[FD] Komento Joomla! component Persistent XSS

CVE Reference: CVE-2015-7324 Original advisory: https://www.davidsopas.com/komento-joomla-component-persistent-xss/ Author: David Sopas @dsopas Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento

[FD] Charter Spectrum Business HTTP MITM

Hello, You probably don't need to be told otherwise, but do not trust Charter (or any ISP) with your HTTP traffic even if you're paying for a business connection and expect internet without tampering or analysis. I recently started receiving redirects to a Terms & Conditions page on IPv4 HTTP traf

[FD] Sicherheitslücke - Liferay Portal Enterprise Edition

Hey guys, during a penatrationtest I have found an unknown persistent xss in liferay portal backend. ## #General Information# ## Manufacture description: Liferay Portal is an enterprise-web-platform for the development of business solutions, which provides quic

[FD] ManageEngine ServiceDesk Plus <= 9.1 build 9110 - Path Traversal

Exploit Title: ManageEngine ServiceDesk Plus <= 9.1 build 9110 - Path Traversal Product: ManageEngine ServiceDesk Plus Vulnerable Versions: 9.1 build 9110 and previous versions Tested Version: 9.1 build 9110 (Windows) Advisory Publication: 03/10/2015 Vulnerability Type: Unauthenticated Path Travers

[FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome

This is a copied version of my blog post, original version http://justhaifei1.blogspot.com/2015/10/watch-your-downloads-risk-of-auto.html.Probably it's commonly known that when you try to download something on your modern browser e.g. Google Chrome or Microsoft Edge, the file will be downl

[FD] Qualys Security Advisory - OpenSMTPD Audit Report

(Sorry for the "CVE-2015-ABCD" place-holders in the report, but OpenSMTPD's developers were ready with the patches before MITRE was ready with the CVE-IDs.) Qualys Security Advisory OpenSMTPD Audit Report Contents ===

[FD] CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability

Document Title Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products === Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected (verified) versions: v7.2.2 -> v7.2.5 CVE ==

Re: [FD] Telegram - Multiple Vulnerabilities

Could you be a little more clear with the process for number 5, the account hijack and contact import? Isn't intercepting the 5-digit code sufficient to gain account takeover? -J > Date: Tue, 29 Sep 2015 18:53:52 -0300 > From: edu...@gmail.com > To: fulldisclosure@seclists.org > Subject: [FD] Tel

[FD] Apple Safari URI spoofing (CVE-2015-5764)

tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability (and more general a user interface spoofing). Apple released security updates for Safari 9 on OS X and assigned CVE-2015-5764. Accidentally this vulnerability was also present in iOS. Ins

[FD] WinRar Settings Import Command Execution

#!/usr/bin/python -w # Title : WinRar Settings Import Command Execution # Date : 02/10/2015 # Author : R-73eN # Tested on : Windows 7 Ultimate # Vulnerable Versions : Winrar < 5.30 beta 4 # The vulnerability exists in the "Import Settings From File" function. # Since Settings file of Winrar

[FD] Persistent XSS - Liferay Portal Enterprise Edition

Hey guys, during a penatrationtest I have found an unknown persistent xss in liferay portal backend. ## #General Information# ## Manufacture description: Liferay Portal is an enterprise-web-platform for the development of business solutions, which provides quic

Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability

In fact, a SXF file type can only try to access a specific URL (server's attacker). Then the attacker exploits a Microsoft's vulnerability (ms14-064). The WinRAR file doesn't allow RCE by itself. -- Hernán Möller http://nivel4.com 2015-09-28 5:39 GMT-03:00 Gynvael Coldwind : > Correct me if I

[FD] Blind SQL Injection in admin panel PHP-Fusion <= v7.02.07

= MGC ALERT 2015-002 - Original release date: September 18, 2015 - Last revised: October 05, 2015 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 (CVSS Base Score) = I. VULNERABILITY ---

Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome

Haifei Li, changing the default behavior to open a window asking the user where to save the file would change nothing. A "normal user" would just click the "save" button to save the file in the default folder. I also don't think it should be the browser's responsibility to look for potential mali

[FD] u-design wordpress theme DOM XSS

u-desing is a wordpress theme prone to DOM XSS vulnerability. Vendor url: http://themeforest.net/item/udesign-responsive-wordpress-theme/253220 versions between 2.7.9 – (Updated: 08.05.2015) and 2.3.0 – (Updated: 04.02.2014 - there are 40 of them) are vulnerable to DOM XSS which can be exploited

[FD] DDos Attack To Drop The Internet

If you were to have a botnet which were to flood random DNS queries for domains that did not exist to the list of DNS servers hosted on http://public-dns.tk/nameservers-all.txt then the root dns servers and the tld dns servers would be overwhelmed without any way to filter the packets, if they were

Re: [FD] Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome

"Haifei Li" wrote: > This is a copied version of my blog post, original version > http://justhaifei1.blogspot.com/2015/10/watch-your-downloads-risk-of-auto.html. > Probably it's commonly known that when you try to download > something on your modern browser e.g. Google Chrome or > Microsoft Edge,

Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability

"Gynvael Coldwind" wrote: > Correct me if I'm wrong, but the vulnerability can be summarized as: if you > run an untrusted .exe you might execute malicious code? Amen! > I hardly see this as giving anything new to the attacker who can just > create a malicious exe file, set the winrar sfx icon