date:20150218

[FD] Reflected File Download in AOL Search Website

2015-02-18 Thread Ricardo Iramar dos Santos

Oren Hafif reported a new kind of attack called Reflected File Download ( https://www.blackhat.com/eu-14/briefings.html#reflected-file-download-a-new-web-attack-vector) in Black Hat Europe 2014 conference. More details about the attack you can found in his public presentation: https://www.blackhat.

[FD] Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3

2015-02-18 Thread Steffen Rösemann

Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo <= v. 2.7.3 Advisory ID: SROEADV-2015-06 Author: Steffen Rösemann Affected Software: CMS Piwigo <= v. 2.7.3 (Release date: 9th January 2015) Vendor URL: http://piwigo.org Vendor Status: patched CVE-ID: - ==

[FD] PHP Code Execution in jui_filter_rules Parsing Library

2015-02-18 Thread Timo Schmid

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 PHP Code Execution in jui_filter_rules Parsing Library == Researcher: Timo Schmid Description === jui_filter_rules[1] is a jQuery plugin which allows users to generate a ruleset which

[FD] [CVE-REQUEST] Multiple vulnerabilities on GLPI

2015-02-18 Thread Stiehl

Multiple vulnerabilities have been identified in GLPI (http://www.glpi-project.org). 1/ Arbitrary file upload Severity: Important Versions Affected === All versions between 0.85 and 0.85.2 Description === When an user wants to create a new ticket, he has the possibility to add an

[FD] Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilities

2015-02-18 Thread Rehan Ahmed

I. Overview Multiple CSRF & Cross-Site Scripting (XSS) vulnerabilities have been identified in Crushftp 7.2.0 (Web Interface) on default configuration. These vulnerabilities allows

[FD] CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2015-02-18 Thread Jing Wang

*CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: InstantForum.NET Vendor: InstantASP Vulnerable Versions: v4.1.3 v4.1.1 v4.

[FD] DLGuard SQL Injection Security Vulnerabilities

2015-02-18 Thread Jing Wang

DLGuard SQL Injection Security Vulnerabilities Exploit Title: DLGuard /index.php c parameter SQL Injection Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: Feb 18, 2015 Latest Update: Feb 18, 2015 Vulnerability Type: Im

[FD] DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities

2015-02-18 Thread Jing Wang

*DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities* Exploit Title: DLGuard /index.php c parameter Full Path Disclosure Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: Feb 18, 2015 Latest Upda

[FD] DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2015-02-18 Thread Jing Wang

*DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v5 v4.6 v4.5 Tested Version: v5 v4.6 Advisory Publication: Feb 18, 2015 Lat

[FD] Bug in TradeWinds

2015-02-18 Thread Juan Martinez

Hi, I turn to you because I want to make public a bug, a web server called Trade Winds, by which much compromising information of internal servers exposed ... Through a Dork on google: inurl: cgi-shl / twserver.exe run?. They are vulnerable server, injecting this url: http: //victim/cgi-shl/twserve

[FD] Agora Marketplace CSRF to Steal Bitcoins (agorahooawayyfoe.onion)

2015-02-18 Thread agoraagoraagora

Ladies and gentlemen Boys and girls It come to our attention that a brave warrior for the people Ross William Ulbricht was unlawfully convicted by the corporation known as the American government. This mockery of justice has not gone unnoticed. In order to protect the next generation of darknet

[FD] [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite

2015-02-18 Thread RedTeam Pentesting GmbH

Advisory: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite During a penetration test, RedTeam Pentesting discovered a Directory Traversal vulnerability in hybris Commerce software suite. This vulnerability allows attackers to download arbitrary files of

[FD] Reflected File Download in AOL Search Website

[FD] Reflecting XSS- and SQL injection-vulnerabilities in the administrative backend of Piwigo <= v. 2.7.3

[FD] PHP Code Execution in jui_filter_rules Parsing Library

[FD] [CVE-REQUEST] Multiple vulnerabilities on GLPI

[FD] Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilities

[FD] CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

[FD] DLGuard SQL Injection Security Vulnerabilities

[FD] DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities

[FD] DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

[FD] Bug in TradeWinds

[FD] Agora Marketplace CSRF to Steal Bitcoins (agorahooawayyfoe.onion)

[FD] [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite

12 matches

Site Navigation

Mail list logo

Footer information