Full Disclosure
Posted by exploits4coins.com 2 on Apr 04
## Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit ##
This particular vulnerability makes it possible to force a Stratum Mining
Pool to accept “invalid” shares by the thousands for each mining pool
round. It is possible to make pure money from this vulnerability. The
exploit is real but affects only a fraction of Stratum Mining Pools. Let’s
dig into the technical side of this vulnerability.
##### What is stratum mining…
Posted by Francisco Javier Santiago Vázquez on Apr 04
I. VULNERABILITY
————————-
Vulnerability Cross-Site Scripting (XSS)
II. PROOF OF CONCEPT
————————-
URL: http://tradukka.com/translate/en/es/
State: Fix & Patch
Vector: ‘><img src=x onerror=alert(“XSS”);>
III. SYSTEMS AFFECTED
————————-
The vulnerability affects the Translator Tradukka: http://tradukka.com
IV. CREDITS
————————-
These vulnerabilities have…
Posted by robert mccurdy on Apr 04
Reprint your I$ACA CPE’s using Burp Suite! ( the ‘no refund’ addition ! )
* log into I$ACA.ORG
* goto http://www.i$aca.org/Education/Online-Learning/Pages/archived-webinars.aspx
* start a video to get some cookies etc…
* get all the ID#’s you like to get cert for and use them in the url below in burp history
* replace the ID in the url with the ID of the one you want cert for.
POST…
Posted by Hans Jerry Illikainen on Apr 04
An invalid write may occur in optipng before version 0.7.6 while
processing bitmap images due to `crt_row’ being (inc|dec)remented
without any boundary checking when encountering delta escapes.
optipng-0.7.5/src/pngxtern/pngxrbmp.c:
,—-
| 210 static size_t
| 211 bmp_read_rows(png_bytepp begin_row, png_bytepp end_row, size_t row_size,
| 212 unsigned int compression, FILE *stream)
| 213 {
| …
| 272 crt_row = begin_row;…
Posted by Sebastian Perez on Apr 04
[Systems Affected]
Product : ManageEngine Password Manager Pro
Company : ZOHO Corp.
Build Number : 8.1 to 8.3 and probably earlier versions
Affected Versions : 8102 to 8302 and probably earlier versions
[Product Description]
Password Manager Pro is a secure vault for storing and managing
shared sensitive information such as passwords, documents and digital
identities of enterprises.
[Vulnerabilities]
Multiple vulnerabilities…
Posted by xiong piaox on Apr 04
Pulse CMS Multiple Vulnerabilities
1、Description
Exploit Title: Multiple Vulnerabilities in pulse 0.7.0 final
Date: 4-01-2016
Vendor Homepage:
http://pulse.torweg.org/site/Pulsar/en_US.CMS.displayCMS.13./pulse—the-java-web-application-framework
Vendor: pulse
Software: Content Management System
Version: version: pulse 0.7.0 final (build r2074)
2、Product Summary
================
An open source portal solution in Java. pulse delivers…
Posted by xiong piaox on Apr 04
#############
Exploit Title: MeshCMS 3.6 – Command Execution Vulnerability
Date: 2016-04-03
Exploit Author: piaox xiong
Vendor Homepage: http://www.cromoteca.com/en/meshcms/
Software Link: http://www.cromoteca.com/en/meshcms/download/
Version: 3.6
Tested on: Windows OS
#############
Application Description:
MeshCMS is an online editing system written in Java. It provides a set of
features usually included in a CMS, but it uses a more…
Posted by Apple Product Security on Apr 04
APPLE-SA-2016-03-31-1 iBooks Author 2.4.1
iBooks Author 2.4.1 is now available and addresses the following:
iBooks Author
Available for: OS X Yosemite v10.10 or later
Impact: Parsing a maliciously crafted iBooks Author file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook Author parsing. This issue was addressed through improved
parsing.
CVE-ID
CVE-2016-1789 : Behrouz…
Posted by MustLive on Apr 04
Hello!
In October I wrote you about vulnerability in the plugin for WordPress,
which was 100% repeat of my vulnerability, which I disclosed in 2010. And
here is another case, now with theme for WordPress.
Concerning this advisory about Daily Edition at security mailing lists:
https://packetstormsecurity.com/files/130753/WordPress-Daily-Edition-Theme-1.6.2-Path-Disclosure.html
http://seclists.org/fulldisclosure/2015/Mar/57
Wang Jing disclosed…
Posted by p0x2015 on Apr 04
Hello,please Add the following to the security mailing-lists.
1??Description
Exploit Title: SQL Injection Vulnerability in DotCms v3.3
Date: 3-28-2016
Vendor Homepage: http://dotcms.com/
Vendor: dotcms
Software: Content Management System
Version: v3.3
CVE:CVE-2016-3688
2??Product Summary
================
dotcms is a fully featured open source enterprise grade J2EE/Java based web content management system for
building/managing…