[FD] FileVista v6.0.8.0 Insecure zip file handling

2014-11-26 Thread DS MailingList
Hi list, FileVista is an IIS package which installs a file server onto Windows Server systems. More information can be obtained from their website at http://www.gleamtech.com/filevista. CVE-2014-8788: The zip file handling routines in FileVista leaks internal paths when users attempt to write a

[FD] CVE-2014-5439 - Root shell on Sniffit [with exploit]

2014-11-26 Thread Hector Marco
CVE-2014-5439 - Root shell on Sniffit Sniffit is a packet sniffer and monitoring tool. The attacker can create a specially-crafted sniffit configuration file, which is able to bypass all three protection mechanisms: - Non-eXecutable bit NX - Stack Smashing Protector SSP - Address

[FD] CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability

2014-11-26 Thread Jing Wang
*Exploit Title: Springshare LibCal XSS (Cross-Site Scripting) Vulnerability* Product: LibCal Vendor: Springshare Vulnerable Versions: 2.0 Tested Version: 2.0 Advisory Publication: Nov 25, 2014 Latest Update: Nov 25, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference:

[FD] CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation

2014-11-26 Thread Jing Wang
http://tetraph.com/security/open-redirect/cve-2014-8754-wordpress-ad-manager-plugin-dest-redirect-privilege-escalation/#respond *CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation* Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation

[FD] All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks

2014-11-26 Thread Jing Wang
*All Links in **Two Topics of Indiatimes (indiatimes.com http://indiatimes.com/) Are Vulnerable to XSS (cross site scripting) Attacks * *Domain Description:* http://www.indiatimes.com According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English

Re: [FD] Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates

2014-11-26 Thread Susan Bradley
Be aware that any out of date Silverlight will be blocked as of November's IE release. http://blogs.msdn.com/b/ie/archive/2014/10/14/october-2014-updates-and-a-preview-of-changes-to-out-of-date-activex-control-blocking.aspx http://technet.microsoft.com/en-us/ie/dn818438.aspx This update notifies

Re: [FD] Slider Revolution/Showbiz Pro shell upload exploit

2014-11-26 Thread Ryan Dewhurst
Do you know if revslider and showbiz create a /wp-content/plugins/revslider/ and /wp-content/plugins/showbiz/ directories? It is so that we can add them as 'slugs' for WPScan (http://wpscan.org) and WPVULNDB (https://wpvulndb.com). On Tue, Nov 25, 2014 at 5:37 PM, Simo Ben youssef

Re: [FD] Slider Revolution/Showbiz Pro shell upload exploit

2014-11-26 Thread Simo Ben youssef
Ryan, Those are the plugins main directories, the plugins create and extract the update zip folder in  wordpress/wp-content/plugins/revslider/temp/update_extract/ then fails to clean up after successful exploitation. So the shell is located in