Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning
Board 4.0
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Tapatalk plugin for the WoltLab Burning Board forum software,
which allows attackers to inject arbitrary JavaScript code via
The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to
version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by
specifying the target URL in the URL parameter board_url in URLs like the
following:
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Corel Software DLL Hijacking
1. *Advisory Information*
Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published:
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Corel Software DLL Hijacking
1. *Advisory Information*
Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published:
Snom SIP phones (www.snom.com) have a builtin HTTP/HTTPS configuration
interface, which is enabled by default.
By making a single HTTP POST request all available memory (and CPU) can be
exhausted, resulting in a reboot of the phone.
This even works if the HTTP/HTTPS interface is protected by
Details
===
Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lapp...@gmail.com
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x.
Fixed Version: 11.6
Summary
===
The F5 ASM is a web
Hi FD,
I'm sure you're all sick to death of hearing about Lizard Squad and the
skid marks they're leaving all over the place, so we'll make this brief:
Lizard Squad has been rekt and the source code for their bots is now
available for your viewing pleasure.
# Exploit Title: XSS Vulnerability in Fork CMS 3.8.3
# Google Dork: N/A
# Date: 12/26/2014
# Exploit Author: Le Ngoc phi (phi.n...@itas.vn) and ITAS Team (www.itas.vn)
# Vendor Homepage: http://www.fork-cms.com
# Software Link: http://www.fork-cms.com/blog/detail/fork-3.8.4-released
#
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Corel Software DLL Hijacking
1. *Advisory Information*
Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published:
Edit: Corrected the date in the timeline from 01/12/14 to 01/12/15.
Details
===
Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lapp...@gmail.com
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely
ayy lmao
//Julius Kivimäki, leader of Lizard Squad
2015-01-12 10:29 GMT+00:00 Robert Cavanaugh sleuth1...@gmail.com:
Hi FD,
I'm sure you're all sick to death of hearing about Lizard Squad and the
skid marks they're leaving all over the place, so we'll make this brief:
Lizard Squad has been
# Exploit Title: SQL Injection Vulnerability in Microweber 0.95
# Vendor: https://microweber.com/
# Download link: https://microweber.com/download
(https://github.com/microweber/microweber)
# CVE ID: CVE-2014-9464
# Vulnerability:
Origin:
Visit https://technet.microsoft.com/library/security/ms14-080
Go to Acknowledgments part and search for CVE-2014-6365
It says Dieyu - that's me.
Technical Details:
Internet Explorer XSS Filter Bypass Vulnerability is done by...
1. Inject a href link into target page.
(Not script, allowed
Hi
i just did
$ dd if=/dev/zero bs=1M count=32 | curl http://$IP/
Response: Unauthorized request
did i miss anything?
Firmware: snom360-SIP 8.7.4.8
not downloadable any more for some reason?
Yours
Martin
___
Sent through the Full Disclosure
14 matches
Mail list logo