WordPress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
Bugtraq: [SECURITY] [DSA 3124-1] otrs2 security update
[SECURITY] [DSA 3124-1] otrs2 security update
Bugtraq: [SECURITY] [DSA 3125-1] openssl security update
[SECURITY] [DSA 3125-1] openssl security update
ZTE Datacard PCW(Telecom MF180) – Multiple Software Vulnerabilities
Posted by Vulnerability Lab on Jan 12
Document Title:
===============
ZTE Datacard PCW(Telecom MF180) – Multiple Software Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1405
Release Date:
=============
2015-01-12
Vulnerability Laboratory ID (VL-ID):
====================================
1405
Common Vulnerability Scoring System:
====================================
6
Product & Service Introduction:…
Heroku API Bug Bounty #1 – Persistent Invitation Vulnerability
Posted by Vulnerability Lab on Jan 12
Document Title:
===============
Heroku API Bug Bounty #1 – Persistent Invitation Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1300
Video: http://www.vulnerability-lab.com/get_content.php?id=1335
BugCrowd ID: e8a8ecb81b9bf115226ed2ff05937a0424da101610ba1289f027a1f8319d4eb9
Acknowledgement (Hall of Fame): https://bugcrowd.com/heroku/hall-of-fame
Vulnerability Magazine:…
Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability
Posted by Jing Wang on Jan 12
*Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A
New Open Redirect Security Vulnerability*
*Domain:*
http://www.facebook.com
*Discover:*
Wang Jing, School of Physical and Mathematical Sciences (SPMS), Nanyang
Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/
*(1) General Vulnerabilities Description:*
*(1.1)* Two Facebook vulnerabilities are introduced in this article.
Facebook has a…
Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect
Posted by Jing Wang on Jan 12
*Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust
& kindlepost.com <http://kindlepost.com> omnivoracious.com
<http://omnivoracious.com> carlustblog.com <http://carlustblog.com> Open
Redirect *
*Discover:*
Wang Jing, School of Physical and Mathematical Sciences (SPMS), Nanyang
Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/
*Domains:*
http://www.amazon.com
All…
Reflecting XSS vulnerability in CMS Croogo v.2.2.0
Posted by Steffen Rösemann on Jan 12
Advisory: Reflecting XSS vulnerability in CMS Croogo v.2.2.0
Advisory ID: SROEADV-2015-02
Author: Steffen Rösemann
Affected Software: CMS Croogo v.2.20
Vendor URL: https://croogo.org
Vendor Status: solved
CVE-ID: –
==========================
Vulnerability Description:
==========================
The filemanager functionality in the administrative backend of CMS Croogo
v. 2.2.0 is prone to reflecting XSS attacks.
==================
Technical…
Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6
Posted by Steffen Rösemann on Jan 12
Advisory: Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6
Advisory ID: SROEADV-2014-07
Author: Steffen Rösemann
Affected Software: CMS PHPKit WCMS v. 1.6.6 [Build: 1660014]
Vendor URL: http://www.phpkit.com/de/
Vendor Status: did not respond to issue
CVE-ID: –
==========================
Vulnerability Description:
==========================
The poll archive in the administrative backend of CMS PHPKit WCMS v. 1.6.6
is prone to…
WordPress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
Posted by Pietro Oliva on Jan 12
Vulnerability title: WordPress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
vulnerabilities
Author: Pietro Oliva
CVE: CVE-2014-7956, CVE-2014-7957
Product: pods
Affected version: pods <= 2.4.3
Vulnerabilities fixed in version: 2.5
XSS vulnerability (CVE-2014-7956, authentication is needed):
http://localhost/wp-admin/admin.php?page=pods&action=edit&id=4"…