date:20150812

[FD] Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)

2015-08-12 Thread Vantage Point Security

Vantage Point Security Advisory 2015-001 Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: <9.2, <10.5.2, <11.0.1. Severity: Low to medium Vendor notified: Yes Reported:

[FD] Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM

2015-08-12 Thread Dawid Golunski

= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161 = I. VULNERABILITY - Zend Framework <= 2.4.2 XML eXternal Entity Injection (XX

[FD] Update: Backdoor and RCE found in 8 TOTOLINK router models

2015-08-12 Thread Pierre Kim

Hello, This is an update to: - Backdoor and RCE found in 8 TOTOLINK router models (http://seclists.org/fulldisclosure/2015/Jul/80 ) - Backdoor credentials found in 4 TOTOLINK router models (http://seclists.org/fulldisclosure/2015/Jul/79 ) - 4 TOTOLINK router models vulnerable to CSRF and XSS

Re: [FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)

2015-08-12 Thread Scott Arciszewski

On Wed, Aug 12, 2015 at 9:48 AM, dxw Security wrote: > Details > > Software: OAuth2 Complete For WordPress > Version: 3.1.3 > Homepage: http://wordpress.org/plugins/oauth2-provider/ > Advisory report: > https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-

[FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)

2015-08-12 Thread dxw Security

Details Software: OAuth2 Complete For WordPress Version: 3.1.3 Homepage: http://wordpress.org/plugins/oauth2-provider/ Advisory report: https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-

Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)

2015-08-12 Thread dxw Security

Ah yes - sorry about that. Should indeed be 2015-08-10 I’ve corrected in our published advisory: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/

[FD] BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability

2015-08-12 Thread Blue Frost Security Research Lab

Blue Frost Security GmbH https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de BFS-SA-2015-001 12-August-2015 Vendor: Micros

[FD] Open source tool for applying Google Chrome security updates

2015-08-12 Thread David Leo

The Problem If you are a network administrator, keeping browser updated is the first thing to do for security. Chrome is a very good browser, but it's a little bit complicated to answer this simple question: what is the version of the latest stable Chrome? And for people in places such as China

[FD] [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery

2015-08-12 Thread Onapsis Research Labs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault Keystream Recovery 1. Impact on Business - - By exploiting this vulnerability an attacker with access to a vulnerable mobile device would be able to decrypt crede

[FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage

2015-08-12 Thread Onapsis Research Labs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 1. Impact on Business - - By exploiting this vulnerability an attacker with access to a vulnerable mobile devic

[FD] [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values

2015-08-12 Thread Onapsis Research Labs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Onapsis Security Advisory 2015-011: SAP Mobile Platform DataVault Predictable encryption passwordsfor Configuration Values 1. Impact on Business - - By exploiting this vulnerability an attacker with access to a vulnerable mobile

[FD] bizidea Design CMS 2015Q3 - SQL Injection Vulnerability

2015-08-12 Thread Vulnerability Lab

Document Title: === bizidea Design CMS 2015Q3 - SQL Injection Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1571 Release Date: = 2015-08-12 Vulnerability Laboratory ID (VL-ID): ==

[FD] Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)

[FD] Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM

[FD] Update: Backdoor and RCE found in 8 TOTOLINK router models

Re: [FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)

[FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)

Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)

[FD] BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability

[FD] Open source tool for applying Google Chrome security updates

[FD] [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery

[FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage

[FD] [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values

[FD] bizidea Design CMS 2015Q3 - SQL Injection Vulnerability

12 matches

Site Navigation

Mail list logo

Footer information