|
|
Colapse all |
Post message
Multiple CSRF Horde Groupware Web mail Edition 5.1.2 2013-10-28 m benetrix e-secure com au ############################# Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail ############################# GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, ent [ more ] [ reply ] Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014) 2013-10-27 2014 Symposium on Protocols and Rules for Security \(SPRS2014\) (cis scirpinfo org) <span id="unSub" style="FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica,sans-serif; line-height:20px;">This message was sent to [bugtraq (at) securityfocus (dot) com [email concealed]]. <a href="http://www.member.scirp.org/member/transferParameterAction.action? personID=7835691&identifier=5DFD5F85E4BE67FA9AE938BDE3C7410710 [ more ] [ reply ] [CVE-2012-6297] DD-WRT v24-sp2 Command Injection 2013-10-27 Craig Young (vuln-report secur3 us) Unfortunately command injections like the NETGEAR one Zachary Cutlip and I both came across are all too common in embedded systems. Similar to NETGEAR and Linksys having commands injected when running ping, I have also noticed that DD-WRT v24-sp2 is prone to command injection from specially crafted [ more ] [ reply ] Call for Papers, 2014 Symposium on Cryptography and Authentication (SCA2014) , Suzhou, China 2013-10-27 2014 Symposium on Cryptography and Authentication \(SCA2014\) (cis so1 org) <span id="unSub" style="FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica,sans-serif; line-height:20px;">This message was sent to [bugtraq (at) securityfocus (dot) com [email concealed]]. <a href="http://www.member.scirp.org/member/transferParameterAction.action? personID=7835691&identifier=5DFD5F85E4BE67FA9AE938BDE3C7410710 [ more ] [ reply ] [ISecAuditors Security Advisories] XSS vulnerability in LinkedIn 2013-10-28 ISecAuditors Security Advisories (advisories isecauditors com) ============================================= INTERNET SECURITY AUDITORS ALERT 2013-003 - Original release date: March 3rd, 2013 - Last revised: March 10th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Score) ============================================= I. VULNERABIL [ more ] [ reply ] Paypal Inc Bug Bounty #104 - Persistent Exception Vulnerability 2013-10-26 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Paypal Inc Bug Bounty #104 - Persistent Exception Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1038 PayPal Security UID: gJ1127yy Release Date: ============= 2013-10-26 Vulnerability Laboratory ID ( [ more ] [ reply ] [SECURITY] [DSA 2787-1] roundcube security update 2013-10-27 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 2785-1] chromium-browser security update 2013-10-26 Michael Gilbert (mgilbert debian org) Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability 2013-10-26 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability Release Date: ============= 2013-10-26 Vulnerability Laboratory ID (VL-ID): ==================================== 1119 Common Vulnerability Scoring System: ==================================== 3 [ more ] [ reply ] Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities 2013-10-26 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1120 Release Date: ============= 2013-10-26 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution 2013-10-25 nospam gmail it Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution tested against: Microsoft Windows Server 2008 R2 sp1 download url: http://www.symantec.com/it/it/products-solutions/trialware/ file tested: Symantec_Workspace_Streaming_7.5.0.493.zip vulnerability: t [ more ] [ reply ] DC4420 - London DEFCON - October meet - Tuesday 29th October 2013 2013-10-25 Major Malfunction (majormal pirate-radio org) doesn't time fly when you're hacking fun? on a very topical note, this month we have: Tuesday 29th October, 2013: 1st Speaker: Tony Naggs Title: How the NSA (maybe) spies on your web shopping, email, social and business networks Synopsis: Since the recent revelations about the extent of the [ more ] [ reply ] [SECURITY] [DSA 2783-2] librack-ruby regression update 2013-10-24 Salvatore Bonaccorso (carnil debian org) CA20131024-01: Security Notice for CA SiteMinder 2013-10-24 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- CA20131024-01: Security Notice for CA SiteMinder Issued: October 24, 2013 CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability, CVE-2013-5 [ more ] [ reply ] [WorldCIST'14]: World Conference on IST; Proceedings by Springer 2013-10-24 Maria Lemos (marialemos72 gmail com) [ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30 2013-10-24 ISecAuditors Security Advisories (advisories isecauditors com) ============================================= INTERNET SECURITY AUDITORS ALERT 2013-011 - Original release date: March 21st, 2013 - Last revised: March 21st, 2013 - Discovered by: Manuel García Cárdenas - Severity: 5/10 (CVSS Base Score) - CVE-ID: CVE-2013-2652 ===================================== [ more ] [ reply ] RPS/APS vulnerability in snom/yealink and others 2013-10-23 Cal Leeming \[Simplicity Media Ltd\] (cal leeming simplicitymedialtd co uk) (1 replies) Hello, Discovered a vulnerability that allows for hundreds of thousands of SIP accounts to be compromised remotely. Found a year ago, partial vendor fixes but still vuln as of today, disclosed a few hours ago exclusively to the FreeSWITCH community - 23rd Oct 2013. Live disclosure can be seen her [ more ] [ reply ] Re: RPS/APS vulnerability in snom/yealink and others 2013-10-24 Cal Leeming \[Simplicity Media Ltd\] (cal leeming simplicitymedialtd co uk) ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability 2013-10-23 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability EMC Identifier: ESA-2013-067 CVE Identifier: CVE-2013-3280 Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:M [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability 2013-10-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IOS XR Software Route Processor Denial of Service Vulnerability Advisory ID: cisco-sa-20131023-iosxr Revision 1.0 For Public Release 2013 October 23 16:00 UTC (GMT) ====================================================================== Summ [ more ] [ reply ] Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products 2013-10-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products Advisory ID: cisco-sa-20131023-struts2 Revision 1.0 For Public Release 2013 October 23 16:00 UTC (GMT) ===================================================================== [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Identity Services Engine 2013-10-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco Identity Services Engine Advisory ID: cisco-sa-20131023-ise Revision 1.0 For Public Release 2013 October 23 16:00 UTC (GMT) ====================================================================== Summary - ------- [ more ] [ reply ] Cross-Site Scripting (XSS) in GuppY 2013-10-23 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23176 Product: GuppY Vendor: GuppY Vulnerable Version(s): 4.6.26 and probably prior Tested Version: 4.6.26 Advisory Publication: October 2, 2013 [without technical details] Vendor Notification: October 2, 2013 Vendor Patch: October 12, 2013 Public Disclosure: October 23, 2013 Vu [ more ] [ reply ] AusCERT2014: Call for Presentations NOW OPEN 2013-10-23 auto-bulletins auscert org au -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Greetings, AusCERT is pleased to announce the Call for Presentations for AusCERT2014, the 13th annual AusCERT Information Security conference, is now open. == AusCERT 2014 == The 13th Annual AusCERT Information Security Conference, AusCERT2014, [ more ] [ reply ] |
|
Privacy Statement |
#
# Title: vBulletin remote admin injection exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Coded: 17 September 2013
# Published: 24 October 2013
# MorXploit Research
# http://www.MorXploit.com
#
# Vendor: vBulletin (www.vbulletin.com)
# Version: 4.1.x / 5.x.x
[ more ] [ reply ]