Posted by Nguyen Anh Quynh on Jul 16

Greetings,

We are excited to announce version 3.0.4 of Capstone disassembly framework!

This stable release fixes some potential security issues in the core, so
existing users are strongly recommended to upgrade.

Summary of important changes in v3.0.4:

– Fixed memory corruption bugs of X86, Arm, Mips, PowerPC & XCore
architectures.
– Properly handle some X86 instructions: OUT, SSE.
– Improve Python binding with more installation options.
-…

Posted by ZhangTianqi on Jul 14

This is just the misconfiguration of Apache Tomcat, not vulnerability….

Posted by Nitin Venkatesh on Jul 14

# Title: Arbitrary File Download in WP Attachment Export WordPress Plugin
v0.2.3
# Submitter: Nitin Venkatesh
# Product: WP Attachment Export WordPress Plugin
# Product URL: https://wordpress.org/plugins/wp-attachment-export/
# Vulnerability Type: Arbitrary File Download
# Affected Versions: v0.2.3
# Tested versions: v0.2.3
# Fixed Version: v0.2.4
# Link to code diff: https://plugins.trac.wordpress.org/changeset/1170732/
# Changelog:…

Posted by dxw Security on Jul 14

Details
================
Software: BuddyPress Activity Plus
Version: 1.5
Homepage: http://wordpress.org/plugins/buddypress-activity-plus/
Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/
CVE: Awaiting assignment
CVSS: 8.5 (High; AV:N/AC:L/Au:N/C:N/I:P/A:C)

Description
================
CSRF and arbitrary file deletion in BuddyPress Activity Plus 1.5

Vulnerability…

Posted by dxw Security on Jul 14

Details
================
Software: Subscribe to Comments
Version: 2.1.2
Homepage: http://wordpress.org/plugins/subscribe-to-comments/
Advisory report:
https://security.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/
CVE: Awaiting assignment
CVSS: 8 (High; AV:N/AC:L/Au:S/C:C/I:P/A:P)

Description
================
Admin-only local file inclusion and arbitrary code execution in…

Posted by Mark Thomas on Jul 14

What you have found is not a bug in Apache Tomcat but a number of users
who have enabled directory listings for their sites.

Every version of Apache Tomcat for as long as I can remember (and
certainly every release of all currently supported versions) has shipped
with directory listings disabled.

If a user enables directory listings then it is up to them to secure it
in an appropriate manner for their site. It is perfectly possible that
for…

Posted by Jeffrey Walton on Jul 13

This may (or may not) be a vulnerability.

If they allow you to shut down the port so that no one can connect
unless authorized by the owner, then its probably not a vulnerability.
But its still a poor choice for security engineering.

Do you know if the port can be closed?

Posted by dxw Security on Jul 13

Details
================
Software: Plotly
Version: 1.0.2
Homepage: http://wordpress.org/plugins/wp-plotly/
Advisory report:
https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/
CVE: CVE-2015-5484
CVSS: 6.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:P)

Description
================
Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts…

Posted by dxw Security on Jul 13

Details
================
Software: The Events Calendar: Eventbrite Tickets
Version: 3.9.6
Homepage: https://theeventscalendar.com/product/wordpress-eventbrite-tickets/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/
CVE: CVE-2015-5485
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description
================
Reflected…

Posted by William Costa on Jul 13

I. VULNERABILITY
————————-
Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2

II. BACKGROUND
————————-
The pfSense project is a free network firewall distribution, based on the
FreeBSD operating system with a custom kernel and including third party
free software packages for additional functionality. Through this package
system pfSense software is able to provide most of the functionality of
common…