Vulnerability Report: BT HomeHub 3.0b
***
Report Date: 7 December 2012
Version: 1.01
Prepared by: Zachary Cutlip, zcul...@tacnetsol.com
Tactical Network Solutions, LLC
***
Summary:The BT HomeHub 3.0b has a remote[1] vulnerability that can
===ADVISORY===
Systems Affected: .NET 1.1 through .NET 4.5
Severity: Important
Category: Elevation of Privilege
Author: Context Information Security
Reported to vendor: 23th April 2012
Advisory Issued:9th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2604-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
January 09, 2013
The flaw is not exploitable without privileges. On some occasions there are
forums where there are co-admistrators which have privileges to view the
error log but not to modify code or at least read the mysql connection.
Not have CVE-ID.
2013/1/8 Carlos Alberto Lopez Perez clo...@igalia.com
On
Hi
this p0c old from 2009
http://www.exploit-db.com/exploits/10274
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
In the course of our security assessment consulting we often find 0day
vulnerabilities and report them to vendors. In this particular case the
vendor has unfortunately shown a general disgregard for the security risk
of this uncovered vulnerability which was originally disclosed privately to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2013:004
http://www.mandriva.com/security/
OrangeHRM[1] 2.7.1[2] -- the latest stable release as of this writing --
suffers from a persistent XSS in the vacancy name variable. Steps:
1. Navigate to following URL:
http://[domain]/symfony/web/index.php/recruitment/viewJobVacancy
2. Add or Edit a Vacancy
3. In the Vacancy Name parameter
I am WHK, along with sdc simpleaudit did, I'm part of the staff of
simplemachines.
http://foro.elhacker.net/nivel_web/auditoria_de_seguridad_hacia_simple_machines_forum_20-t271199.0.html
security flaw that was never repaired, no CVE-ID, no one remembered, but the
fault is still.
The failure
List,
Here is the link to Information Security Magazine issue with Market for
vulnerability information grows - Cashing on Zero-day exploits for your
information.
I once shared my idea that ZDI is not right way to go. It should be a market
place (web portal) for selling vulnerabilities based
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: heise.de - Cross-site Scripting vulnerability
Advisory ID:SSCHADV2013-002
Author: Stefan Schurtz
Affected Software: Successfully tested on heise.de
Vendor URL: http://www.heise.de
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS SQLi
vulnerability
Advisory ID:SSCHADV2013-001
Author: Stefan Schurtz
Affected Software: Successfully tested on Concert Calendar 2.1.4
Vendor
On Thu, Jan 10, 2013 at 9:03 AM, Mikhail A. Utin
mu...@commonwealthcare.org wrote:
...
I once shared my idea that ZDI is not right way to go. It should be a market
place (web portal) for selling vulnerabilities based on action price. Like
eBay.
this reasoning assumes money is the only
CVE-2012-5616: Apache CloudStack information disclosure vulnerability
Severity:
Low
CVSS:
3.5, AV:L,AC,H,Au,S,C:P,I:P,A:P
Vendors:
The Apache Software Foundation
Versions Affected:
Apache CloudStack 4.0.0-incubating
Description:
The CloudStack security team was notified of a information
14 matches
Mail list logo