[FD] First annual BloomCON CFP

Digital Forensics pros, InfoSec pros, h4x0rs, stuff breakers, g33k girls, The first BloomCON Forensics and Security conference will be held February 5-6, 2016 in Bloomsburg, PA (USA). We are now officially accepting presentation and workshop submissions for the event. We will have two speaking a

[FD] SQLiteManager 1.2.4: Multiple XSS

SQLiteManager 1.2.4: Multiple XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: SQLiteManager 1.2.4 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: sqlitemana...@gmail.com Vulnerability Type: XSS Remote Exploita

[FD] TheHostingTool 1.2.6: Multiple XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product:TheHostingTool 1.2.6 Fixed in:not fixed Fixed Version Link: n/a Vendor Website: https://thehostingtool.com/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed

[FD] TheHostingTool 1.2.6: Multiple SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product:TheHostingTool 1.2.6 Fixed in:not fixed Fixed Version Link: n/a Vendor Website: https://thehostingtool.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/07/2015

[FD] TheHostingTool 1.2.6: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product:TheHostingTool 1.2.6 Fixed in:not fixed Fixed Version Link: n/a Vendor Website: https://thehostingtool.com/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 09/07/2015

[FD] Quick.Cart 6.6: Multiple XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product:Quick.Cart 6.6 Fixed in:not fixed Fixed Version Link: n/a Vendor Contact: i...@opensolution.org Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed to public: 1

[FD] Quick.Cart 6.6: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product:Quick.Cart 6.6 Fixed in:not fixed Fixed Version Link: n/a Vendor Contact: i...@opensolution.org Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed to public:

[FD] CubeCart 6.0.7: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product:CubeCart 6.0.7 Fixed in:6.0.8 Fixed Version Link: https://www.cubecart.com/thank-you/CubeCart-6.0.8.zip Vendor Contact: sa...@cubecart.com Vulnerability Type: XSS Remote Exploitable: Yes Reported to

[FD] CubeCart 6.0.7: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product:CubeCart 6.0.7 Fixed in:6.0.8 Fixed Version Link: https://www.cubecart.com/thank-you/CubeCart-6.0.8.zip Vendor Contact: sa...@cubecart.com Vulnerability Type: Code Execution Remote Exploitable: Yes

[FD] Supercali Event Calendar 1.0.8: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product:Supercali Event Calendar 1.0.8 Fixed in:not fixed Fixed Version Link: n/a Vendor Website: http://supercali.inforest.com/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/20

[FD] Supercali Event Calendar 1.0.8: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product:Supercali Event Calendar 1.0.8 Fixed in:not fixed Fixed Version Link: n/a Vendor Website: http://supercali.inforest.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2

[FD] OpenCart 2.0.3.1: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product:OpenCart 2.0.3.1 Fixed in:not fixed Fixed Version Link: n/a Vendor Website: https://www.opencart.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to pu

[FD] MyWebSQL 3.6: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product:MyWebSQL 3.6 Fixed in:not fixed Fixed Version Link: n/a Vendor Website: http://mywebsql.net/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/

[FD] MiniBB 3.1.1: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product:MiniBB 3.1.1 Fixed in:3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: secur...@minibb.com Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor:

Re: [FD] eBay Magento <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM

Hi, There are some news sites that confuse this Magento/Zend Framework vulnerability with an old SOAP parser xxe vulnerability of CVE-2013-1643 in the PHP core which was fixed in PHP 5.4.13 in 2013. The incorrect news may give false sense of security to users with newer PHP versions when in fact,

[FD] New release: UFONet v0.6 - "Galactic OFFensive!"

Hi lists, I am glad to present a new release of this tool. http://ufonet.03c8.net UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. New options added are: