[FD] F5 ASM JSON Profile Bypass

2015-05-05 Thread Peter Lapp
Details === Product: F5 BIG-IP Application Security Manager (ASM) Vulnerability: Web Application Firewall Bypass Author: Peter Lapp, lappsec () gmail com CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Should apply to all releases. Fixed Version: None Summary === The

[FD] [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL

2015-05-05 Thread Pedro Ribeiro
tl;dr heap and integer overflows in ICU, many packages affected, unknown if these can be exploited or not - everyone names vulns nowadays, so I name these I-C-U-FAIL. Hi, I have found two vulnerabilities in the ICU library while fuzzing LibreOffice, full details in the advisory below. Disclosure

[FD] vPhoto-Album v4.2 iOS - File Include Web Vulnerability

2015-05-05 Thread Vulnerability Lab
Document Title: === vPhoto-Album v4.2 iOS - File Include Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1477 Release Date: = 2015-05-05 Vulnerability Laboratory ID (VL-ID):

[FD] Fortinet FortiAnalyzer FortiManager - Client Side Cross Site Scripting Vulnerability

2015-05-05 Thread Vulnerability Lab
Document Title: === Fortinet FortiAnalyzer FortiManager - Client Side Cross Site Scripting Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1354 Security Bulletin FortiGuard: