[FD] [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

2015-06-10 Thread RedTeam Pentesting GmbH
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate

[FD] [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

2015-06-10 Thread RedTeam Pentesting GmbH
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request

[FD] Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability

2015-06-10 Thread Vulnerability Lab
Document Title: === Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1323 Video: http://www.vulnerability-lab.com/get_content.php?id=1336 Vulnerability Magazine:

[FD] Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin

2015-06-10 Thread Larry W. Cashdollar
Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and

[FD] Authentication Bypass in Pandora FMS

2015-06-10 Thread Manuel Mancera
Authentication Bypass in Pandora FMS Information Name: Pandora FMS - Authentication Bypass Affected Software : Pandora FMS Affected Versions: 5.0,

[FD] 2 vulns 1 line in RNCryptor (PHP) + Call to Action

2015-06-10 Thread Scott Arciszewski
Hi Full Disclosure, From their page (https://rncryptor.github.io): RNCryptor is a data format specificiation for AES encryption, with AES-256, random-salted PBKDF2, AES-CBC, random IV, and HMAC. It has implementations in several languages. Their PHP implementation has two vulnerabilities in