Vulnerability title: Remote Code Execution in Projoom NovaSFH Plugin
CVE: CVE-2014-1214
Vendor: Projoom
Product: NovaSFH Plugin
Version: 3.0.3
Reported by: Yuri Kramarz
Details:
The PHP executable which is responsible for handling file upload
functionality allows arbitrary files to be uploaded to
Hello again,
today a little bird known as i0n1c twitted something about me [1],
claiming that I was wrong, and that CVE-2014-1860 could actually be
exploited, because there is S: which allows encoded NUL bytes [2], and
that's true in part. So, instead of using a string like this:
Hi there,
Recently I found a few vulnerabilities in Oracle VM VirtualBox, the
open-source virtualization product. These have already been reported to the
project, fixed and disclosed in the form of the recent January 2014 Oracle
Critical Patch Update (at
Visa (Europe) Website Vulnerability
==
Published Report: 07/02/2014
Credits: Advanced Information Security Corporation, USA
Severity: High/Critical (OWASP TOP 10)
Type: Web Application / Cross-Site Scripting Attack.
Author: Nicholas Lemonias. (Information Security
I haven't read the whole thread, so I apologize in advance for commenting
on it. But I think it's important to mention that not a vulnerability and
not exploitable are entirely different concepts. Since conclusively
proving that a vulnerability is 100% not exploitable for all code paths in
all
Document Title:
===
gpEasy v4.3.x CMS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1189
Release Date:
=
2014-02-06
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
Facebook Bug Bounty #12 - Client Side Exception Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1190
Facebook Security ID: 186072579
Release Date:
=
2014-02-07
Vulnerability
Hello list!
Last year I wrote about multiple vulnerabilities in Google Maps plugin.
After my informing the developer fixed them, but this year I found new
vulnerabilities.
These are Denial of Service and Insufficient Anti-automation vulnerabilities
in Google Maps plugin for Joomla.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2856-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
February 07, 2014
Anyone have security contact at Bank of the West?
--
Kristian Erik Hermansen
https://www.linkedin.com/in/kristianhermansen
https://profiles.google.com/kristian.hermansen
___
Full-Disclosure - We believe in it.
Charter:
10 matches
Mail list logo