Full Disclosure
Posted by Dolev Farhi on May 03
# Exploit title: Observium Commercial – CSRF & Authenticated Code Execution
# Date: 28-04-2016
# Vendor homepage: http://observium.org/
# Software version: CE 0.16.7533
Authenticated remote code execution
Using either CSRF or by editing the whois binary field in the Observium webui under Settings-> System Path, an attacker
may also change the Path to either [whois, mtr, nmap] to any bash command, and by hitting the url:…
Posted by Sandeep Kamble on May 03
Hello all,
I hope you prepared with Sunday weapons
The CTF winning the Hard level will be awarded $150, Medium Level with $125
and Low Level 65$. Ranchoddas CTF Challenge.
The bounty will be donated towards the Garage4hackers Maharastra Drought
Relief Fund.
CTF link: http://92.222.71.224/
Submit your submission to s () garahe4hackers com
Thank you
Posted by Vulnerability Lab on Apr 29
Document Title:
===============
Wordpress Truemag Theme – Client Side Cross Site Scripting Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1839
Release Date:
=============
2016-04-29
Vulnerability Laboratory ID (VL-ID):
====================================
1839
Common Vulnerability Scoring System:
====================================
3.3
Product & Service Introduction:…
Posted by Raphael Ernst on Apr 27
Document Title:
===============
Xerox Phaser 6700 – Remote Root-Exploits utilizing Clone Files
References (Source):
====================
–
http://www.fkie.fraunhofer.de/de/forschungsbereiche/cyber-analysis-and-defense/vulnerability-disclosure.html
– https://www.rapid7.com/db/modules/exploit/unix/misc/xerox_mfp
– http://h.foofus.net/~percX/Xerox_hack.pdf
Release Date:
=============
2016-04-27
Product & Service Introduction:…
Posted by test111 tesla on Apr 27
Hi. My name is Takashi Suzuki. I found reflected xss on mozilla’s services(wiki.mozilla.org). I want to list my bug on
your list. What should I do?
Full detail is found on bugzilla.
Source: https://bugzilla.mozilla.org/show_bug.cgi?id=1267464
Thank you.
Posted by Securify B.V. on Apr 27
————————————————————————
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
————————————————————————
Han Sahin, November 2014
————————————————————————
Abstract
————————————————————————
It was discovered that EMC M&R (Watch4net) does not…
Posted by Vulnerability Lab on Apr 27
Document Title:
===============
Oracle Discoverer Viewer BI – Open Redirect Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1667
Oracle ID: S0666670
Release Date:
=============
2016-04-26
Vulnerability Laboratory ID (VL-ID):
====================================
1667
Common Vulnerability Scoring System:
====================================
2.8
Product & Service Introduction:…
Posted by dev on Apr 26
CVEs pending, screenshots and further examples available soon on my site.
Cross-Site Request Forgery (CSRF) on all form POSTs
———————————————————————————
The Voo branded Netgear CG3700b custom firmware (newest version, V2.02.03)
allows a (context-dependent) attacker to perform a Cross-Site Request
Forgery (CSRF) attack on all configuration setting
(/goform/<settingspage>) page POST…
Posted by David Leo on Apr 26
The process of AWS login has a feature: if you use “fresh” browser(no cookie, no cache, etc) to sign in, put correct
email and correct password there, CAPTCHA is required(“To better protect your account, please re-enter your password
and then enter the characters as they are shown in the image below”).
And I accidentally noticed this feature can be easily bypassed:
MY SYSTEM
Knoppix 7.6.0 on Read-Only USB Stick – always…
Posted by Paget Philippe on Apr 26
[cid:[email protected]]
# GreHack 2016 – Call For Paper
* website: http://grehack.fr
* online version: http://grehack.fr/data/cfp.txt
## What’s GreHack?
GreHack is an international security conference which takes place in Grenoble (France). It aims to bring together
academics, industry, governments, students and hackers to discuss new advances in computer and information security
research. This year will be the fourth…