Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

BulletProof Security 53.3 – Security Advisory – Multiple XSS Vulnerabilities

Posted by Onur Yilmaz on May 10

Information
——————–
Advisory by Netsparker
Name: Multiple XSS Vulnerabilities in BulletProof Security
Affected Software : BulletProof Security
Affected Versions: v53.3 and possibly below
Vendor Homepage : https://wordpress.org/plugins/bulletproof-security/
Vulnerability Type : Cross-site Scripting
Severity : Important
Status : Fixed
Netsparker Advisory Reference : NS-16-004

Technical Details
——————–
Proof of Concept…

Full Disclosure

CFP: Passwords 2016, Ruhr-University Bochum, Germany, Dec 5-7

Posted by Per Thorsheim on May 10

====================================================================
Call for Papers
The 11th International Conference on Passwords
PASSWORDS 2016

5-7 December 2016
Ruhr-University Bochum, Germany

https://passwords2016.rub.de/
====================================================================

The Passwords conference was launched in 2010 as a response to
the lack of robustness and usability of current personal
authentication practices and…

Full Disclosure

Intuit QuickBooks 2007 – 2016 Arbitrary Code Execution

Posted by Thegrideon Software on May 10

+ Credits: Maxim Tomashevich from Thegrideon Software
+ Website: https://www.thegrideon.com/
+ Details: https://www.thegrideon.com/qb-internals-sql.html

Vendor:
———————
www.intuit.com, www.intuit.ca, www.intuit.co.uk

Product:
———————
QuickBooks Desktop versions: 2007 – 2016

Vulnerability Type:
———————
Arbitrary SQL / Code Execution

Vulnerability Details:
———————
QuickBooks company files…

Full Disclosure

Stanford University – Multiple SQL Injection Vulnerabilities

Posted by Vulnerability Lab on May 10

Document Title:
===============
Stanford University – Multiple SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1829

Release Date:
=============
2016-05-09

Vulnerability Laboratory ID (VL-ID):
====================================
1829

Common Vulnerability Scoring System:
====================================
7.8

Product & Service Introduction:…

Full Disclosure

Trend Micro Direct Pass – Filter Bypass & Cross Site Scripting Vulnerability

Posted by Vulnerability Lab on May 10

Document Title:
===============
Trend Micro Direct Pass – Filter Bypass & Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1716

Trend Micro Security ID: 1-1-1039900197

Release Date:
=============
2016-05-01

Vulnerability Laboratory ID (VL-ID):
====================================
1716

Common Vulnerability Scoring System:
====================================…

Full Disclosure

WordPress Truemag Theme – Client Side Cross Site Scripting Web Vulnerability

Posted by Vulnerability Lab on May 10

Document Title:
===============
Wordpress Truemag Theme – Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1839

Release Date:
=============
2016-04-29

Vulnerability Laboratory ID (VL-ID):
====================================
1839

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:…

Full Disclosure

Notes v4.5 iOS – Arbitrary File Upload Vulnerability

Posted by Vulnerability Lab on May 10

Document Title:
===============
Notes v4.5 iOS – Arbitrary File Upload Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1832

Release Date:
=============
2016-04-25

Vulnerability Laboratory ID (VL-ID):
====================================
1832

Common Vulnerability Scoring System:
====================================
6.4

Product & Service Introduction:…

Full Disclosure

Skype Manager – (Email Change) Filter Bypass Vulnerability

Posted by Vulnerability Lab on May 10

Document Title:
===============
Skype Manager – (Email Change) Filter Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1672

MSRC Case 32353 TRK:0001002845

Release Date:
=============
2016-05-09

Vulnerability Laboratory ID (VL-ID):
====================================
1672

Common Vulnerability Scoring System:
====================================
5.2

Product & Service…

Full Disclosure

t2'16: Call For Papers 2016 (Helsinki, Finland)

Posted by Tomi Tuominen on May 09

#
# t2’16 – Call For Papers (Helsinki, Finland) – October 27 – 28, 2016
#

If you are tired of any of the following:
1) conferences where coffee service equals one coupon (= cup) per day,
2) conferences with crazy-ass lines making world’s busiest transit hubs seem
like a pleasurable life experience,
3) conferences showcasing talks indistinguishable from sponsored content, or
4) conferences which overcharge and underdeliver, please…