Full Disclosure
Posted by devel on Jul 18
Do you know if this is still affected if you have fail2ban in place.
Fail2ban uses the auth logs to monitor failed password attempts. I
assume that the auth log is still updated even if x number of attempts
is allowed. Thanks
Posted by Juan Martinez on Jul 17
Hi, People i discover a cross site request in this
Dork: intitle:weblogin intext:”This page will redirect you to:”
This cross site request is exploit like this example:
http://target/Login:%20Weblogin%20%20This%20page%20will%20redirect%20you%20to<%20
inject any word you want to screen in the webpage>. Or another Poc is for
example:
http:target?referer=<inject the word or number you want to like view in the
page….>.
I…
Posted by king cope on Jul 17
OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled…
Posted by Douglas Held on Jul 17
Benjamin,
What is an androidios device account? Is that a typo? And does the default “mobile/alpine” user account suffice?
It isn’t clear to me whether the iOS device needs to be jailbroken for this exploit to work. The
Posted by Larry W. Cashdollar on Jul 17
Typo should be v1.100.
Posted by Larry W. Cashdollar on Jul 17
Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-09
Download Site: https://wordpress.org/plugins/mailcwp/
Vendor: CadreWorks Pty Ltd
Vendor Notified: 2015-07-09 fixed in v1.110
Vendor Contact: Contact Page via WP site
Description: MailCWP, Mail Client for WordPress. A full-featured mail client plugin providing webmail access through
your WordPress blog or website….
Posted by Berend-Jan Wever on Jul 17
T*L;DR*
After 60 day deadline has passed, I am releasing details on an unfixed
use-after-free vulnerability in Chrome’s accessibility features, which are
disabled by default. The issue does not look exploitable.
*More details*
http://berendjanwever.blogspot.nl/2015/07/1503a-chrome-uiaxtreeunserialize-use.html
*Chromium bug*https://code.google.com/p/chromium/issues/detail?id=479743
Cheers,
SkyLined
—- Gratuitous ASCII…
Posted by Vulnerability Lab on Jul 17
Document Title:
===============
AirDroid ID – Client Side JSONP Callback Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1544
Release Date:
=============
2015-07-10
Vulnerability Laboratory ID (VL-ID):
====================================
1544
Common Vulnerability Scoring System:
====================================
5.6
Product & Service Introduction:…
Posted by Vulnerability Lab on Jul 17
Document Title:
===============
FoxyCart Bug Bounty #1 – Filter Bypass & Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1451
098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0
Release Date:
=============
2015-07-15
Vulnerability Laboratory ID (VL-ID):
====================================
1451
Common Vulnerability Scoring System:…
Posted by Vulnerability Lab on Jul 17
Document Title:
===============
UDID+ v2.5 iOS – Mail Command Inject Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1542
Release Date:
=============
2015-07-06
Vulnerability Laboratory ID (VL-ID):
====================================
1542
Common Vulnerability Scoring System:
====================================
5.7
Product & Service Introduction:
===============================…