Full Disclosure
Posted by Larry W. Cashdollar on Jun 11
Title: Path Traversal vulnerability in WordPress plugin se-html5-album-audio-player v1.1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-06
Advisory: http://www.vapid.dhs.org/advisory.php?v=124
Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/
Vendor: https://profiles.wordpress.org/sedevelops/
Vendor Notified: 2015-06-06
Vendor Contact: https://profiles.wordpress.org/sedevelops/
Description:
An HTML5 Album Audio…
Posted by Jing Wang on Jun 11
*FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open
Redirect Cyber Vulnerabilities *
FC2 and Rakuten are the first and second top ranking Japanese local online
websites. This post introduces several XSS (Cross-site Scripting) and Open
Redirect bugs of them.
The Alexa rank of fc2.com is 52 on February 18 2015 and the related rank in
Japan is 4. The Alexa rank of rakuten.co.jp is 64 on May 29 2015 and the
related rank…
Posted by Bruno Luiz on Jun 11
Subversion HTTP servers allow spoofing svn:author property values
for new revisions.
Summary:
========
Subversion’s mod_dav_svn server allows setting arbitrary svn:author
property values when committing new revisions. This can be accomplished
using a specially crafted sequence of requests. An evil-doer can fake
svn:author values on his commits. However, as authorization rules are
applied to the evil-doer’s true…
Posted by Egidio Romano on Jun 11
———————————————————–
Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
———————————————————–
[-] Software Link:
[-] Affected Versions:
Version 5.7.3.1, 5.7.4, and probably other versions.
[-] Vulnerability Description:
The vulnerable code is located in /concrete/src/Permission/Access/Access.php:
168. protected function…
Posted by Egidio Romano on Jun 11
—————————————————————————-
Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
—————————————————————————-
[-] Software Link:
[-] Affected Versions:
Version 5.7.3.1 and probably other versions.
[-] Vulnerabilities Description:
1) The vulnerable code is located in…
Posted by Egidio Romano on Jun 11
——————————————————————-
Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability
——————————————————————-
[-] Software Link:
[-] Affected Versions:
Version 5.7.3.1 and probably other versions.
[-] Vulnerability Description:
The vulnerable code is located in…
Posted by Scott Arciszewski on Jun 10
Hi Full Disclosure,
RNCryptor is a data format specificiation for AES encryption, with AES-256,
Their PHP implementation has two vulnerabilities in the same line of code,
which looks like this:
return ($components->hmac == $this->_generateHmac($components, $hmacKey));
The issues here:
1. A timing side-channel.
2. Use of the == operator can treat strings as floats, depending on the
input
We have opened a Github issue about this and…
Posted by Manuel Mancera on Jun 10
================================================================
Authentication Bypass in Pandora FMS
================================================================
Information
——————–
Name: Pandora FMS – Authentication Bypass
Affected Software : Pandora FMS
Affected Versions: 5.0, 5.1
Vendor Homepage : http://pandorafms.com/
Vulnerability Type : Authentication Bypass
Severity : High
Product
——————–
Pandora FMS (for…
Posted by Larry W. Cashdollar on Jun 10
Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta WordPress plugin
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-07
Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms
Vendor: Waters Edge Web Design and NetherWorks LLC
Vendor Notified: 2015-06-08
Advisory: http://www.vapid.dhs.org/advisory.php?v=125
Vendor Contact: plugins () wordpress org
Description: A…
Posted by Bruno Luiz on Jun 10
Introduction
SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical
purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346],
and TLS 1.2 [RFC5246], many TLS implementations remain backwardscompatible with
SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience.
The protocol handshake provides for authenticated version negotiation, so normally the
latest…