Re: [FD] The Misfortune Cookie Vulnerability

> See http://mis.fortunecook.ie for the rest. I think you might have accidentally pasted the wrong link. This one doesn't seem to contain additional information. Cheers, /mz ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/list

[FD] Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities

*Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities* Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all. Multiple Open Redirect vulnerabilities were reported Yahoo

[FD] The Misfortune Cookie Vulnerability

Hey there, Recently our group has uncovered a serious vuln in RomPager - the most popular web server in the world, found in millions of embedded devices (mostly residential gateways / SOHO routers), which unfortunately allows gaining admin access to the router from the WAN (port 80 access not r

[FD] [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities

Revive Adserver Security Advisory REVIVE-SA-2014-002 http://www.revive-adserver.com/security/revive-sa-2014-002

[FD] CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

*CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: TennisConnect "TennisConnect COMPONENTS System" /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor: TennisConnect Vulnerable Versions: 9.927 Tested Version

[FD] CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability

*CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: JCE-Tech "Video Niche Script" /view.php Multiple Parameters XSS Product: "Video Niche Script" Vendor: JCE-Tech Vulnerable Versions: 4.0 Tested Version: 4.0 Advisory Publication: Nov 18,

[FD] TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch

This is an advisory for TWiki Administrators: A specially crafted URL parameter to the WebSearch topic may expose a cross-site scripting vulnerability. TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people. * Vulnerable Software

[FD] TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables

This is an advisory for TWiki Administrators: The TWiki Variables QUERYSTRING and QUERYPARAMSTRING may expose a cross-site scripting vulnerability. TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people. * Vulnerable Software Vers

[FD] The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED

Get free programming and development from OS community http://www.wired.com/2014/12/fbi-metasploit-tor/ ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclos

[FD] Dictionary/brute-force attack against "kerberized" IIS service accounts without triggering account lockout

Not sure if this is old news by now, but I haven't seen it mentioned anywhere. I was writing some walkthroughs for the alpha version of Mimikatz 2.0, and realized that since the "Silver Ticket" functionality involves one of the Windows kerberos ticket encryption keys being the NTLM hash of th

[FD] SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

SEC Consult Vulnerability Lab Security Advisory < 20141218-2 > === title: Multiple high risk vulnerabilities product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP1 H

[FD] SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted

SEC Consult Vulnerability Lab Security Advisory < 20141218-1 > === title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: <=0.14.1 fixed version:

[FD] SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)

SEC Consult Vulnerability Lab Security Advisory < 20141218-0 > === title: Multiple critical vulnerabilities product: VDG Security SENSE (formerly DIVA) vulnerable version: 2.3.13 fixed v

[FD] Apple iOS v8.x - Message Context & Privacy Vulnerability

Document Title: === Apple iOS v8.x - Message Context & Privacy Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1346 Video: http://www.vulnerability-lab.com/get_content.php?id=1350 Release Date: = 2014-12-16 V

[FD] Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

Document Title: === Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1368 Facebook Security ID: 219162244 Release Date: = 2014-12-10 Vulnerability Laboratory ID (V

[FD] E-Journal CMS (ID) - Multiple Web Vulnerabilities

Document Title: === E-Journal CMS (ID) - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1380 Release Date: = 2014-12-17 Vulnerability Laboratory ID (VL-ID): ===

[FD] iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

Document Title: === iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1375 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336 CVE-ID: === CVE-2014-9336 Release Date: