-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fundación Dr. Manuel Sadosky - Programa STIC Advisory
www.fundacionsadosky.org.ar
Missing SSL certificate validation in MercadoLibre app for Android
1. *Advisory Information*
Title: Missing SSL cert validation in MercadoLibre
*[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP
Governance, Risk and Compliance (SAP GRC)*
Please refer to http://www.esnc.de for the original security advisory,
updates and additional information.
*1.
Bu
Hi,
The Lantronix xPrintServer is a small Linux powered print server for iOS. Main
configuration happens through a web interface.
The problem is that the configuration happens through some ‘RPC’ interface; the
web interfaces uses AJAX requests to talk to a CGI script that simply executes
shell
=
MGC ALERT 2014-001
- Original release date: January 12, 2014
- Last revised: November 12, 2014
- Discovered by: Manuel García Cárdenas
- Severity: 7,1/10 (CVSS Base Score)
=
I. VULNERABILITY
Document Title:
===
PayPal Inc Bug Bounty- Filter Bypass & Arbitrary Code Execution Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=936
Video: http://www.vulnerability-lab.com/get_content.php?id=1275
Vulnerability Magazine:
Hi,
This is the 8th part of the ManageOwnage series. For previous parts see [1].
This time we have a file upload leading to remote code execution and a
blind SQL injection in ManageEngine OpManager, Social IT Plus and
IT360.
ManageEngine have released an emergency fix, see details in the
advisory