[FD] Apache vulnerability program faulting module ntdll.dll

2015-06-11 Thread Bruno Luiz
Subversion HTTP servers allow spoofing svn:author property values for new revisions. Summary: Subversion's mod_dav_svn server allows setting arbitrary svn:author property values when committing new revisions. This can be accomplished using a specially crafted sequence of

[FD] SAP Security Notes June 2015

2015-06-11 Thread Darya Maenkova
SAP http://www.sap.com/has released the monthly critical patch update for June 2015. This patch update closes a lot of vulnerabilities in SAP products. The most popular vulnerability is Missing Authorization Check. This month, three critical vulnerabilities found by ERPScan researchers Vahagn

[FD] 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities

2015-06-11 Thread Jing Wang
*6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities* Exploit Title: 6kbbs Weak Encryption Web Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1 v8.0 Tested Version: v7.1 v8.0 Advisory Publication: June 08, 2015 Latest Update: June 10, 2015

[FD] [KIS-2015-01] Concrete5 = 5.7.3.1 (sendmail) Remote Code Execution Vulnerability

2015-06-11 Thread Egidio Romano
--- Concrete5 = 5.7.3.1 (sendmail) Remote Code Execution Vulnerability --- [-] Software Link: https://www.concrete5.org/ [-] Affected Versions: Version 5.7.3.1 and

[FD] [KIS-2015-02] Concrete5 = 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities

2015-06-11 Thread Egidio Romano
Concrete5 = 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities [-] Software Link: https://www.concrete5.org/ [-] Affected

[FD] [KIS-2015-03] Concrete5 = 5.7.4 (Access.php) SQL Injection Vulnerability

2015-06-11 Thread Egidio Romano
--- Concrete5 = 5.7.4 (Access.php) SQL Injection Vulnerability --- [-] Software Link: https://www.concrete5.org/ [-] Affected Versions: Version 5.7.3.1, 5.7.4, and probably other

[FD] XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )

2015-06-11 Thread Stas Volfus
Advisory: Adobe Connect Reflected XSS Author: Stas Volfus (Bugsec Information Security LTD) Vendor URL: http://www.adobe.com/ Status: Vendor Notified == Vulnerability Description == Adobe

[FD] FC2 Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities

2015-06-11 Thread Jing Wang
*FC2 Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities * FC2 and Rakuten are the first and second top ranking Japanese local online websites. This post introduces several XSS (Cross-site Scripting) and Open Redirect bugs of them. The Alexa

[FD] D-Link DSP-W110 - multiple vulnerabilities

2015-06-11 Thread Peter Adkins
D-Link DSP-W110 - multiple vulnerabilities Discovered by: Peter Adkins peter.adk...@kernelpicnic.net Access: Local network; unauthenticated access. Tracking and identifiers: CVE - None allocated. Platforms / Firmware confirmed affected: D-Link DSP-W110