Category Archives: Security

Security

Full Disclosure

DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting Vulnerabilities

Posted by DefenseCode on Apr 12

DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting
Vulnerabilities

Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor contacted, fix released
Release Date: 20170410
Risk: Medium

# Brief Vulnerability Description

During the security analysis, ThunderScan discovered multiple…

Full Disclosure

Proxifier for Mac 2.19 local root privesc

Posted by Mark Wadham on Apr 12

With CVE-2017-7643 I disclosed a command injection vulnerablity in the
KLoader
binary that ships with Proxifier <= 2.18.

Unfortunately 2.19 is also vulnerable to a slightly different attack
that
yields the same result.

When Proxifier is first run, if the KLoader binary is not suid root it
gets
executed as root by Proxifier.app (the user is prompted to enter an
admin
password). The KLoader binary will then make itself suid root so that…

Full Disclosure

c0c0n X August 17-19, 2017 Call for Papers Open

Posted by Prajwal Panchmahalkar on Apr 12

___ ___ __ __
/ _ / _ / /
___| | | | ___| | | |_ __ _____ V /
/ __| | | |/ __| | | | ‘_ ______> <
| (__| |_| | (__| |_| | | | | / .
___|___/ ___|___/|_| |_| /_/ _

#################################################################
c0c0n X | The cy0ps c0n – Call For Papers & Call For Workshops…

NVD

CVE-2017-6059

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.