[FD] PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug

2015-08-01 Thread Jing Wang
PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug Exploit Title: PhotoPost PHP __utmz Cookie Stored XSS Web Security Vulnerability Product: PhotoPost PHP Vendor: PhotoPost Vulnerable Versions: 4.8c 4.8.6 4.8.5 4.8.2 3.1.1 vB3 Tested Version: 4.8c

[FD] Symantec Endpoint Protection

2015-08-01 Thread Markus Wulftange
Code White found several vulnerabilities in Symantec Endpoint Protection (SEP), affecting versions 12.1 prior to 12.1 RU6 MP1. SEP Manager (SEPM): * CVE-2015-1486: Authentication Bypass * CVE-2015-1487: Arbitrary File Write * CVE-2015-1488: Arbitrary File Read * CVE-2015-1489: Privilege

Re: [FD] Symantec Endpoint Protection

2015-08-01 Thread Brandon Perry
Do you have example requests for the SQL injections? On Jul 31, 2015, at 7:40 AM, Markus Wulftange markus.wulfta...@code-white.com wrote: Code White found several vulnerabilities in Symantec Endpoint Protection (SEP), affecting versions 12.1 prior to 12.1 RU6 MP1. SEP Manager (SEPM):

[FD] Vulnerability in VirtueMart for Joomla

2015-08-01 Thread MustLive
Hello list! This is Brute Force vulnerability in VirtueMart for Joomla. Which is at order details page. - Affected products: - Vulnerable are VirtueMart 3.0.9 for Joomla and previous versions. -- Details: -- Brute Force