[FD] Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities

2015-03-07 Thread Jing Wang
*Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities* Exploit Title: Webshop hun v1.062S /index.php termid parameter Information Leakage Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version:

Re: [FD] Java 8u40 released: why?

2015-03-07 Thread Alexander Burke
Java 8u40 includes adware on OS X for the first time ever: http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/ Sorry for the poor quality of the link; I don't have time to find a better one. — Alex El 06/03/2015, a les 21:02, paul.sz...@sydney.edu.au va

[FD] WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities

2015-03-07 Thread Jing Wang
*WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme v1.6.2 /thumb.php src Parameter Unrestricted Upload of File Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable

Re: [FD] Java 8u40 released: why?

2015-03-07 Thread Alan Coopersmith
On 03/ 6/15 12:02 PM, paul.sz...@sydney.edu.au wrote: I notice that Java (JDK, JRE) update 8u40 has been released. Though http://www.oracle.com/technetwork/java/javase/downloads/index.html says this release includes important security fixes ... My reading of the first WWW page is that only

Re: [FD] Java 8u40 released: why?

2015-03-07 Thread James Hodgkinson
Maybe the major change is that they’re including the Ask toolbar in all releases now, not just the windows one? :) The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac running that latest release of OS X, the

Re: [FD] Java 8u40 released: why?

2015-03-07 Thread Nick FitzGerald
James Hodgkinson wrote: Maybe the major change is that they're including the Ask toolbar in all releases now, not just the windows one? :) Indeed! The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac

[FD] WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

2015-03-07 Thread Jing Wang
*WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.2 Tested

[FD] Fw: Vulnerabilities in ASUS RT-G32

2015-03-07 Thread MustLive
Hello list! There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in ASUS Wireless Router RT-G32. - Affected products: - Vulnerable is the next model: ASUS RT-G32 with different versions of firmware. I checked in ASUS

Re: [FD] Java 8u40 released: why?

2015-03-07 Thread paul . szabo
Alan Coopersmith alan.coopersm...@oracle.com wrote (and he should know!): Java 8u40 is a feature release that's been planned for almost a year, not a special out of band bug fix release. http://openjdk.java.net/projects/jdk8u/releases/8u40.html