[FD] NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities

2015-03-01 Thread Jing Wang
*NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

[FD] Piwik Downloads Updates over HTTP

2015-03-01 Thread Taylor Hornby
Piwik is an open-source web analytics tool. Its updater downloads and executes PHP code over an insecure (not-HTTPS) connection. The issue was reported on the public GitHub tracker in October of 2014 and remains unfixed. https://github.com/piwik/piwik/issues/6441 Code signing is implemented, but

[FD] Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities

2015-03-01 Thread Jing Wang
*Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities* Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory

[FD] Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities

2015-03-01 Thread Jing Wang
*Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Comsenz SupeSite CMS /cp.php do parameter Reflected XSS Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested

[FD] NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities

2015-03-01 Thread Jing Wang
*NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

[FD] XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617)

2015-03-01 Thread William Costa
I. VULNERABILITY - XSS Reflected vulnerabilities in Fortimail version 5.2.1 II. BACKGROUND - Fortinet’s industry-leading, Network Security Platforms deliver Next Generation Firewall (NGFW) security with exceptional throughput, ultra low latency, and

Re: [FD] Reflected File Download in AOL Search Website

2015-03-01 Thread Ricardo Iramar dos Santos
It seems was fixed. HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 22:21:31 GMT Server: Apache-Coyote/1.1 Content-Disposition: attachment; filename=autocomplete.txt Content-Type: application/x-suggestions+json;charset=UTF-8 Content-Language: en-US Content-Length: 34 Keep-Alive: timeout=5, max=69

[FD] upstart logrotate privilege escalation in Ubuntu Vivid (development)

2015-03-01 Thread halfdog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Although just reported to Ubuntu, this minor dev-branch issue was already made public. As the launchpad/lkml/... feed-miners should not play all the games alone, and as others may want to learn how beginner errors still make it into packages of

[FD] 0x08 SEC-T 2015: Call For Papers annoucement

2015-03-01 Thread Matt
The SEC-T Organizers are pleased to announce the start of the 2015 SEC-T 0x08 Call For Papers. The rules are pretty much the same as every year so save the deadline date and get cracking. ;) The SEC-T conference is an information security conference strongly rooted in the technical realm. Talks

[FD] GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server

2015-03-01 Thread Ron Gutierrez
GDS LABS ALERT: CVE-2015-2080 JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server SYNOPSIS Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data

[FD] Tor Browser 4.0.3 with websockets enabled by default?

2015-03-01 Thread Pablo
Hello, I am seeing that Tor Browser 4.0.3 apparently has the configuration of websocket of Firefox enabled (true) by default I think that this is something that should have been corrected a long time ago (Tor bug 5741). I think that this is a configuration bug. Am I wrong ? Link:

[FD] Vulnerabilities in Hikvision DS-7204HWI-SH

2015-03-01 Thread MustLive
Hello list! There are Abuse of Functionality and Brute Force vulnerabilities in Hikvision DS-7204HWI-SH. - Affected products: - Vulnerable is the next model: Hikvision DS-7204HWI-SH with different versions of firmware. -- Details: