[FD] FoxyCart Bug Bounty #1 - Filter Bypass Persistent Vulnerability

2015-07-17 Thread Vulnerability Lab
Document Title: === FoxyCart Bug Bounty #1 - Filter Bypass Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1451 098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0 Release Date: =

[FD] UDID+ v2.5 iOS - Mail Command Inject Vulnerability

2015-07-17 Thread Vulnerability Lab
Document Title: === UDID+ v2.5 iOS - Mail Command Inject Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1542 Release Date: = 2015-07-06 Vulnerability Laboratory ID (VL-ID):

[FD] AirDroid ID - Client Side JSONP Callback Vulnerability

2015-07-17 Thread Vulnerability Lab
Document Title: === AirDroid ID - Client Side JSONP Callback Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1544 Release Date: = 2015-07-10 Vulnerability Laboratory ID (VL-ID):

[FD] UDID+ v2.5 iOS - Mail Command Inject Vulnerability

2015-07-17 Thread Douglas Held
Benjamin, What is an androidios device account? Is that a typo? And does the default mobile/alpine user account suffice? It isn't clear to me whether the iOS device needs to be jailbroken for this exploit to work. The -- Douglas Held d...@douglasheld.net via dough...@gmail.com Note: Sent

[FD] OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)

2015-07-17 Thread king cope
OpenSSH has a default value of six authentication tries before it will close the connection (the ssh client allows only three password entries per default). With this vulnerability an attacker is able to request as many password prompts limited by the “login graced time” setting, that is set to

[FD] 1503A - Chrome - ui::AXTree::Unserialize use-after-free

2015-07-17 Thread Berend-Jan Wever
T*L;DR* After 60 day deadline has passed, I am releasing details on an unfixed use-after-free vulnerability in Chrome's accessibility features, which are disabled by default. The issue does not look exploitable. *More details*

Re: [FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

2015-07-17 Thread Larry W. Cashdollar
On Jul 16, 2015, at 8:18 PM, Larry W. Cashdollar lar...@me.com wrote: Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd Vendor

[FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

2015-07-17 Thread Larry W. Cashdollar
Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd Vendor Notified: 2015-07-09 fixed in v1.110 Vendor Contact: Contact Page via WP site

[FD] weblogin software cross site request

2015-07-17 Thread Juan Martinez
Hi, People i discover a cross site request in this Dork: intitle:weblogin intext:This page will redirect you to: This cross site request is exploit like this example: http://target/Login:%20Weblogin%20%20This%20page%20will%20redirect%20you%20to%20 inject any word you want to screen in the