Category Archives: Full Disclosure

Full Disclosure

XSS vulnerability in manage engine.

June 23, 2015 007admin

Posted by Suraj Krishnaswami on Jun 23

Title:
===============
ManageEngine Asset Explorer v6.1 – XSS Vulnerability

CVE-ID:
====================================
CVE-2015-2169

CVSS:
====================================
3.5

Product & Service Introduction (Taken from their homepage):
====================================
ManageEngine AssetExplorer is a web-based IT Asset Management (ITAM)
software that helps you monitor and manage assets in your network from
Planning phase to…

Full Disclosure

Minds.com – Several Issues

June 23, 2015 007admin

Posted by Scott Arciszewski on Jun 23

The Hype
========

Before we begin, let’s look at some of the hype that the Minds.com
team has been feeding into on Twitter.

https://twitter.com/minds/status/611536729175130112 ~>

https://twitter.com/minds/status/612023517962477568 ~>

https://twitter.com/minds/status/610499794834821121 ~>

https://twitter.com/WiredUK/status/610732859373043712 ~>

Wow, if Anonymous backs this project, surely it must be legitimate and
secure,…

Full Disclosure

New version: smalisca – Static Code Analysis tool for Smali files

June 23, 2015 007admin

Posted by Levon Kayan on Jun 23

Hi,

We released a version 0.2 of smalisca.

[ DESCRIPTION ]

A static code analysis tool for Smali files.

If you ever have looked at Android applications you know to appreciate
the ability of analyzing your target at the most advanced level. Dynamic
programm analysis will give you a pretty good overview of your
applications activities and general behaviour. However sometimes you’ll
want to just analyze your
application without running it….

Full Disclosure

CVE-2015-4557 – WordPress â€œNextend Twitte r Connectâ€ & â€œNextend Google Connectâ€ Cross Sit e Scripting

June 23, 2015 007admin

Posted by Liran Segal on Jun 23

WordPress “Nextend Twitter Connect”
===================================
Document Title:
===============
WordPress “Nextend Twitter Connect” Plugin Version: 1.5.1 is vulnerable to Reflected XSS (Cross Site Scripting)

Download URL:

=============

https://wordpress.org/plugins/nextend-twitter-connect/

Release Date:

=============
2015-06-20

Vulnerability CVE ID:

=====================
CVE-2015-4557

Vulnerability Disclosure Timeline:…

Full Disclosure

CVE-2015-4413 – WordPress â€œNextend Facebo ok Connectâ€ Cross Site Scripting

June 23, 2015 007admin

Posted by Liran Segal on Jun 23

Document Title:
===============
WordPress “Nextend Facebook Connect” Plugin Version: 1.5.4 is vulnerable to Reflected XSS (Cross Site Scripting)

Download URL:

=============

https://wordpress.org/plugins/nextend-facebook-connect/

Release Date:

=============
2015-06-20

Vulnerability CVE ID:

=====================
CVE-2015-4413

Vulnerability Disclosure Timeline:

==================================
2015 – 06 – 03 First notified to…

Full Disclosure

ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener – Missing authorization check

June 23, 2015 007admin