Posted by Curesec Research Team (CRT) on Sep 15

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: MyBB 1.8.6
Fixed in: 1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: Improper validation of data passed to eval
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a…

Posted by Justa Person on Sep 15

Sure..Was having one heck of a time figuring out the proper number to enter
into the web form for my own repair and got to thinking about how terrible
it seemed to disclose all that info based on just a ticket number and
telephone number..And that I had tried a LOT of combinations from the info
they had given me unsuccessfully without any lockout or anything. Putting
those together I was able to do about 500 guesses/minute with that ugly
code….

Posted by Curesec Research Team (CRT) on Sep 15

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: MyBB 1.8.6
Fixed in: 1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a
Credits Tim…

Posted by Nick on Sep 15

You wish to give anymore info on how u came cross this? Please.

Ta

Posted by Curesec Research Team (CRT) on Sep 15

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: MyBB 1.8.6
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://www.mybb.com/
Vulnerability Type: CSRF, Weak Hashing, Plaintext Passwords
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Full Disclosure / Informational
CVE: n/a
Credits Tim Coen of…

Posted by Curesec Research Team (CRT) on Sep 15

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Kajona 4.7
Fixed in: 5.0
Fixed Version Link: https://www.kajona.de/en/Downloads/
downloads.get_kajona.html
Vendor Website: https://www.kajona.de/
Vulnerability Type: XSS & Directory Traversal
Remote Exploitable: Yes
Reported to vendor: 04/11/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE:…

Posted by Sysdream Labs on Sep 12

# Cross-site scripting vulnerability found on www.google.fr

We were able to identify a cross-site scripting (XSS) vulnerability in the main domain of Google: www.google.fr.

### Description

Cross-site scripting is a kind of vulnerability that allows an attacker to send malicious code, usually in the form of
Javascript, to another user. Exploiting an XSS may lead to private information compromise, cookie theft or even browser
take over….

Posted by Julien Ahrens on Sep 12

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenForo ToggleME plugin
Vendor URL: https://xenforo.com/community/resources/toggleme.137/
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-09-06
Date published: 2016-09-11
CVSSv3 Score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N)
CVE: –

2. CREDITS
==========
This vulnerability was discovered…

Posted by Dawid Golunski on Sep 12

Vulnerability: MySQL Remote Root Code Execution / Privilege Escalation 0day
CVE: CVE-2016-6662
Severity: Critical
Affected MySQL versions (including the latest):
<= 5.7.15
<= 5.6.33
<= 5.5.52

Discovered by:
Dawid Golunski
http://legalhackers.com

An independent research has revealed multiple severe MySQL vulnerabilities.
This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662.
The vulnerability affects MySQL…

Posted by Justa Person on Sep 12

Samsung has zero interest in fixing this and I’m tired of trying to report
it to them. Enjoy.

http://pastebin.com/cKu2WDGV