Oren Hafif reported a new kind of attack called Reflected File Download (
https://www.blackhat.com/eu-14/briefings.html#reflected-file-download-a-new-web-attack-vector)
in Black Hat Europe 2014 conference.
More details about the attack you can found in his public presentation:
https://www.blackhat.
Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo <=
v. 2.7.3
Advisory ID: SROEADV-2015-06
Author: Steffen Rösemann
Affected Software: CMS Piwigo <= v. 2.7.3 (Release date: 9th January 2015)
Vendor URL: http://piwigo.org
Vendor Status: patched
CVE-ID: -
==
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
PHP Code Execution in jui_filter_rules Parsing Library
==
Researcher: Timo Schmid
Description
===
jui_filter_rules[1] is a jQuery plugin which allows users to generate a
ruleset
which
Multiple vulnerabilities have been identified in GLPI
(http://www.glpi-project.org).
1/ Arbitrary file upload
Severity: Important
Versions Affected
===
All versions between 0.85 and 0.85.2
Description
===
When an user wants to create a new ticket, he has the possibility to add
an
I. Overview
Multiple CSRF & Cross-Site Scripting (XSS) vulnerabilities have been
identified in
Crushftp 7.2.0 (Web Interface) on default configuration. These vulnerabilities
allows
*CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site
Scripting) Security Vulnerabilities*
Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site
Scripting) Security Vulnerabilities
Product: InstantForum.NET
Vendor: InstantASP
Vulnerable Versions: v4.1.3 v4.1.1 v4.
DLGuard SQL Injection Security Vulnerabilities
Exploit Title: DLGuard /index.php c parameter SQL Injection Security
Vulnerabilities
Product: DLGuard
Vendor: DLGuard
Vulnerable Versions: v4.5
Tested Version: v4.5
Advisory Publication: Feb 18, 2015
Latest Update: Feb 18, 2015
Vulnerability Type: Im
*DLGuard Full Path Disclosure (Information Leakage) Security
Vulnerabilities*
Exploit Title: DLGuard /index.php c parameter Full Path Disclosure Security
Vulnerabilities
Product: DLGuard
Vendor: DLGuard
Vulnerable Versions: v4.5
Tested Version: v4.5
Advisory Publication: Feb 18, 2015
Latest Upda
*DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities*
Exploit Title: DLGuard Multiple XSS (Cross-Site Scripting) Security
Vulnerabilities
Product: DLGuard
Vendor: DLGuard
Vulnerable Versions: v5 v4.6 v4.5
Tested Version: v5 v4.6
Advisory Publication: Feb 18, 2015
Lat
Hi, I turn to you because I want to make public a bug, a web server called
Trade Winds, by which much compromising information of internal servers
exposed ... Through a Dork on google: inurl: cgi-shl / twserver.exe run?.
They are vulnerable server, injecting this url: http:
//victim/cgi-shl/twserve
Ladies and gentlemen
Boys and girls
It come to our attention that a brave warrior for the people Ross
William Ulbricht was unlawfully convicted by the corporation known as
the American government.
This mockery of justice has not gone unnoticed.
In order to protect the next generation of darknet
Advisory: Directory Traversal and Arbitrary File Disclosure in hybris
Commerce Software Suite
During a penetration test, RedTeam Pentesting discovered a Directory
Traversal vulnerability in hybris Commerce software suite. This
vulnerability allows attackers to download arbitrary files of
12 matches
Mail list logo