Posted by Ivan .Heca on Nov 17

http://thestack.com/chakravarty-tor-traffic-analysis-141114

Posted by Brandon Perry on Nov 17

This is very similar to this gksu bug (which only applies to gksu when in
SU_MODE)

http://savannah.nongnu.org/bugs/?40023

Attempted to email the gksu ‘maintainer’, but with no response.

Did a quick write up on the Rapid7 site on how I found out about it and the
vector I was using to exploit it:

https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu

Was assigned the following…

Posted by Manuel Garcia Cardenas on Nov 17

=============================================
MGC ALERT 2014-002
– Original release date: March 5, 2014
– Last revised: November 17, 2014
– Discovered by: Manuel Garcia Cardenas
– Severity: 4,8/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
Reflected XSS in Nibbleblog <= v4.0.1

II. BACKGROUND
————————-
Nibbleblog is a powerful engine for creating blogs, all you…

Posted by Manuel Garcia Cardenas on Nov 17

=============================================
MGC ALERT 2014-003
– Original release date: March 6, 2014
– Last revised: November 18, 2014
– Discovered by: Manuel Garcia Cardenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
————————-
Blind SQL Injection in XOOPS <= 2.5.6

II. BACKGROUND
————————-
XOOPS is an acronym of “eXtensible Object Oriented…