Full Disclosure
Posted by Jing Wang on Apr 05
*6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security
Vulnerabilities*
Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security
Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 02, 2015
Latest Update: April 02, 2015
Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]
CVE Reference: *
CVSS Severity (version 2.0):
CVSS v2 Base…
Posted by Jing Wang on Apr 05
*6kbbs v8.0 SQL Injection Security Vulnerabilities*
Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 01, 2015
Latest Update: April 01, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an
SQL Command (‘SQL Injection’) [CWE-89]
CVE Reference: *
Impact CVSS Severity (version…
Posted by Jing Wang on Apr 05
*ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities*
Exploit Title: ECE Projects XSS (Cross-site Scripting) Security
Vulnerabilities
Vendor: ECE Projektmanagement G.m.b.H. & Co. KG (ECE)
Product: ECE Projects
Vulnerable Versions:
Tested Version:
Advisory Publication: April 01, 2015
Latest Update: April 01, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base…
Posted by ITAS Team on Apr 05
#Vulnerability title: WordPress plugin Simple Ads Manager – Information
Disclosure
#Product: WordPress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94 and 2.5.96
#Download link: https://wordpress.org/plugins/simple-ads-manager/
#CVE ID: CVE-2015-2826
#Author: Nguyen Hung Tuan (tuan.h.nguyen () itas vn) & ITAS Team
::PROOF OF CONCEPT::
+ REQUEST
POST…
Posted by ITAS Team on Apr 05
#Vulnerability title: WordPress plugin Simple Ads Manager – Arbitrary File
Upload
#Product: WordPress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94
#Download link: https://wordpress.org/plugins/simple-ads-manager/
#CVE ID: CVE-2015-2825
#Author: Tran Dinh Tien (tien.d.tran () itas vn) & ITAS Team
::PROOF OF CONCEPT::
+ REQUEST
POST…
Posted by ITAS Team on Apr 05
#Vulnerability title: WordPress plugin Simple Ads Manager – Multiple SQL
Injection
#Product: WordPress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link:
https://wordpress.org/plugins/simple-ads-manager/
#CVE ID: CVE-2015-2824
#Author: Le Hong Minh (minh.h.le () itas vn) & ITAS Team
::PROOF OF CONCEPT::
—SQL INJECTION 1—
+ REQUEST:
POST…
Posted by ITAS Team on Apr 05
#Vulnerability title: WordPress plugin Simple Ads Manager – SQL Injection
#Product: WordPress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94 and 2.5.96
#Download link: https://wordpress.org/plugins/simple-ads-manager/
#CVE ID: CVE-2015-2824
#Author: Le Hong Minh (minh.h.le () itas vn) & ITAS Team
::PROOF OF CONCEPT::
—SQL INJECTION 1—
+ REQUEST:
POST…
Posted by VMware Security Response Center on Apr 02
————————————————————————
VMware Security Advisory
Advisory ID: VMSA-2015-0003
Synopsis: VMware product updates address critical information
disclosure issue in JRE.
Issue date: 2015-04-02
Updated on: 2015-04-02 (Initial Advisory)
CVE number: CVE-2014-6593, for other CVEs see JRE reference…
Posted by Tod Beardsley on Apr 01
# Ceragon FibeAir IP-10 SSH Private Key Exposure (CVE-2015-0936)
## Product Description
Ceragon produces a series of ruggedized, microwave backhaul devices used
to provide connectivity to mobile, IP-based devices; usually, these
devices are found in either large industrial environments, or installed
on towers to provide “middle-mile” connectivity to mobile customers on
behalf of ISPs. In other words, a FibeAir IP-10 typically act as a…
Posted by Larry W. Cashdollar on Apr 01
Title: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8
Author: Larry W. Cashdollar, @_larry0
Date: 2015-03-29
Download Site: https://wordpress.org/support/plugin/videowhisper-video-conference-integration
Vendor: http://www.videowhisper.com/
Vendor Notified: 2015-03-31, won’t fix. http://www.videowhisper.com/tickets_view.php?t=10019545-1427810822
Vendor Contact:…