BlinkSale Bug Bounty #1 - Encode Validation Vulnerability

2015-02-11 Thread Vulnerability Lab
Document Title: === BlinkSale Bug Bounty #1 - Encode Validation Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1416 Release Date: = 2015-02-06 Vulnerability Laboratory ID (VL-ID):

Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability

2015-02-11 Thread Vulnerability Lab
Document Title: === Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References (Source): http://vulnerability-lab.com/get_content.php?id=1355 Release Date: = 2015-02-09 Vulnerability Laboratory ID (VL-ID):

Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability

2015-02-11 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Secure Access Control System SQL Injection Vulnerability Advisory ID: cisco-sa-20150211-csacs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs Revision 1.0 For Public Release 2015 February 11 16:00

T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll)

2015-02-11 Thread Vulnerability Lab
Document Title: === T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) References (Source): http://www.vulnerability-lab.com/get_content.php?id=1427 Release Date: = 2015-01-29 Vulnerability Laboratory ID (VL-ID):

[SECURITY] [DSA 3160-1] xorg-server security update

2015-02-11 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3160-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff February 11, 2015

[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)

2015-02-11 Thread Stefan Kanthak
Hi @ll, yesterday Microsoft published the security advisory 3004375 https://technet.microsoft.com/en-us/library/security/3004375 announcing an update which enables Windows 7 and newer to log the command lines used to start processes to the event log. If you want to have this functionality on

Elasticsearch vulnerability CVE-2015-1427

2015-02-11 Thread Kevin Kluge
Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been

Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability

2015-02-11 Thread sn
- Title: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability - Vulnerable Version: 2.8.8 and probably prior -Tested Version:2.8.8 - Vendor Notification: 20 November 2014 - Vendor Patch: 20 November 2014

Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin

2015-02-11 Thread High-Tech Bridge Security Research
Advisory ID: HTB23249 Product: Easing Slider WordPress Plugin Vendor: Easing Slider Vulnerable Version(s): 2.2.0.6 and probably prior Tested Version: 2.2.0.6 Advisory Publication: January 21, 2015 [without technical details] Vendor Notification: January 21, 2015 Vendor Patch: January 22, 2015

Facebook Bug Bounty #23 - Session ID CSRF Vulnerability

2015-02-11 Thread Vulnerability Lab
Document Title: === Facebook Bug Bounty #23 - Session ID CSRF Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1432 Facebook Security ID: 10202805822321483 Video: https://www.youtube.com/watch?v=SAr2AGLrBkQ Vulnerability

Multiple Vulnerabilities in my little forum

2015-02-11 Thread High-Tech Bridge Security Research
Advisory ID: HTB23248 Product: my little forum Vendor: http://mylittleforum.net/ Vulnerable Version(s): 2.3.3 and probably prior Tested Version: 2.3.3 Advisory Publication: January 14, 2015 [without technical details] Vendor Notification: January 14, 2015 Vendor Patch: February 8, 2015 Public