Feed aggregator

Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin

BugTraq Latest Security Advisories - August 16, 2016 - 7:15am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...
Categories:

Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin

BugTraq Latest Security Advisories - August 16, 2016 - 7:08am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...
Categories:

Cross-Site Scripting in Link Library WordPress Plugin

BugTraq Latest Security Advisories - August 16, 2016 - 6:59am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Cross-Site Scripting in Link Library WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Reflected Cross-Site Scripting (XSS) vulnerability has been found...
Categories:

Ajax Load More Local File Inclusion vulnerability

BugTraq Latest Security Advisories - August 16, 2016 - 6:52am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Ajax Load More Local File Inclusion vulnerability
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that the Ajax Load More WordPress plugin is vulnerable...
Categories:

Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin

BugTraq Latest Security Advisories - August 16, 2016 - 6:46am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login
Redirect WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting...
Categories:

Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin

BugTraq Latest Security Advisories - August 16, 2016 - 6:38am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin
------------------------------------------------------------------------
Julien Rentrop, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was found that the Email Users WordPress...
Categories:

Cross-Site Scripting vulnerability in Google Maps WordPress Plugin

BugTraq Latest Security Advisories - August 16, 2016 - 6:31am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin
------------------------------------------------------------------------
Julien Rentrop, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...
Categories:

Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin

BugTraq Latest Security Advisories - August 16, 2016 - 6:25am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress
Plugin
------------------------------------------------------------------------
Umit Aksu, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in...
Categories:

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images

BugTraq Latest Security Advisories - August 16, 2016 - 6:18am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
deleting of images
------------------------------------------------------------------------
Umit Aksu, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Request Forgery...
Categories:

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images

BugTraq Latest Security Advisories - August 16, 2016 - 6:11am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
adding of images
------------------------------------------------------------------------
Umit Aksu, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Request Forgery vulnerability...
Categories:

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries

BugTraq Latest Security Advisories - August 16, 2016 - 6:03am

Posted by Summer of Pwnage on Aug 16

------------------------------------------------------------------------
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
deleting of galleries
------------------------------------------------------------------------
Umit Aksu, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Request Forgery...
Categories:

Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass

BugTraq Latest Security Advisories - August 15, 2016 - 9:07am

Posted by reggie . dodd30 on Aug 15

[TITLE]
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass

[CREDITS & AUTHORS]
Reginald Dodd
https://www.linkedin.com/in/reginalddodd

[VENDOR & PRODUCT]
Taser International Inc.
Axon Dock - Body-Worn Camera Docking Station
https://www.axon.io/products/dock

[SUMMARY]
The Axon Dock is the camera docking station component of Taser's body-worn camera system. It charges body-worn cameras
and automatically...
Categories:

PayPal Inc BB #127 - 2FA Bypass Vulnerability

BugTraq Latest Security Advisories - August 15, 2016 - 6:45am

Posted by Vulnerability Lab on Aug 15

Document Title:
===============
PayPal Inc BB #127 - 2FA Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1903

Release Date:
=============
2016-08-12

Vulnerability Laboratory ID (VL-ID):
====================================
1903

Common Vulnerability Scoring System:
====================================
6.2

Product & Service Introduction:
===============================...
Categories:

Stash v1.0.3 CMS - SQL Injection Vulnerability

BugTraq Latest Security Advisories - August 15, 2016 - 6:38am

Posted by Vulnerability Lab on Aug 15

Document Title:
===============
Stash v1.0.3 CMS - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1899

Release Date:
=============
2016-08-10

Vulnerability Laboratory ID (VL-ID):
====================================
1899

Common Vulnerability Scoring System:
====================================
6

Product & Service Introduction:
===============================
Stash...
Categories:

Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70

BugTraq Latest Security Advisories - August 15, 2016 - 5:10am

Posted by tal argoni on Aug 15

Security Advisory
CVE-ID: N/A
Topic: Reflected Cross Site Scripting (XSS) Vulnerability in
"successful registration" page
Class: Input Validation
Severity: Medium
Discovery: 2016-04-28
Vendor Notification: 2016-04-28
Vendor response: 2016-05-30
Vendor Patch: 2016-05-31
Public Announced: 2016-08-15
Credits: Tal Argoni, CEH from Triad Security [http://www.triadsec.com/]
Affects:...
Categories:

Linksys E2500 and E1200 (Unauth Command Injection)

BugTraq Latest Security Advisories - August 15, 2016 - 5:03am

Posted by samhuntley84 on Aug 15

Linksys E2500 and E1200 suffer from missing command injection issue in parental control parameters. This allows an
attacker to change the control the device remotely.

Combining the attack of no authorization control, it allows an attacker to actually execute unauthenticated command
injection attack and thus control the entire device.

More info at:
http://www.samuelhuntley.com/?p=141
http://www.samuelhuntley.com/?p=135

Initial disclosure...
Categories: