Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
This interface uses easily guessable session IDs, which allows attackers
to authenticate
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
The management web interface has no protection against cross-site
request forg
Document Title:
===
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1323
Video: http://www.vulnerability-lab.com/get_content.php?id=1336
Vulnerability Magazine:
http://ma
Introduction
SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical
purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1
[RFC4346],
and TLS 1.2 [RFC5246], many TLS implementations remain backwardscompatible with
SSL 3.0 to interoperate with legacy
Title: Remote file upload vulnerability in
aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-07
Download Site:
https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms
Vendor: Waters Edge Web Design and Net
Authentication Bypass in Pandora FMS
Information
Name: Pandora FMS - Authentication Bypass
Affected Software : Pandora FMS
Affected Versions: 5.0,
Hi Full Disclosure,
>From their page (https://rncryptor.github.io):
RNCryptor is a data format specificiation for AES encryption, with AES-256,
> random-salted PBKDF2, AES-CBC, random IV, and HMAC. It has implementations
> in several languages.
Their PHP implementation has two vulnerabilities i