[FD] E-Journal CMS (ID) - Multiple Web Vulnerabilities

2014-12-18 Thread Vulnerability Lab
Document Title: === E-Journal CMS (ID) - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1380 Release Date: = 2014-12-17 Vulnerability Laboratory ID (VL-ID):

[FD] Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

2014-12-18 Thread Vulnerability Lab
Document Title: === Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1368 Facebook Security ID: 219162244 Release Date: = 2014-12-10 Vulnerability Laboratory ID

[FD] Apple iOS v8.x - Message Context Privacy Vulnerability

2014-12-18 Thread Vulnerability Lab
Document Title: === Apple iOS v8.x - Message Context Privacy Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1346 Video: http://www.vulnerability-lab.com/get_content.php?id=1350 Release Date: = 2014-12-16

[FD] SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)

2014-12-18 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141218-0 === title: Multiple critical vulnerabilities product: VDG Security SENSE (formerly DIVA) vulnerable version: 2.3.13 fixed version

[FD] SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted

2014-12-18 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141218-1 === title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.14.1 fixed version: =0.15.0

[FD] SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

2014-12-18 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141218-2 === title: Multiple high risk vulnerabilities product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP1 Hot Fix 3

[FD] TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables

2014-12-18 Thread Peter Thoeny
This is an advisory for TWiki Administrators: The TWiki Variables QUERYSTRING and QUERYPARAMSTRING may expose a cross-site scripting vulnerability. TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people. * Vulnerable Software

[FD] TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch

2014-12-18 Thread Peter Thoeny
This is an advisory for TWiki Administrators: A specially crafted URL parameter to the WebSearch topic may expose a cross-site scripting vulnerability. TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people. * Vulnerable Software

[FD] CVE-2014-8752 JCE-Tech Video Niche Script XSS (Cross-Site Scripting) Security Vulnerability

2014-12-18 Thread Jing Wang
*CVE-2014-8752 JCE-Tech Video Niche Script XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: JCE-Tech Video Niche Script /view.php Multiple Parameters XSS Product: Video Niche Script Vendor: JCE-Tech Vulnerable Versions: 4.0 Tested Version: 4.0 Advisory Publication: Nov 18, 2014

[FD] CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

2014-12-18 Thread Jing Wang
*CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: TennisConnect TennisConnect COMPONENTS System /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor: TennisConnect Vulnerable Versions: 9.927 Tested Version:

[FD] [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities

2014-12-18 Thread Matteo Beccati
Revive Adserver Security Advisory REVIVE-SA-2014-002 http://www.revive-adserver.com/security/revive-sa-2014-002

[FD] Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities

2014-12-18 Thread Jing Wang
*Yahoo Yahoo.com Yahoo.co.jp http://Yahoo.co.jp Open Redirect Security Vulnerabilities* Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all. Multiple Open Redirect vulnerabilities were reported Yahoo.