## FULL DISCLOSURE
#Product : WP-Ultimate CSV Importer
#Exploit Author : Rahul Pratap Singh
#Version : 3.8.6
#Home page Link : https://wordpress.org/plugins/wp-ultimate-csv-importer
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 27/Jan/2016
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3454-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2016
PHP File Manager 0.9.8 (http://phpfm.sourceforge.net/) is vulnerable
to authentication bypass due to insecure implementation of register
globals emulation. An attacker is able to override the blockKeys array
and thus build a valid session and access all the protected
functionality (including
1. Advisory Information
Title: Lenovo ShareIT Multiple Vulnerabilities
Advisory ID: CORE-2016-0002
Advisory URL:
http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities
Date published: 2016-01-25
Date of last update: 2016-01-22
Vendors contacted: Lenovo
Release mode:
The LiteSpeed SAPI module in PHP did not sanitize several fields of the
LSAPI request correctly. In the source file sapi/litespeed/lsapilib.c,
the parseRequest function calculated addresses of thesevariables in the
following way:
pReq->m_pScriptFile = pReq->m_pReqBuf +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04944173
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04944173
Version: 1
HPSBGN03536
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04944172
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04944172
Version: 1
HPSBGN03537
glibc catopen() Multiple unbounded stack allocations
URL: https://cxsecurity.com/issue/WLB-2016010149
---
PoC:
#include
#include
#include
int main(){
char *buff;
buff=malloc();
memset(buff,'A',1110);
buff[1110]='\0';
catopen(buff,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2016-01-25-1 tvOS 9.1.1
tvOS 9.1.1 is now available and addresses the following:
Disk Images
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A
#Product: WP Easy Gallery
#Exploit Author : Rahul Pratap Singh
#Version: 4.1.4
#Home page Link : https://wordpress.org/plugins/wp-easy-gallery
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 26/Jan/2016
XSS Vulnerability:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3453-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 25, 2016
Magento 1.9.x Multiple Man-In The Middle
https://cxsecurity.com/issue/WLB-2016010129
--- Description ---
The man-in-the middle attack intercepts a communication between two systems.
For example, in an http transaction the target is the TCP connection between
client and server. Using different
12 matches
Mail list logo