|
|
Colapse all |
Post message
[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities 2015-06-05 alex_haynes outlook com Exploit Title: Wing FTP Server Cross-site Request Forgery vulnerabilities Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Cross-site Request Forgery [CWE-352] CVE Refere [ more ] [ reply ] CA20150604-01: Security Notice for CA Common Services 2015-06-04 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- CA20150604-01: Security Notice for CA Common Services Issued: June 4, 2015 CA Technologies Support is alerting customers to multiple potential risks with products that bundle CA Common Services on Unix/Linux platforms. A local attacker may exploit these vulnerab [ more ] [ reply ] [security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access 2015-06-04 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04695307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04695307 Version: 1 HPSBGN03343 re [ more ] [ reply ] CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] 2015-06-04 pan vagenas gmail com # Exploit Title: CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] # Date: 2015/06/01 # Exploit Author: Panagiotis Vagenas # Contact: https://twitter.com/panVagenas # Vendor Homepage: http://zanematthew.com/ # Software Link: https://downloads.wordpress.org/plugin/zm-aj [ more ] [ reply ] [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability 2015-06-05 alex_haynes outlook com Exploit Title: Wing FTP Server Remote Code Execution vulnerability Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Improper Control of Generation of Code [CWE-94] CVE Re [ more ] [ reply ] IBM Watson (Cognea) - XSS and Redirect Vulnerabilities 2015-06-04 jerold v00d00sec com # Vulnerability type: Cross-site Scripting & Redirect # Vendor: www.ibm.com # Product: IBM Watson Cloud Computing SaaS (Cognea) # Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/ # Credit: Jerold Hoong The logout.jsp page function of the IBM Watson (Cognea) SaaS application is vuln [ more ] [ reply ] [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) 2015-06-03 Pedro Ribeiro (pedrib gmail com) Hi, tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE. SysAid have informed me they all have been fixed in 15.2, but no re-test was performed. Full advisory below, and a copy can be obtained at [1]. 5 Metasploit modules have been released and currently awaiting merge in the moderat [ more ] [ reply ] [SECURITY] [DSA 3278-1] libapache-mod-jk security update 2015-06-03 Markus Koschany (apo gambaru de) ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability 2015-06-03 Security Alert (Security_Alert emc com) Local PHP File Inclusion in ResourceSpace 2015-06-03 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23258 Product: ResourceSpace Vendor: Montala Limited Vulnerable Version(s): 7.1.6513 and probably prior Tested Version: 7.1.6513 Advisory Publication: May 6, 2015 [without technical details] Vendor Notification: May 6, 2015 Vendor Patch: June 1, 2015 Public Disclosure: June 3, 20 [ more ] [ reply ] Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability 2015-06-03 banana88 inbox com Document Title: =============== Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1503 Release Date: ============= 2015-06-03 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] Safari Address Spoofing - Impact, Code, How It Works, History 2015-06-03 David Leo (david leo deusen co uk) Impact: "It works on fully patched versions of iOS and OS X" Reference: http://arstechnica.com/security/2015/05/safari-address-spoofing-bug-coul d-be-used-in-phishing-malware-attacks/ Code(JavaScript): function f() { location="http://www.dailymail.co.uk/home/index.html?random="+Math.rando m(); } set [ more ] [ reply ] WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability 2015-06-02 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1500 Release Date: ============= 2015-06-01 Vulnerability Laboratory ID (VL-ID): ================================= [ more ] [ reply ] vfront-0.99.2 CSRF & Persistent XSS 2015-06-02 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: ======================================================================== =========== vfront-0.99. [ more ] [ reply ] Enhanced SQL Portal 5.0.7961 XSS Vulnerability 2015-06-02 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt Vendor: www.eliacom.com www.eliacom.com/mysql-gui-download.php Product: Enhanced SQL Portal 5.0.7961 web based MySQL administration appli [ more ] [ reply ] Freebox OS Web interface 3.0.2 XSS, CSRF 2015-06-01 huyngocbk gmail com Hello list, Here are two CVEs I reported to Freebox, a french ISP: - CVE-2014-9382 - CSRF in VPN user account creation - CVE-2014-9405 - XSS Vulnerable product: Freebox OS Web interface 3.0.2. CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation =========== [ more ] [ reply ] t2'15: Call for Papers 2015 (Helsinki / Finland) 2015-06-01 Tomi Tuominen (tomi tuominen t2 fi) # # t2'15 - Call For Papers (Helsinki, Finland) - October 29 - 30, 2015 # Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without [ more ] [ reply ] CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] 2015-06-01 pan vagenas gmail com # Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] # Contact: https://twitter.com/panVagenas # Vendor Homepage: http://wpmembership.e-plugins.com/ # Software Link: http://codecanyon.net/item/wp-membership/10066554 # Version: 1.2.3 # Tested on: WordPress 4.2.2 # CVE: CVE-201 [ more ] [ reply ] CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] 2015-06-01 pan vagenas gmail com # Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] # Contact: https://twitter.com/panVagenas # Vendor Homepage: http://wpmembership.e-plugins.com/ # Software Link: http://codecanyon.net/item/wp-membership/10066554 # Version: 1.2.3 # Tested on: WordPress 4.2.2 # CV [ more ] [ reply ] WebDrive Buffer OverFlow PoC 2015-06-01 banana88 inbox com #!/usr/bin/python #Exploit Title:WebDrive Buffer OverFlow PoC #Author: metacom #Vendor Homepage: http://www.webdrive.com/products/webdrive/ #Software Link: https://www.webdrive.com/products/webdrive/download/ #Version: 12.2 (build # 4172) 32 bit #Date found: 31.05.2015 #Date published: 31.05.201 [ more ] [ reply ] Ektron CMS 9.10 SP1 - XSS Vulnerability 2015-05-31 jerold v00d00sec com # Vulnerability type: Cross-site Scripting # Vendor: http://www.ektron.com/ # Product: Ektron Content Management System # Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.102) # Patched version: 9.10 SP1 (Build 9.1.0.184.1.114) # Credit: Jerold Hoong # PROOF OF CONCEPT (XSS) Cross-site scripting [ more ] [ reply ] Ektron CMS 9.10 SP1 - CSRF Vulnerability 2015-05-31 jerold v00d00sec com # Vulnerability type: Cross-site Request Forgery # Vendor: http://www.ektron.com/ # Product: Ektron Content Management System # Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.114) # Patched version: 9.10 SP1 (Build 9.1.0.184.1.120) # CVE ID: CVE-2015-3624 # Credit: Jerold Hoong # PROOF OF CONCEP [ more ] [ reply ] [SECURITY] [DSA 3269-2] postgresql-9.1 regression update 2015-05-31 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3275-1] fusionforge security update 2015-05-30 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information 2015-05-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04521018 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04521018 Version: 1 HPSBMU03223 r [ more ] [ reply ] [security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information 2015-05-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04571454 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04571454 Version: 2 HPSBMU03261 r [ more ] [ reply ] |
|
Privacy Statement |
Product: Wing FTP Server
Vulnerable Versions: 4.4.6 and all previous versions
Tested Version: 4.4.6
Advisory Publication: 05/06/2015
Latest Update: 05/06/2015
Vulnerability Type: Improper Control of Generation of Code [CWE-94]
CVE Re
[ more ] [ reply ]