Document Title:
===
Blitz CMS Community - SQL Injection Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1403
Release Date:
=
2015-01-12
Vulnerability Laboratory ID (VL-ID):
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning
Board 4.0
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Tapatalk plugin for the WoltLab Burning Board forum software,
which allows attackers to inject arbitrary JavaScript code via URL
The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to
version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by
specifying the target URL in the URL parameter board_url in URLs like the
following:
http://www.example.com/mobiquo/smartbanner/welcome.php?b
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Corel Software DLL Hijacking
1. *Advisory Information*
Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-1
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Corel Software DLL Hijacking
1. *Advisory Information*
Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-1
# Exploit Title: XSS Vulnerability in Fork CMS 3.8.3
# Google Dork: N/A
# Date: 12/26/2014
# Exploit Author: Le Ngoc phi (phi.n...@itas.vn) and ITAS Team (www.itas.vn)
# Vendor Homepage: http://www.fork-cms.com
# Software Link: http://www.fork-cms.com/blog/detail/fork-3.8.4-released
# Version
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Corel Software DLL Hijacking
1. *Advisory Information*
Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-1
Snom SIP phones (www.snom.com) have a builtin HTTP/HTTPS configuration
interface, which is enabled by default.
By making a single HTTP POST request all available memory (and CPU) can be
exhausted, resulting in a reboot of the phone.
This even works if the HTTP/HTTPS interface is protected by usern
Details
===
Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lapp...@gmail.com
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x.
Fixed Version: 11.6
Summary
===
The F5 ASM is a web applic
Hi FD,
I'm sure you're all sick to death of hearing about Lizard Squad and the
skid marks they're leaving all over the place, so we'll make this brief:
Lizard Squad has been rekt and the source code for their bots is now
available for your viewing pleasure.
https://github.com/pop-pop-ret/lizkebab
Hi
i just did
$ dd if=/dev/zero bs=1M count=32 | curl http://$IP/
Response: Unauthorized request
did i miss anything?
Firmware: snom360-SIP 8.7.4.8
not downloadable any more for some reason?
Yours
Martin
___
Sent through the Full Disclosure mailing
Edit: Corrected the date in the timeline from 01/12/14 to 01/12/15.
Details
===
Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lapp...@gmail.com
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.
ayy lmao
//Julius Kivimäki, leader of Lizard Squad
2015-01-12 10:29 GMT+00:00 Robert Cavanaugh :
> Hi FD,
>
> I'm sure you're all sick to death of hearing about Lizard Squad and the
> skid marks they're leaving all over the place, so we'll make this brief:
> Lizard Squad has been rekt and the so
Hi Brandon,
> I always assume if I have
> found a vulnerability, someone else has found it as well.
Yes, you should. For those out there who don't routinely find
vulnerabilities, it is hard for them to understand that these issues
aren't hard to find if you know what you're looking for. Quite
# Exploit Title: SQL Injection Vulnerability in Microweber 0.95
# Vendor: https://microweber.com/
# Download link: https://microweber.com/download
(https://github.com/microweber/microweber)
# CVE ID: CVE-2014-9464
# Vulnerability: SQ
Origin:
Visit https://technet.microsoft.com/library/security/ms14-080
Go to "Acknowledgments" part and search for "CVE-2014-6365"
It says "Dieyu" - that's me.
Technical Details:
"Internet Explorer XSS Filter Bypass Vulnerability" is done by...
1. Inject "a href" link into target page.
(Not script
16 matches
Mail list logo