Full Player version 8.2.1 memory corruption proof of concept exploit.
Monthly Archives: July 2015
CVE-2015-5143
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. (CVSS:7.8) (Last Update:2015-07-15)
CVE-2015-5144
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. (CVSS:4.3) (Last Update:2015-07-15)
CVE-2015-5145
validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. (CVSS:7.8) (Last Update:2015-07-15)
CVE-2015-5397
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. (CVSS:6.8) (Last Update:2015-07-14)
Re: Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm
Posted by Jeffrey Walton on Jul 13
This may (or may not) be a vulnerability.
If they allow you to shut down the port so that no one can connect
unless authorized by the owner, then its probably not a vulnerability.
But its still a poor choice for security engineering.
Do you know if the port can be closed?
Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 (CVE-2015-4029)
Posted by William Costa on Jul 13
I. VULNERABILITY
————————-
Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2
II. BACKGROUND
————————-
The pfSense project is a free network firewall distribution, based on the
FreeBSD operating system with a custom kernel and including third party
free software packages for additional functionality. Through this package
system pfSense software is able to provide most of the functionality of
common…
Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin)
Posted by dxw Security on Jul 13
Details
================
Software: The Events Calendar: Eventbrite Tickets
Version: 3.9.6
Homepage: https://theeventscalendar.com/product/wordpress-eventbrite-tickets/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/
CVE: CVE-2015-5485
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
Reflected…
Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts (WordPress plugin)
Posted by dxw Security on Jul 13
Details
================
Software: Plotly
Version: 1.0.2
Homepage: http://wordpress.org/plugins/wp-plotly/
Advisory report:
https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/
CVE: CVE-2015-5484
CVSS: 6.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:P)
Description
================
Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts…
Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3
Posted by Larry W. Cashdollar on Jul 13
Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-27
Download Site: https://wordpress.org/plugins/wp-powerplaygallery
Vendor: WP SlideShow
Vendor Notified: 2015-06-29
Advisory: http://www.vapid.dhs.org/advisory.php?v=132
Vendor Contact: plugins () wordpress org
Description: This is the best gallery for touch screens. It is fully touch enabled with…