[FD] Openfiler DoS via CSRF (CVE-2014-7190)

# Exploit author: @dolevff # Vendor homepage: http://www.openfiler.com # Affected Software version: 2.99.1 (latest) # Alerted vendor: 7.5.14 # CVE-2014-7190 Software Description = Openfiler is a network storage operating system. With the features we built into Openfiler, you

[FD] XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158)

I. VULNERABILITY - XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite II. BACKGROUND - WAN Optimization Suite integrates enterprise-caliber bandwidth acceleration and optimization with best-in-class application network visibili

Re: [FD] Critical bash vulnerability CVE-2014-6271

On Thu, Sep 25, 2014 at 02:39:55PM +0200, Philip Cheong wrote: Worse that heartbleed? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ I'm able to get remote code exec

[FD] uni-konstanz.de subdomain, arbitrary file download

Hi, there is a arbitrary file download vulnerability in the University Konstanz Website. Vulnerable link: http://www.wiwi.uni-konstanz.de/index.php?eID=tx_nawsecuredl&u=0&file=[ File here! ] ___ Sent through the Full Disclosure mailing list http://nma

Re: [FD] Critical bash vulnerability CVE-2014-6271 (slightly OT logo discussion)

On 2014-09-25 09:14, Tony Arcieri wrote: On Thu, Sep 25, 2014 at 8:55 AM, Michal Zalewski wrote: In what way? It doesn't have a logo, so it's a bit better in my book. That's where you're wrong: https://pbs.twimg.com/media/ByVh24fCcAAy7mT.png I propose a contest - IMO if Heartbleed got a

[FD] Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities

Document Title: === Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=716 Release Date: = 2014-09-22 Vulnerability Laboratory ID (VL-ID): ===

[FD] Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability

Document Title: === Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=660 Release Date: = 2014-09-18 Vulnerability Laboratory ID (VL-ID):

[FD] SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability

Document Title: === SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1298 Tracking ID: 088-1B879F0C-0A22 Release Date: = 2014-09-22 Vulnerability Labora

[FD] Oracle Corporation MyOracle - Persistent Vulnerability

Document Title: === Oracle Corporation MyOracle - Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1261 Oracle Security ID (Team Tracking ID): ad...@vulnerability-lab.com-001 Release Date: = 2014-09-1

[FD] GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability

Document Title: === GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1325 Release Date: = 2014-09-22 Vulnerability Laboratory ID (VL-ID): ===