Full Disclosure
Posted by Apple Product Security on May 17
APPLE-SA-2016-05-16-5 Safari 9.1.1
Safari 9.1.1 is now available and addresses the following:
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: A user may be unable to fully delete browsing history
Description: “Clear History and Website Data” did not clear the
history. The issue was addressed through improved data deletion.
CVE-ID
CVE-2016-1849 : Adham Ghrayeb
WebKit…
Posted by ERPScan inc on May 17
Application: SAP xMII
Versions Affected: SAP MII 15.0
Vendor URL: http://SAP.com
Bugs: Directory traversal
Sent: 29.07.2015
Reported: 29.07.2015
Vendor response: 30.07.2015
Date of Public Advisory: 09.02.2016
Reference: SAP Security Note 2230978
Author: Dmitry Chastuhin (ERPScan)
Description
1. ADVISORY INFORMATION
Title: SAP xMII – directory traversal vulnerability
Advisory ID: [ERPSCAN-16-009]
Risk: high priority
Advisory URL:…
Posted by ERPScan inc on May 17
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bugs: Cross Site Scripting (XSS)
Sent: 10.08.2015
Reported: 10.08.2015
Vendor response: 11.08.2015
Date of Public Advisory: 09.02.2016
Reference: SAP Security Note 2220571
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: SAP NetWeaver AS JAVA – XSS vulnerability in ProxyServer servlet
Advisory ID:…
Posted by Savio Bot on May 13
Hi All,
I have written webshell which works on latest IIS. I didnt find any working
webshell for IIS 8 on public domain.
The code is very dirty but any feedback will be great.
https://gist.github.com/saveeoo/a8af827510df085f7f1c83208a898098
Regards,
savio
Posted by Rio Sherri on May 13
# Title : runAV mod_security Remote Command Execution
# Date : 13/05/2016
# Author : R-73eN
# Tested on : mod_security with runAV Linux 4.2.0-30-generic #36-Ubuntu SMP
Fri Feb 26 00:57:19 UTC 2016 i686 i686 i686 GNU/Linux
# Software :
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/master/util/av-scanning/runAV
# Vendor : https://www.modsecurity.org/
# https://www.infogen.al/
# Title : runAV mod_security Remote Command Execution
# Date :…
Posted by Wim Remes on May 13
I think MSRC was on the money on this one.
Posted by Reindl Harald on May 13
oh no – please don’t post each and every phishing attack on FD becasue
then we would see nothing else when mailadmins start to do the same
Am 11.05.2016 um 22:57 schrieb Danny Kopping:
Posted by Bogner Florian on May 12
Huawei Mobile Broadband HL Service Local Privilege Escalation
Metadata
===================================================
Release Date: 12-05-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to the current 22.001.25.00.03 on x86 and x64
Tested on: Windows 7 32 bit and 64 bit
CVE : CVE-2016-2855
URL:…
Posted by Dawid Golunski on May 12
http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
=============================================
– Release date: 12.05.2016
– Discovered by: Dawid Golunski
– Severity: Medium
=============================================
I. VULNERABILITY
————————-
CakePHP Framework <= 3.2.4 IP Spoofing Vulnerability
3.1.11
2.8.1
2.7.10
2.6.12
II. BACKGROUND
————————-
– CakePHP…
Posted by Danny Kopping on May 12
First-time poster here. I’ve been told to submit this issue to FD since
Microsoft’s Security Team rejected this out of hand because it doesn’t meet
their arbitrary definition of a vulnerability.
“Thank you for contacting the Microsoft Security Response Center (MSRC).
Upon investigation we have determined that this is not a valid
vulnerability.”
Below is the original message i sent to secure () microsoft com:…