[FD] Aleph Research: Google Nexus 9 Cypress SAR Firmware Injection via I2C (CVE-2017-0563)

Title: Google Nexus 9 Cypress SAR Firmware Injection via I2C Identifier: CVE-2017-0563 Product: === Google Nexus 9 Vulnerable Version: Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation: = Install N4F27B or

[FD] https://blogs.securiteam.com/index.php/archives/3171

SSD Advisory – CloudBees Jenkins Unauthenticated Code Execution Link to the blog post: https://blogs.securiteam.com/index.php/archives/3171 Vulnerability Summary The following advisory describes Java deserialization vulnerability found in CloudBees Jenkins version 2.32.1 that leads to a Remote Cod

[FD] SSD Advisory – Serviio Media Server Multiple Vulnerabilities

SSD Advisory – Serviio Media Server Multiple Vulnerabilities Link to the blog post: https://blogs.securiteam.com/index.php/archives/3094 Vulnerabilities Summary The following advisory describes a five (5) vulnerabilities found in Serviio Media Server. Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1

[FD] DefenseCode ThunderScan SAST Advisory: WordPress WebDorado Gallery Plugin SQL Injection Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin SQL Injection Vulnerability Advisory ID: DC-2017-02-011 Software: WordPress WebDorado Gallery Plugin Software Language: PHP Version: 1.3.29 and below Vendor Status: Vendor contacted,

[FD] DefenseCode ThunderScan SAST Advisory: WordPress Spider Event Calendar Plugin SQL Injection Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress Spider Event Calendar Plugin SQL Injection Vulnerability Advisory ID: DC-2017-01-017 Software: WordPress Spider Event Calendar Plugin Software Language: PHP Version: 1.5.49 and below Vendor Status: Vendor c

[FD] DefenseCode ThunderScan SAST Advisory: WordPress Facebook Plugin SQL Injection Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress Facebook Plugin SQL Injection Vulnerability Advisory ID: DC-2017-04-011 Software: WordPress Facebook Plugin Software Language: PHP Version: 1.0.13 and below Vendor Status: Vendor contacted, vulnerability

[FD] [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin

# [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin ## Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by Opensolutions and distributed under the GNU/GPL license vers

[FD] [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15

# [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 ## Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by Opensolutions and distributed under the GNU/

[FD] [oss-security]Sourcetree arbitrary command execution

Hi there, I would report a sourcetree arbitrary command execution Sourcetree is a popular git gui client,and I found a command execution two month ago, and I report to the official atlassian but the told me they have known this vulnerability internal tracker and they will fix it in next version

Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP

Can't you just run the app in an Android emulator and shark it? Sent from my iPhone > On Apr 30, 2017, at 06:02, secli...@email.tg wrote: > > I have a further update on the issue. After uninstalling the 360 security > android app, I found after repeated checks of Network Info on my phone via >

Re: [FD] Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability

> On May 3, 2017, at 6:07 AM, Vulnerability Lab > wrote: > > Document Title: > === > Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability > > > References (Source): > > https://www.vulnerability-lab.com/get_content.php?id=2061 > > IEDB: http://iedb.ir/ex