# Exploit :
centerbWordpress all_in_one_carousel Plugin Xss Csrf Vulnerability
/centerbrbr
html
head
titleWordpress all_in_one_carousel Plugin Xss Csrf Vulnerability [IeDb
TeaM]/title
/headbody
form
action=\http://YourTarget.Com\;
id=\formid\ method=\post\
input name=\name\
Document Title:
===
WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1192
Release Date:
=
2014-02-08
Vulnerability Laboratory ID (VL-ID):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:025
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2860-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
February 11, 2014
Overview:
Unauthenticated user-level Remote Code Execution (RCE) vulnerability in
admin/config.php, the main interface to FreePBX. This bug was introduced in
FreePBX 2.9, earlier versions are not affected.
Score - 8.4
(AV:N/AC:L/Au:N/C:P/I:P/A:C/E:H/RL:OF/RC:C/CDP:MH/TD:ND/CR:L/IR:L/AR:M)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2850-2 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
February 12, 2014
Document Title:
===
jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1196
Release Date:
=
2014-02-12
Vulnerability Laboratory ID (VL-ID):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:026
http://www.mandriva.com/en/support/security/
###
# Mybb All Version Denial of Service Vulnerability
###
#!/usr/bin/perl
#
#
# @@@@@@@ @@@@@ @@@
# @@@@@@@@@ @@ @@@ @@
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
APPLE-SA-2014-02-11-1 Boot Camp 5.1
Boot Camp 5.1 is now available and addresses the following:
Boot Camp
Available for: Macs running Boot Camp 5
Impact: Loading a malformed executable file may cause memory
corruption in the kernel
Description: A
Five ASUS RT series routers suffer from a vendor vulnerability that
default FTP service to anonymous access, full read/write permissions.
The service, which is activated from the administrative console does
not give proper instructions nor indications that the end user needs
to manually add a user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:027
http://www.mandriva.com/en/support/security/
Correction: I meant to say 2013, not 2012. I apologize for the error.
On Wed, Feb 12, 2014 at 4:29 PM, kyle Lovett krlov...@gmail.com wrote:
Five ASUS RT series routers suffer from a vendor vulnerability that
default FTP service to anonymous access, full read/write permissions.
The service,
# Vulnerability: Wordpress plugin Buddypress = 1.9.1 stored xss
# Date: 13/02/2014
# Author: Pietro Oliva
# Vendor Homepage: http://buddypress.org
# Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip
# Version: 1.9.1
# CVE : [CVE-2014-1888]
# Responsibly disclosed and
# Vulnerability: Wordpress plugin Buddypress = 1.9.1 privilege escalation
# Date: 13/02/2014
# Author: Pietro Oliva
# Vendor Homepage: http://buddypress.org
# Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip
# Version: 1.9.1
# CVE : [CVE-2014-1889]
# Responsibly disclosed
=
INTERNET SECURITY AUDITORS ALERT 2014-001
- Original release date: February 4, 2014
- Last revised: February 4, 2014
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID: -
16 matches
Mail list logo
