Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

AccelSite Content Manager v1.0 – SQL Injection Vulnerability

Posted by Vulnerability Lab on Apr 08

Document Title:
===============
AccelSite Content Manager v1.0 – SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1817

Release Date:
=============
2016-04-07

Vulnerability Laboratory ID (VL-ID):
====================================
1817

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:…

Full Disclosure

Monsta Box WebFTP 1.8.2 and below arbitrary file read and path traversal vulnerabilities

Posted by Imre RAD on Apr 07

Application
———–
“MONSTA Box is a lightweight open-source file manager you can install on
your website or server * to easily manage your files through any browser.”
(Description from the official website http://www.monstahq.com/)

Vulnerability
————-
The Monsta Box WebFTP application supports file templates when creating
new files. The template parameter is part of the HTTP request so it is a
user input and it was not…

Full Disclosure

Perli v2.6 iOS – Filter Bypass & Persistent Vulnerability

Posted by Vulnerability Lab on Apr 07

Document Title:
===============
Perli v2.6 iOS – Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1813

Release Date:
=============
2016-04-05

Vulnerability Laboratory ID (VL-ID):
====================================
1813

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:…

Full Disclosure

Eight Webcom CMS (2016 Q2) – SQL Injection Vulnerability

Posted by Vulnerability Lab on Apr 07

Document Title:
===============
Eight Webcom CMS (2016 Q2) – SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1811

Release Date:
=============
2016-04-05

Vulnerability Laboratory ID (VL-ID):
====================================
1811

Common Vulnerability Scoring System:
====================================
7.1

Product & Service Introduction:…

Full Disclosure

Quicksilver HQ VoHo Concept4E CMS v1.0 – Multiple SQL Injection Web Vulnerabilities

Posted by Vulnerability Lab on Apr 07

Document Title:
===============
Quicksilver HQ VoHo Concept4E CMS v1.0 – Multiple SQL Injection Web
Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1816

Release Date:
=============
2016-04-06

Vulnerability Laboratory ID (VL-ID):
====================================
1816

Common Vulnerability Scoring System:
====================================
7.4

Product & Service…

Full Disclosure

Virtual Freer v1.58 – Client Side Cross Site Scripting Vulnerability

Posted by Vulnerability Lab on Apr 07

Document Title:
===============
Virtual Freer v1.58 – Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1812

Release Date:
=============
2016-04-06

Vulnerability Laboratory ID (VL-ID):
====================================
1812

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:…

Full Disclosure

Techsoft WS CMS (2016 Q2) – SQL Injection Web Vulnerability

Posted by Vulnerability Lab on Apr 07

Document Title:
===============
Techsoft WS CMS (2016 Q2) – SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1810

Release Date:
=============
2016-04-04

Vulnerability Laboratory ID (VL-ID):
====================================
1810

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:…

Full Disclosure

Check out faraday v1.0.18! New CLI mode, Jira support & bug fixes!

Posted by Francisco Amato on Apr 06

Today we are happy to announce that Faraday v1.0.18 is ready!

A short iteration, filled with small powerups – brand new CLI mode
allows you to process reports in batch, new helpers and plugin fixes.

We know that our users rely on a lot of different systems and
solutions and we want to integrate Faraday in that workflow. In that
order we added the ability to easily export data into a JIRA
installation, allowing users to share the findings…

Full Disclosure

MeshCMS 3.6 – Multiple vulnerabilities

Posted by xiong piaox on Apr 06

Exploit Title: MeshCMS 3.6 – Multiple vulnerabilities

Date: 2016-04-03

Exploit Author: piaox xiong(xiongyaofu351 () pingan com cn)

Vendor Homepage: http://www.cromoteca.com/en/meshcms/

Software Link: http://www.cromoteca.com/en/meshcms/download/

Version: 3.6

Tested on: Windows OS

#############

Application Description:

MeshCMS is an online editing system written in Java. It provides a set of
features usually included in a CMS, but it…

Full Disclosure

CVE-2016-3672 – Unlimiting the stack not longer disables ASLR

Posted by Hector Marco-Gisbert on Apr 06

Hi everyone,

We have fixed an old and very known weakness in the Linux ASLR implementation.

The weakness allowed any user able to running 32-bit applications in a x86
machine disable the ASLR by setting the RLIMIT_STACK resource to unlimited.

This is a very old trick to disable ASLR, but unfortunately it was still present
in current Linux systems.

Details at:…