[FD] GNU Wget < 1.18 Arbitrary File Upload

GNU Wget < 1.18 Arbitrary File Upload URL: http://legalhackers.com/advisories/Wget-Arbitrary-File-Upload-Vulnerability-Exploit.txt CVE-2016-4971 GNU Wget before 1.18 when supplied with a malicious URL (to a malicious or compromised web server) can be tricked into saving an arbitrary remote

[FD] CIMA DocuClass ECM - Multiple Vulnerabilities

*CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities* DocuClass is a modular and scalable enterprise content management (ECM) solution that allows organizations to streamline internal operations by significantly improving the way they manage their information within a business

[FD] PrinceXML PHP wrapper command injection

While grabbing a copy PrinceXML, I noticed the company also offered some wrapper classes in various languages for using prince in server applications (web applications). http://www.princexml.com/download/wrappers/ Taking a quick look at the PHP

[FD] CVE ID Request : OpenFire multiple vulnerabilities

# Several vulnerabilities doscovered in OpenFire version 3.10.2 to 4.0.1 ## Product Description **OpenFire** is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the **Ignite realtime** community. The actual version of

[FD] CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Security Advisory - Apache Software Foundation Apache HTTPD WebServer / httpd.apache.org X509 Client certificate based authentication can be bypassed when HTTP/2 is used CVE-2016-4979

Re: [FD] [oss-security] libical 0.47 SEGV on unknown address

I have gone ahead and just pushed my fuzzing results to Github. These were found with American Fuzzy Lop. https://github.com/brandonprry/ical-fuzz While Mozilla lists information leaks as viable for a bug bounty [1], unless it straight up crashes

[FD] Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking

Hi @ll, the executable installer for Microsoft's Visual Studio 2015 Community Edition, available from , is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1 it loads the following DLLs from its "application directory" instead of Windows' "system

[FD] Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability

Document Title: === Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1872 Release Date: = 2016-07-06 Vulnerability Laboratory ID (VL-ID):