Full Disclosure
Posted by Gynvael Coldwind on Jul 05
Hi,
Quick question with regards to your disclosure – why are you attributing
the ownership/authorship of HTTP Live Headers to Google? The website you
linked seems to clearly says it’s developed by eSolutions Nordic AB
(“offered by https://www.esolutions.se").
Also, if you found a vulnerability in eSolutions’ HTTP Live Headers, why do
you include information about “Google’s Chrome Web Store” in the…
Posted by Vulnerability Lab on Jul 04
Document Title:
===============
Google HTTP Live Headers v1.0.6 – Client Side Cross Site Scripting Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1541
Release Date:
=============
2015-07-02
Vulnerability Laboratory ID (VL-ID):
====================================
1541
Common Vulnerability Scoring System:
====================================
3.3
Product & Service…
Posted by Vulnerability Lab on Jul 04
Document Title:
===============
Ebay Inc Magento Bug Bounty #16 – CSRF Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1472
Ebay Inc Security ID: EIBBP-31808
Release Date:
=============
2015-07-02
Vulnerability Laboratory ID (VL-ID):
====================================
1472
Common Vulnerability Scoring System:
====================================
2.5
Product & Service…
Posted by Vulnerability Lab on Jul 04
Document Title:
===============
WK UDID v1.0.1 iOS – Command Inject Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1539
Release Date:
=============
2015-07-01
Vulnerability Laboratory ID (VL-ID):
====================================
1539
Common Vulnerability Scoring System:
====================================
5.6
Product & Service Introduction:
===============================…
Posted by Stefan Kanthak on Jul 04
Kevin Beaumont wrote:
No, it fails when whitelisting is setup: the .JS payload is unpacked into
“%TEMP%” alias “%APPDATA%LocalTemp” alias “%USERPROFILE%AppDataLocalTemp”
where both SAFER alias Software Restriction Policies and AppLocker block its
execution.
JFTR: Windows Script Host is picky and runs scripts only if they have the
extensions .JS, .JSE, .VBS, .VBE, .WSC, .WSF and .WSH.
Windows Script…
Posted by Stefan Kanthak on Jul 03
“Kevin Beaumont” wrote:
Since AV is utterly useless: who cares that AV doesnt work?!
Those who rely on such snake-oil are lost anyway.
To quote Eva Chen of Trend Micro
<http://www.zdnet.com/trend-micro-antivirus-industry-lied-for-20-years-3039440184/>
| Eva Chen, chief executive of Trend Micro, has strong views about how
| effective the antivirus industry has been over the past 20 years.
|
| According to Chen, the security…
Posted by Pierre Kim on Jul 03
## Advisory Information
Title: iptime n104r3 vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-03-iptime-n104r3-vulnerable-to-CSRF-and-XSS-attacks.html
Date published: 2015-07-03
Vendors contacted: None
Release mode: Released, 0day
CVE: no current CVE
## Product Description
EFMNetworks ipTIME is the largest Korean brand of…
Posted by Password Manager Pro Support on Jul 03
Hi Blazej,
Thanks for raising this issue.
We have fixed the vulnerability and have released a hot fix release today. We will send out a security advisory to all
our customers shortly.
You can upgrade PMP to latest version or install the new version 8101 to fix the issue. You can access the release
notes from the below mentioned link.
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html
Let us know if you have any…
Posted by Larry W. Cashdollar on Jul 03
Title: SQL Injection in easy2map wordpress plugin v1.24
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.25
Vendor Contact: https://profiles.wordpress.org/stevenellis/
Advisory: http://www.vapid.dhs.org/advisory.php?v=131
Description: The easiest tool available for creating custom & great-looking Google Maps. Add multiple…
Posted by Kevin Beaumont on Jul 03
All – it is probably bad form to respond to my own post, but I’ve seen some
folk dismiss this out of hand on social media so I wanted to provide two
VERY QUICK proof of concept examples. These were just put together in 10
minutes.
http://owned.lab6.com/~gossi/research/public/packager/
There’s an RTF and .docx version.
You should be able to email these to colleagues. The “Sales Invoice” file
is a .js file executed in…