[FD] Zamfoo Multiple Arbitrary Command Executions

# Title: Zamfoo Multiple Arbitrary Command Executions # Author: Al-Shabaab # Vendor Homepage: http://www.zamfoo.com/ # Version: 12.6 # Intro The ZamFoo software suite is a series of WHM plugin modules (also known as WHM addon modules) catered towards easing the burden of web hosting providers

Re: [FD] Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC

Hi, after analyzing the PoC script we (maintainers of the Ruby OpenSSL extension) consider CVE-2014-2734 to be invalid. Others have independently arrived at the same conclusion: [1][2] You may find a summary of our analysis at [3]. Regards, Martin Boßlet [1] https://github.com/adrienthebo/cve-20

[FD] OAuth 2.0 and OpenID vulnerable to Covert Redirect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 While we're still recovering (or benefiting, to some) from the sting of Heartbleed, this makes an appearance: http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html c|net writeup: http://www.cnet.com/news/serious-security-flaw-in-oau

Re: [FD] F5 BIG-IQ authed arbitrary user password change

Nm on ExploitHub. Here is the module: https://gist.github.com/brandonprry/2e73acd63094fa2a4f63 On Thu, May 1, 2014 at 5:10 PM, Brandon Perry wrote: > Hi, > > Detailed at this blog post (with pics!) is a vulnerability within F5 > BIG-IQ 4.1.0.2013.0. > > > http://volatile-minds.blogspot.com/201