Document Title:
===
Video WiFi Transfer 1.01 - Directory Traversal Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1288
Release Date:
=
2014-08-02
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
FreeDisk v1.01 iOS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1287
Release Date:
=
2014-08-01
Vulnerability Laboratory ID (VL-ID):
Vulnerability title: Authentication Bypass in Barracuda Web Application
Firewall
CVE: CVE-2014-2595
Vendor: Barracuda
Product: Web Application Firewall
Affected version: Firmware v7.8.1.013
Fixed version: N/A
Reported by: Nick Hayes
Details:
It is possible to re-use a link which includes a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Superfish 7.x-1.9 Cross Site Scripting Vulnerability
Author: Ubani A Balogun ub...@sas.upenn.edu
Reported: June 25, 2014
Product Description:
-
Superfish integrates jQuery
1. Advisory Overview
Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster
Recovery solution affecting both the client and server software (see Additional
Information section) include but are not limited to reflected XSS, source
code/sensitive information disclosure,
===
Varutra Consulting Responsible Vulnerability Disclosure
- Vulnerability release date: November 11th, 2013
- Last revised: February 5th, 2014
- Discovered by: http://varutra.com/blog/?p=281
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
##
# _ ___ _ _ _ _
# | | / _ \| \ | |/ ___|/ ___| / \|_ _|
# | | | | | | \| | | _| | / _ \ | |
# | |__| |_| | |\ | |_| | |___ / ___ \| |
Exchange Multiple Internal IP Disclosures
--
Advisory:
http://foofus.net/?p=758
http://www.securitypentest.com/2014/08/exchange-multiple-internal-ip.html
Autodiscover Enumeration Vulnerability
--
Advisory:
0h4i! 1m a p3rs0n wh0 l1k3z t0 3x4m1n3 s1t3z 1n t3h 4l3x4 t0p 500
t0d4y, l3tz take a l00k at huffp0 s33 wu7 f41lz 4w41t!
https://secure.huffingtonpost.com/robots.txt
User-agent: *
Disallow: /backstage/
Disallow: /blackberry/
Disallow: /users/
Disallow: /contact/pop/
Disallow: /t/
Disallow:
### The Preferred Roaming List Zero Intercept Attack
# SUMMARY #
Attackers in position to carry out Monkey-in-the-Middle against
CDMA2000 links between customer stations and their carrier BTS
equipment can leverage silent push PRL updates to apply a routing list
preferring paths through malicious
On Fri, Aug 1, 2014 at 4:06 AM, coderman coder...@gmail.com wrote:
...
# ADDITIONAL INFORMATION #
Will not be coming from this channel. This includes no press; sorry.
Third parties encouraged to continue and disseminate additional
inquiry, however!
please direct questions to Mathew Solnik
It's not an 0day, I dropped this in may.
On Mon, Aug 4, 2014 at 9:39 AM, Douglas Held r...@douglasheld.net wrote:
Hello MustLive,
Did you disclose this to HP? You didn't mention whether this is 0-day or
disclosed (I think you usually publish your disclosure timeline)
Thanks
Doug
Date:
Thanks for reporting this bug to the Drupal Security Team and for sharing a
description of it here.
I think the mitigating factors section is a little unclear. I've added some
information about them inline below.
On Mon, Aug 4, 2014 at 12:54 PM, Ubani Balogun ub...@sas.upenn.edu wrote:
Hey all,
Since I haven't really ever properly done it, i wanted to officially
announce american fuzzy lop, a novel instrumentation-driven fuzzer
that, among other things, had some luck finding a bunch of fairly
interesting image parsing security issues (e.g., CVE-2013-6629,
CVE-2013-6630).
14 matches
Mail list logo