[FD] SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP

2015-01-22 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20150122-0 > === title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced (SDCS:SA) Sy

[FD] Program-O v2.4.6 - Multiple Web Vulnerabilities

2015-01-22 Thread Vulnerability Lab
Document Title: === Program-O v2.4.6 - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1414 Release Date: = 2015-01-21 Vulnerability Laboratory ID (VL-ID): 1

[FD] PhotoSync 1.1.3 Android - Command Inject Vulnerability

2015-01-22 Thread Vulnerability Lab
Document Title: === PhotoSync 1.1.3 Android - Command Inject Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1410 Release Date: = 2015-01-21 Vulnerability Laboratory ID (VL-ID): ===

Re: [FD] full name disclosure information leak in google drive

2015-01-22 Thread forgottenpassword
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 You can use the "forgot password" feature on a google account to find out someone's full name. Test it out for yourself: https://www.google.com/accounts/recovery/ Select "I don't know my password" Enter bonsaivik...@gmail.com (or another gmail addr

[FD] CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities

2015-01-22 Thread Jing Wang
*CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities* Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities Product: SmartCMS v.2 Vendor: Smartwebsites Vulnerable Versions: v.2 Tested Version: v.2 Advisory Publication: Jan 22, 2015 Latest Upda

[FD] CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2015-01-22 Thread Jing Wang
*CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities Product: SmartCMS v.2 Vendor: Smartwebsites Vulnerable Versions: v.2 Tested Version: v.2 Advisory Publication: Jan 22, 2015 Latest U

[FD] Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities

2015-01-22 Thread Jing Wang
*Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities* *Domains Basic:* Alibaba Taobao, AliExpress, Tmall are the top three online shopping websites belonging to Alibaba. Vulnerability Discover: Wang Jing, Division of Mathematical Scie

[FD] Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha

2015-01-22 Thread Steffen Rösemann
Advisory: Advisory ID: SROEADV-2015-10 Author: Steffen Rösemann Affected Software: ferretCMS v. 1.0.4-alpha Vendor URL: https://github.com/JRogaishio/ferretCMS Vendor Status: vendor will patch eventually CVE-ID: - Tested on: - Firefox 35, Iceweasel 31 - Mac OS X 10.10, Kali Linux 1.0.9a

[FD] IT Hot Topics 2015 Call for Papers

2015-01-22 Thread Squirrel Herder Productions
Carolina Advanced Digital, Inc. has opened the CFP for their 13th annual IT HotTopics Conference and Golf Torney, at the stunni