Feed aggregator

Bugtraq: Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability

Security Focus Latest Security Advisories - February 3, 2016 - 10:00pm
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability
Categories:

Bugtraq: SimpleView CRM - Client Side Open Redirect Vulnerability

Security Focus Latest Security Advisories - February 3, 2016 - 10:00pm
SimpleView CRM - Client Side Open Redirect Vulnerability
Categories:

Security Advisories

BugTraq Latest Security Advisories - February 3, 2016 - 9:54am

Posted by Portcullis Advisories on Feb 03

Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300
CVE: CVE-2014-2045
Vendor: Viprinet
Product: Multichannel VPN Router 300
Affected version: 2013070830/2013080900
Fixed version: 2014013131/2014020702
Reported by: Tim Brown
Details:

The data supplied to both the `old' and `new' web applications (the device has two web based management
interfaces) was permanently stored and...
Categories:

Soso Transfer v1.1 iOS - Denial of Service Vulnerability

BugTraq Latest Security Advisories - February 3, 2016 - 9:08am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
Soso Transfer v1.1 iOS - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1703

Release Date:
=============
2016-02-02

Vulnerability Laboratory ID (VL-ID):
====================================
1703

Common Vulnerability Scoring System:
====================================
3

Product & Service Introduction:...
Categories:

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

BugTraq Latest Security Advisories - February 3, 2016 - 8:52am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1704

Release Date:
=============
2016-02-03

Vulnerability Laboratory ID (VL-ID):
====================================
1704

Common Vulnerability Scoring System:
====================================
7.3

Product & Service Introduction:...
Categories:

SimpleView CRM - Client Side Open Redirect Vulnerability

BugTraq Latest Security Advisories - February 3, 2016 - 8:38am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
SimpleView CRM - Client Side Open Redirect Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1668

Release Date:
=============
2016-02-02

Vulnerability Laboratory ID (VL-ID):
====================================
1668

Common Vulnerability Scoring System:
====================================
2.8

Product & Service Introduction:...
Categories:

Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability

BugTraq Latest Security Advisories - February 3, 2016 - 8:20am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1464

ID: #14770

Release Date:
=============
2016-02-02

Vulnerability Laboratory ID (VL-ID):
====================================
1564

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...
Categories:

Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability

BugTraq Latest Security Advisories - February 3, 2016 - 8:08am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1705

Release Date:
=============
2016-02-03

Vulnerability Laboratory ID (VL-ID):
====================================
1705

Common Vulnerability Scoring System:
====================================
5.8

Product & Service Introduction:...
Categories:

Bugtraq: Mezzanine CMS 4.1.0 XSS

Security Focus Latest Security Advisories - February 3, 2016 - 8:00am
Mezzanine CMS 4.1.0 XSS
Categories:

Bugtraq: Mezzanine CMS 4.1.0 Arbitrary File Upload

Security Focus Latest Security Advisories - February 3, 2016 - 6:00am
Mezzanine CMS 4.1.0 Arbitrary File Upload
Categories:

Bugtraq: ASUS RT-N56U Persistent XSS

Security Focus Latest Security Advisories - February 3, 2016 - 6:00am
ASUS RT-N56U Persistent XSS
Categories:

Bugtraq: TimeClock - Multiple SQL Injections

Security Focus Latest Security Advisories - February 3, 2016 - 6:00am
TimeClock - Multiple SQL Injections
Categories:

Mezzanine CMS 4.1.0 XSS

BugTraq Latest Security Advisories - February 3, 2016 - 4:10am

Posted by hyp3rlinx on Feb 03

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-XSS.txt

Vendor:
===================
mezzanine.jupo.org

Product:
================
Mezzanine 4.1.0

Mezzanine is an open source CMS built using the python based Django framework.

Vulnerability Type:
===================
XSS

CVE Reference:
==============
N/A

Vulnerability Details:
=====================

XSS entry...
Categories:

Mezzanine CMS 4.1.0 Arbitrary File Upload

BugTraq Latest Security Advisories - February 3, 2016 - 3:54am

Posted by hyp3rlinx on Feb 03

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-ARBITRARY-FILE-UPLOAD.txt

Vendor:
===================
mezzanine.jupo.org

Product:
================
Mezzanine 4.1.0

Mezzanine is an open source CMS built using the python based Django framework.

Vulnerability Type:
=====================
Arbitrary File Upload

CVE Reference:
==============
N/A

Vulnerability...
Categories:

ASUS RT-N56U Persistent XSS

BugTraq Latest Security Advisories - February 3, 2016 - 3:39am

Posted by graphx on Feb 03

# Exploit Title: ASUS RT-N56U Persistent XSS
# Date: 2/2/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://asus.com/
# Version: 3.0.0.4.374_239

1 Description:
It is possible for an authenticated attacker to bypass input sanitation in
the username input field of the Server Center page. An interception proxy
is not required with the use of the developer console and changing the
field value of the username after the third verification task...
Categories:

TimeClock - Multiple SQL Injections

BugTraq Latest Security Advisories - February 3, 2016 - 3:24am

Posted by marcelabx on Feb 03

#############################
Exploit Title : Multiple SQL injections
Author:Marcela Benetrix
Date: 02/03/2016
version: 0.995 (older version may be vulnerable too)
software link:http://timeclock-software.net

#############################
Timeclock software

Timeclock-software.net's free software product will be a simple solution to allow your employees to record their time
in one central location for easy access....
Categories:

[SECURITY] [DSA 3465-1] openjdk-6 security update

BugTraq Latest Security Advisories - February 3, 2016 - 3:14am

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-3465-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-6
CVE ID : CVE-2015-7575 CVE-2016-0402...
Categories:

Bugtraq: MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS

Security Focus Latest Security Advisories - February 3, 2016 - 3:00am
MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS
Categories:

Bugtraq: Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability

Security Focus Latest Security Advisories - February 3, 2016 - 3:00am
Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability
Categories:

Bugtraq: WebKitGTK+ Security Advisory WSA-2016-0001

Security Focus Latest Security Advisories - February 3, 2016 - 3:00am
WebKitGTK+ Security Advisory WSA-2016-0001
Categories: