Full Disclosure
Posted by Nguyen Anh Quynh on May 09
Greetings,
Version 3.0.3 of Capstone disassembly framework if officially out!
I would like to dedicate this release to Prof. Yoshiyasu Takefuji, my
former advisor, who is turning 60 years old this year 2015!
For those who do not know, Capstone is an open source multi-arch,
multi-platform disassembly engine. Find more about our project at
http://capstone-engine.org
Summary of important changes in v3.0.3:
– Fixed a segfault of X86 engine.
-…
Posted by Peter Lapp on May 08
Shortly after I posted this I received an email from Alienvault
stating that a fix is imminent and is planned to be released next week
in version 5.0.2.
Thanks to AV for getting back to me on this.
Posted by Jing Wang on May 08
*Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities*
Exploit Title: Feed2JS v1.7 magpie_debug.php? &url parameter XSS Security
Vulnerabilities
Product: Feed2JS
Vendor: feed2js.org
Vulnerable Versions: v1.7
Tested Version: v1.7
Advisory Publication: May 09, 2015
Latest Update: May 09, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM)…
Posted by Jing Wang on May 08
*Artnana Webboard version 1.4 XSS (Cross-site Scripting) Web Security
Vulnerabilities*
Exploit Title: Artnana Webboard version 1.4 Multiple XSS Security
Vulnerabilities
Product: Webboard
Vendor: Artnana
Vulnerable Versions: version 1.4
Tested Version: version 1.4
Advisory Publication: May 09, 2015
Latest Update: May 09, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score:…
Posted by Jing Wang on May 08
*MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security
Vulnerabilities*
Exploit Title: MT.VERNON MEDIA Web-Design v1.12 “gallery.php?” &category
parameter HTML Injection Security Vulnerabilities
Product: Web-Design v1.12
Vendor: MT.VERNON MEDIA
Vulnerable Versions: v1.12
Tested Version: v1.12
Advisory Publication: May 08, 2015
Latest Update: May 08, 2015
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base…
Posted by Jing Wang on May 08
*MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Web Security
Vulnerabilities*
Exploit Title: MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection
Security Vulnerabilities
Product: Web-Design
Vendor: MT.VERNON MEDIA
Vulnerable Versions: v1.12
Tested Version: v1.12
Advisory Publication: May 08, 2015
Latest Update: May 08, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an
SQL Command (‘SQL…
Posted by Jing Wang on May 08
*MT.VERNON MEDIA Web-Design v1.12 Multiple XSS (Cross-site Scripting) Web
Security Vulnerabilities*
Exploit Title: MT.VERNON MEDIA Web-Design v1.12 Multiple XSS Security
Vulnerabilities
Product: Web-Design
Vendor: MT.VERNON MEDIA
Vulnerable Versions: v1.12
Tested Version: v1.12
Advisory Publication: May 07, 2015
Latest Update: May 07, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS…
Posted by Julius Kivimäki on May 08
https://github.com/pydio/pydio-core/commits/develop
https://github.com/pydio/pydio-core/commit/2049254e7a215491019d2646a274a8fb1cf29e3b
2015-05-07 1:32 GMT+03:00 Just A Fake <robottomonitorbugtraq () gmail com>:
Posted by Hector Marco-Gisbert on May 08
Hi,
PaX solution has actually 16 random bits for mmap objects in 32bit systems on
non affected systems. On affected systems the random bits are degraded to 2^13.
Unfortunately, depending on the PaX Kernel configuration sequence, some features
may not be enabled. There are sequences of PaX configuration which does not give
the expected result.
The configuration sequence that results in a miss-configured system is:
1.- Starting from a…
Posted by Evex ola on May 08
‘Yet Another Related Posts Plugin’ options can be updated with no
token/nonce protection which an attacker may exploit via tricking website’s
administrator to enter a malformed page which will change YARPP options,
and since some options allow html the attacker is able to inject malformed
javascript code which can lead to code execution/administrator actions when
the injected code is triggered by an admin user.
injected javascript…