[FD] CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities

2015-01-31 Thread Jing Wang
CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS Product: SnipSnap Vulnerable Versions: 0.5.2a 1.0b1 1.0b2 Tested Version: 0.5.2a 1.0b1 1.0b2 Advisory Publication: Jan 30, 2015 Latest Update: Jan 30, 2015

[FD] SQL injection vulnerabilities in zerocms = v.1.3.3

2015-01-31 Thread Steffen Rösemann
Advisory: SQL injection vulnerabilities in zerocms = v.1.3.3 Advisory ID: SROEADV-2015-13 Author: Steffen Rösemann Affected Software: zerocms = v.1.3.3 (released 23rd-Jan-2015) Vendor URL: http://aas9.in/zerocms/ Vendor Status: platform will be moving to Rails4 CVE-ID: -

[FD] Major Internet Explorer Vulnerability - NOT Patched

2015-01-31 Thread David Leo
Deusen just published code and description here: http://www.deusen.co.uk/items/insider3show.3362009741042107/ which demonstrates the serious security issue. Summary An Internet Explorer vulnerability is shown here: Content of dailymail.co.uk can be changed by external domain. How To Use 1.

[FD] Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you

2015-01-31 Thread Stefan Kanthak
Hi @ll, on Windows, the command line an application receives can differ from the command line the calling application supplies to CreateProcess*(). The documentation of GetCommandLine() https://msdn.microsoft.com/en-us/library/ms683156.aspx tells: | Note The name of the executable in the

[FD] Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384

2015-01-31 Thread Onur Yilmaz
Information Advisory by Netsparker. Name: XSS Vulnerability in Banner Effect Header Affected Software : Banner Effect Header Affected Versions: 1.2.7 and possibly below Vendor Homepage : https://wordpress.org/plugins/banner-effect-header/ Vulnerability Type : Cross-site Scripting