Posted by Justa Person on Sep 15

Either Samsung reads this list or they just have great timing. Just shy of
three weeks later they responded asking for more information. Hope they
close it soon.

Posted by Paul Baade on Sep 15

# Security Advisory — Multiple Vulnerabilities – MuM Map Edit

## Product

Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH
Product: MapEdit
Affected software version: 3.2.6.0

MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and
regional governmental infrastructures to provide geodata to the population. It consists of a
silverlight client and a C#.NET backend. The…

Posted by Curesec Research Team (CRT) on Sep 15

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: MyBB 1.8.6
Fixed in: 1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: Improper validation of data passed to eval
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a…

Posted by Justa Person on Sep 15

Sure..Was having one heck of a time figuring out the proper number to enter
into the web form for my own repair and got to thinking about how terrible
it seemed to disclose all that info based on just a ticket number and
telephone number..And that I had tried a LOT of combinations from the info
they had given me unsuccessfully without any lockout or anything. Putting
those together I was able to do about 500 guesses/minute with that ugly
code….

Posted by Curesec Research Team (CRT) on Sep 15

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: MyBB 1.8.6
Fixed in: 1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a
Credits Tim…

Posted by Nick on Sep 15

You wish to give anymore info on how u came cross this? Please.

Ta

Posted by Sysdream Labs on Sep 12

# Cross-site scripting vulnerability found on www.google.fr

We were able to identify a cross-site scripting (XSS) vulnerability in the main domain of Google: www.google.fr.

### Description

Cross-site scripting is a kind of vulnerability that allows an attacker to send malicious code, usually in the form of
Javascript, to another user. Exploiting an XSS may lead to private information compromise, cookie theft or even browser
take over….

Posted by Julien Ahrens on Sep 12

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenForo ToggleME plugin
Vendor URL: https://xenforo.com/community/resources/toggleme.137/
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-09-06
Date published: 2016-09-11
CVSSv3 Score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N)
CVE: –

2. CREDITS
==========
This vulnerability was discovered…

Posted by Dawid Golunski on Sep 12

Vulnerability: MySQL Remote Root Code Execution / Privilege Escalation 0day
CVE: CVE-2016-6662
Severity: Critical
Affected MySQL versions (including the latest):
<= 5.7.15
<= 5.6.33
<= 5.5.52

Discovered by:
Dawid Golunski
http://legalhackers.com

An independent research has revealed multiple severe MySQL vulnerabilities.
This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662.
The vulnerability affects MySQL…

Posted by Justa Person on Sep 12

Samsung has zero interest in fixing this and I’m tired of trying to report
it to them. Enjoy.

http://pastebin.com/cKu2WDGV