can’t download this…
Posted by Francesco Oddo on Jun 27
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Posted by Ash on Jun 27
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Posted by Brandon Perry on Jun 27
I had initially asked for contact information regarding reporting potentially sensitive security test cases, but after
a couple of days, I decided to look into another product that I figured would have more visibility and more power to
get things fixed.
https://github.com/libical/libical/issues/235 <https://github.com/libical/libical/issues/235>
Posted by Alan Coopersmith on Jun 27
Did you report them to libcial upstream? http://libical.github.io/libical/
While Thunderbird is still a beloved child of Mozilla, it’s been told it’s time
to move out of its parents house and find its own sources of income/support:
https://groups.google.com/d/msg/mozilla.governance/kAyVlhfEcXg/Eqyx1X62BQAJ
https://blog.mozilla.org/thunderbird/2015/12/thunderbird-active-daily-inquiries-surpass-10-million/