Full Disclosure
Posted by SEC Consult Vulnerability Lab on Apr 22
SEC Consult Vulnerability Lab Security Advisory < publishing date 20160422-1 >
=======================================================================
title: Multiple vulnerabilities in Digitalstrom Konfigurator
product: Digitalstrom Konfigurator
vulnerable version: 1.10.0
fixed version: 1.10.4
CVE number: –
impact: High
homepage: http://www.digitalstrom.com/…
Posted by SEC Consult Vulnerability Lab on Apr 22
SEC Consult Vulnerability Lab Security Advisory < 20160422-0 >
=======================================================================
title: Insecure data storage
product: my devolo – android application – air.de.devolo.my.devolo
vulnerable version: 1.2.8
fixed version:
CVE number:
impact: High
homepage: http://www.devolo.com/
found: 2015-10-30…
Posted by Sysdream Labs on Apr 21
WordPress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights)
==================================================================================================
Description
===========
A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to
backup/log files.
By default, when using the “database backup on filesystem” feature, iThemes Security…
Posted by Manuel Garcia Cardenas on Apr 21
=============================================
MGC ALERT 2016-002
– Original release date: April 8, 2016
– Last revised: April 21, 2016
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
Time-based SQL Injection in Admin panel ImpressCMS <= v1.3.9
II. BACKGROUND
————————-
ImpressCMS is a community developed…
Posted by Hans Jerry Illikainen on Apr 21
Overview
========
libgd [1] is an open-source image library. It is perhaps primarily used
by the PHP project. It has been bundled with the default installation
of PHP since version 4.3 [2].
A signedness vulnerability (CVE-2016-3074) exist in libgd 2.1.1 which
may result in a heap overflow when processing compressed gd2 data.
Details
=======
4 bytes representing the chunk index size is stored in a signed integer,
chunkIdx[i].size, by…
Posted by Sysdream Labs on Apr 21
WordPress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (predicatable filename)
==========================================================================================================
Description
===========
When using the “database backup/logging on filesystem” feature, iThemes security generates a weak filename allowing
attackers to obtain the backup/log file if they know when the backup/log file was…
Posted by Kyriakos Economou on Apr 20
* CVE: CVE-2016-4025
* Vendor: Avast
* Reported by: Kyriakos Economou
* Date of Release: 19/04/2016
* Affected Products: Multiple
* Affected Version: Multiple
* Fixed Version: N/A
Description:
A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by
dropping its files out of it and/or by modifying existing legitimate files of any type.
Affected Products:
Avast Internet Security v11.x.x…
Posted by David Leo on Apr 20
SUMMARY
This open source tool strictly controls what web browser can access, which stops web browser from loading harmful
content – Phishing, Non-Secure HTTP, or whatever that’s not in your whitelist.
SITUATION
“Security flaws in Google Chrome, Microsoft Edge, and Apple Safari were all successfully exploited… browsers as well
as Windows, OS X, and Flash”…
Posted by research () rv3lab org on Apr 20
###################################################
01. ### Advisory Information ###
Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly
Webshare) v1.3.1
Date published: 2016-15-04
Date of last update: 2014-03-04
Vendors contacted: Oliver (formerly Webshare) v1.3.1
Discovered by: Rv3Laboratory [Research Team]
Severity: Medium
02. ### Vulnerability Information ###
CVE reference: CVE-2014-2710
VU#279207
OVI-2016-7982
CVSS v2 Base…
Posted by ERPScan inc on Apr 20
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)
Description
1. ADVISORY INFORMATION
Title: SAP NetWeaver J2EE Engine 7.40
Advisory ID: [ERPSCAN-16-005]
Risk: Medium
Advisory URL:…