I. VULNERABILITY
-
Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS)
II. CVE REFERENCE
-
CVE-2018-11690
III. VENDOR
-
https://extensions.joomla.org/extension/gridbox/
IV. REFERENCES
Hi,
We have discovered and responsibly disclosed several high severity
vulnerabilities in Foscam IP Camera models. The vulnerabilities, chained
together, allow an attacker to execute commands as root over the network.
A technical blog post with the vulnerabilities' details can be found at
http
Thanks Yavuz,
this appears to have been addressed in 3.9.2 release of OpenFire in May
2014.
I'm unable to reproduce in OpenFire 4.2.3.
I would strongly suggest running the latest version of OpenFire (4.2.3 at
time of writing) as there were multiple XSS and other security issues
(missing CSRF for
Dear subscribers,
we've migrated our public disclosure workflow to full-disclosure and are
catching up on publishing recent vulnerabilities through this channel. Feel
free to join our bug bounty programs (open-xchange, dovecot, powerdns) at
HackerOne.
Yours sincerely,
Martin Heiland, Open-Xch
Document Title:
===
Reflected XSS on ESPN site
PoC:
===
1) Navigate to the following URL:
http://cdn.espn.com/core/standalone/webview?partial=%22%3E%3Cimg%20src%3D1%20onerror%3Dalert(1337)%3E%2F%2F&appsrc=sc&lang=en®ion=us&platform=ios
2) Note that the form alerts
# (CVE-2018-8819)
## Product Description
WebCTRL is a BACnet native, intelligent, HVAC and energy control system for
your building. A proven, industry-leading system, the WebCTRL® building
automation system gives you the ability to fully understand your operations
and analyze the results with tool
The ClassLink OneClick Browser Extension and the ClassLink Agent are vulnerable
to Universal XSS and Remote Code Execution. Vendor has released software
updates to fix both vulnerabilities on 3 June 2018.
=== Vendor ===
ClassLink: https://www.classlink.com
=== Vulnerability #1: Universal XSS th
DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker
Plugin Multiple Security Vulnerabilities
Advisory ID:DC-2018-05-004
Advisory Title: WordPress Contact Form Maker Plugin Multiple
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: Wor
DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin
Multiple Security Vulnerabilities
Advisory ID:DC-2018-05-001
Advisory Title: WordPress Form Maker Plugin Multiple Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Form Maker p
libfsntfs multiple vulnerabilities
Author : Webin security lab - dbapp security Ltd
===
Introduction:
=
libfsntfs is a library to access the New Technology File System (NTFS).
Affected version:
=
20180420
Vulnerability Description:
libpff vulnerability
Author : Webin security lab - dbapp security Ltd
===
Introduction:
=
libpff is a library to access the Personal Folder File (PFF) and the Offline
Folder File (OFF) format.
These format are used by Microsoft Outlook to store email, c
Hello All,
We have decided to release to the public domain our SRP-2018-01 security
research project related to the security of STMicroelectronics chipsets.
The research material (70+ pages long technical paper accompanied by two
reverse engineering tools) can be downloaded from the SRP sectio
12 matches
Mail list logo
