Full Disclosure
Posted by Kyriakos Economou on Apr 06
* CVE: CVE-2016-3943
* Vendor: Panda Security
* Reported by: Kyriakos Economou
* Date of Release: 05/04/2016
* Affected Products: Multiple
* Affected Version: Panda Endpoint Administration Agent < v7.50.00
* Fixed Version: Panda Endpoint Administration Agent v7.50.00
Description:
Panda Endpoint Administration Agent v7.30.2 allows a local attacker to elevate his privileges from any account type
(Guest included) and execute code as SYSTEM,…
Posted by Hardwear Team on Apr 06
Dear Hackers and Security Gurus,
hardwear.io is seeking innovative research on hardware security. If you
have done interesting research on attacks or mitigation on any
Hardware and want to showcase it to the security community, just
submit your research paper. Please find all the relevant details for
the submission below.
About hardwear.io
—————————-
hardwear.io Security Conference is a platform for hardware and
security…
Posted by Manuel Mancera on Apr 06
================================================================
Fireware XTM Web UI – Open Redirect
================================================================
Information
——————–
Name: Fireware XTM Web UI – Open Redirect
Affected Software : Fireware XTM Web UI
Affected Versions: < 11.10.7
Vendor Homepage : http://www.watchguard.com/
Vulnerability Type : Open Redirect
Severity : Low
CVE: n/a
Product
——————–…
Posted by xiong piaox on Apr 06
Exploit Title: MeshCMS 3.6 – Multiple vulnerabilities
Date: 2016-04-03
Exploit Author: piaox xiong(xiongyaofu351 () pingan com cn)
Vendor Homepage: http://www.cromoteca.com/en/meshcms/
Software Link: http://www.cromoteca.com/en/meshcms/download/
Version: 3.6
Tested on: Windows OS
#############
Application Description:
MeshCMS is an online editing system written in Java. It provides a set of
features usually included in a CMS, but it…
Posted by Security Explorations on Apr 05
Hello All,
I should have included the following information in my original post:
1) Issue 67 was assigned CVE-2013-3009 [1],
2) it originally affected IBM Java from versions 1.4 to 7 [2],
3) CVE-ID corresponding to a broken patch will likely not reflect the
original issue. This was the case for IBM’s Issue 49 (CVE-2012-4823)
and two of its broken fixes (CVE-2013-3012 and CVE-2013-5458).
4) Incomplete patch for Issue 67 may affect…
Posted by Vulnerability Lab on Apr 05
Document Title:
===============
Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) – (3D Touch) Passcode Bypass
Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1814
Release Date:
=============
2016-04-05
Vulnerability Laboratory ID (VL-ID):
====================================
1814
Common Vulnerability Scoring System:
====================================
6.1
Product & Service…
Posted by Hans Jerry Illikainen on Apr 04
An invalid write may occur in optipng before version 0.7.6 while
processing bitmap images due to `crt_row’ being (inc|dec)remented
without any boundary checking when encountering delta escapes.
optipng-0.7.5/src/pngxtern/pngxrbmp.c:
,—-
| 210 static size_t
| 211 bmp_read_rows(png_bytepp begin_row, png_bytepp end_row, size_t row_size,
| 212 unsigned int compression, FILE *stream)
| 213 {
| …
| 272 crt_row = begin_row;…
Posted by Sebastian Perez on Apr 04
[Systems Affected]
Product : ManageEngine Password Manager Pro
Company : ZOHO Corp.
Build Number : 8.1 to 8.3 and probably earlier versions
Affected Versions : 8102 to 8302 and probably earlier versions
[Product Description]
Password Manager Pro is a secure vault for storing and managing
shared sensitive information such as passwords, documents and digital
identities of enterprises.
[Vulnerabilities]
Multiple vulnerabilities…
Posted by xiong piaox on Apr 04
Pulse CMS Multiple Vulnerabilities
1、Description
Exploit Title: Multiple Vulnerabilities in pulse 0.7.0 final
Date: 4-01-2016
Vendor Homepage:
http://pulse.torweg.org/site/Pulsar/en_US.CMS.displayCMS.13./pulse—the-java-web-application-framework
Vendor: pulse
Software: Content Management System
Version: version: pulse 0.7.0 final (build r2074)
2、Product Summary
================
An open source portal solution in Java. pulse delivers…
Posted by xiong piaox on Apr 04
#############
Exploit Title: MeshCMS 3.6 – Command Execution Vulnerability
Date: 2016-04-03
Exploit Author: piaox xiong
Vendor Homepage: http://www.cromoteca.com/en/meshcms/
Software Link: http://www.cromoteca.com/en/meshcms/download/
Version: 3.6
Tested on: Windows OS
#############
Application Description:
MeshCMS is an online editing system written in Java. It provides a set of
features usually included in a CMS, but it uses a more…