Full Disclosure
Posted by Luciano Pedreira on Jul 30
———- Forwarded message ———-
From: Luciano Pedreira <lpedreira () gmail com>
Date: 2015-07-20 10:06 GMT-03:00
Subject: CVE_for_Vulnerability_theholidaycalendar
To: cve-assign () mitre org
Dear,
In a recent research conducted in the “The Holiday Calendar” plugin (
http://www.theholidaycalendar.com /
https://wordpress.org/plugins/the-holiday-calendar) I found vulnerability
related at Cross Site Scripting.
. The Holiday…
Posted by Dancho Danchev on Jul 30
Hello,
01. Who’s who on Iran’s Cyber Warfare Scene – the most comprehensive
analysis of Iran’s cyber warface scene, ever performed
02. Where do they go to school? – in-depth analysis of Iran’s academic
incubators of the next generation of cyber warriors
03. Who’s buying them books? – in-depth geopolitically relevant
analysis of Iran’s cyber warfare doctrine
04. How do they own and compromise? – complimentary copies…
Posted by dxw Security on Jul 28
Details
================
Software: Flickr Justified Gallery
Version: 3.3.6
Homepage: https://wordpress.org/plugins/flickr-justified-gallery/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-flickr-justified-gallery-could-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can-do/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
Reflected XSS in Flickr Justified…
Posted by MustLive on Jul 28
Hello list!
There are Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities in D-Link DCS-2103 (IP camera).
————————-
Affected products:
————————-
Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. Version 1.20
and previous versions also must be vulnerable.
———-
Details:
———-
Cross-Site Request Forgery (WASC-09):
CSRF vulnerabilities in all sections of admin panel. E.g….
Posted by SEC Consult Vulnerability Lab on Jul 28
SEC Consult Vulnerability Lab Security Advisory < 20150728-0 >
=======================================================================
title: McAfee Application Control Multiple Vulnerabilities
product: McAfee Application Control
vulnerable version: verified in version 6.1.3.353
fixed version: a fixed version is currently not available
impact: high
homepage:…
Posted by Samuel Lavitt – CVE-2015-0942 on Jul 28
English: Multiple vulnerabilities in Basware Banking/Maksuliikenne software that were reported already 08/2012 may
still enable undetectable economic crimes against user organizations (companies)
Finnish: Basware Banking/Maksuliikenne -ohjelmiston haavoittuvuudet, joista raportoitiin jo 08/2012, saattavat edelleen
mahdollistaa käyttäjäyrityksiin kohdistuvia ”näkymättömiä” talousrikoksia
Swedish: Sårbarheter i Basware…
Posted by Federico Fazzi on Jul 28
——————————————————–
Snorby 2.6.2 – Stored Cross-site Scripting Vulnerability
——————————————————–
Vendor
——
Version
——-
2.6.2
Description
———–
Found another Stored Cross-site Scripting (XSS) vulnerability in Snorby.
The vulnerability exists in the module for save a new search where the user
input is not correctly sanitized before…
Posted by Vulnerability Lab on Jul 27
Document Title:
===============
Apple iTunes & AppStore – Filter Bypass & Persistent Invoice Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1512
Apple Security ID: 623920272
Video: http://www.vulnerability-lab.com/get_content.php?id=1517
Vulnerability Magazine:…
Posted by Sijmen Ruwhof on Jul 27
Multiple critical security vulnerabilities (including a backdoor!) in PHP
File Manager
I’ve found several critical security vulnerabilities in PHP File Manager. On
top of that, it even includes a poorly secured backdoor, leaving this web
based file manager completely open. I’ve contacted the vendor three times
but got no response of them, so I’m going full disclosure.
Identified critical security vulnerabilities:
1. Poorly…
Posted by Pierre Kim on Jul 27
Update on this case:
1) ipTIME responded to CNET Korea about the DHCP RCE on 2015-07-22:
http://www.cnet.co.kr/view/100140730
2) ipTIME released the 9.78 firmwares for 116 routers and finally
credited my work. 172 routers are affected in total and 9.72 firmwares
will be released soon for all the router models to patch the security
problem.
References:
ipTIME N604plus/N604R 외 15종 펌웨어 9.72 배포 -…