Full Disclosure
Posted by Zach C on Jul 11
Part 10 of Broken, Abandoned, and Forgotten Code is up! In this part
we hunt for a UART connection inside the Netgear R6200 router.
When we start developing our minimized bootstrap firmware as well as
the custom, stage 2 firmware in later parts, it will take many
iterations to get it right. During that process it will be essential
to recover a bricked router from a non-functional firmware update. The
UART connection makes it possible to restore…
Posted by xistence on Jul 10
## Advisory Information
Title: Western Digital Arkeia “ARKFS_EXEC_CMD” <= v11.0.12 Remote Code
Execution
Submitter: xistence <xistence[at]0x90.nl>
Date published: 2015-07-10
Vendors contacted: Western Digital / Arkeia
Class: OS Command Injection [CWE-78]
Impact: Code execution
Remotely Exploitable: Yes
## Product Description
The WD Arkeia network backup suite comprises WD Arkeia software’s suite of
backup-and-restore…
Posted by Nitin Venkatesh on Jul 10
# Title: Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection
in CP Contact Form with Paypal WordPress Plugin v1.1.5
# Submitter: Nitin Venkatesh
# Product: CP Contact Form with Paypal WordPress Plugin
# Product URL: https://wordpress.org/plugins/cp-contact-form-with-paypal/
# Vulnerability Type: Cross-site Request Forgery [CWE-352], Cross-site
scripting[CWE-79], Improper Neutralization of Special Elements used in an
SQL Command…
Posted by dxw Security on Jul 10
Details
================
Software: GD bbPress Attachments
Version: 2.1
Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-gd-bbpress-attachments-allows-an-attacker-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
Reflected XSS in GD bbPress Attachments allows an attacker to do…
Posted by dxw Security on Jul 10
Details
================
Software: GD bbPress Attachments
Version: 2.1
Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/
Advisory report:
https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/
CVE: Awaiting assignment
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:N/A:P)
Description
================
Local File Include vulnerability in GD bbPress…
Posted by Per Thorsheim on Jul 10
=========================================================================
Passwords 2015
The 9th International Conference on Passwords
7, 8, 9 December 2015
University of Cambridge, United Kingdom
http://www.cl.cam.ac.uk/events/passwords2015/
https://passwordscon.org/…
Posted by Larry W. Cashdollar on Jul 10
Title: SQL Injection in easy2map-photos wordpress plugin v1.09
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map-photos
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.1.0
Vendor Contact: https://profiles.wordpress.org/stevenellis/
Advisory: http://www.vapid.dhs.org/advisory.php?v=130
Description: Easy2Map Photos is a simple-yet-powerful tool for generating great-looking…
Posted by Larry W. Cashdollar on Jul 10
Title: Remote file download vulnerability in WordPress Plugin wp-swimteam v1.44.10777
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-02
Download Site: https://wordpress.org/plugins/wp-swimteam
Vendor: Mike Walsh www.MichaelWalsh.org
Vendor Notified: 2015-07-02, fixed in v1.45beta3
Vendor Contact: Through website
Advisory: http://www.vapid.dhs.org/advisory.php?v=134
Description: Swim Team (aka wp-SwimTeam) is a comprehensive WordPress plugin…
Posted by Imre RAD on Jul 10
The Android operating system offers a backup/restore mechanism of
installed packages through the ADB utility. Full backup of applications
including the private files stored on /data partition is performed by
default, but applications can customize this behavior by implementing a
BackupAgent class. This way they can feed the backup process with custom
files and data.
SEARCH-LAB Ltd. discovered a vulnerability in the design of the Android
backup…
Posted by Brandon Perry on Jul 10
J2Store v3.1.6, a Joomla! extension that adds basic store functionality to
a Joomla! instance, suffered from two unauthenticated boolean-blind and
error-based SQL injection vulnerabilities. Since February 2015, J2Store has
had about 16,000 downloads as of this writing.
The first vulnerability was in the sortby parameter within a request made
while searching for products.
POST /index.php HTTP/1.1
Host: 192.168.1.3
User-Agent: Mozilla/5.0…