[FD] WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities

2017-09-04 Thread Vulnerability Lab
Document Title: === WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities References (Source): https://www.vulnerability-lab.com/get_content.php?id=1941 Release Date: = 2017-08-18 Vulnerability Laboratory ID (VL-ID):

[FD] Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability

2017-09-04 Thread Vulnerability Lab
Document Title: === Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2074 ID: FB49498 Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/ http://web

[FD] Play TV v1.25.1(Build r123776) - DLL Hijack Vulnerability

2017-09-04 Thread Vulnerability Lab
Document Title: === Play TV v1.25.1(Build r123776) - DLL Hijack Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2085 Release Date: = 2017-09-04 Vulnerability Laboratory ID (VL-ID): ==

[FD] CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution

2017-09-04 Thread hyp3rlinx
[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt [+] ISR: apparitionSec Vendor: === www.cesanta.com Product: == Mongoose Web Server

[FD] DNSMap.sh - 0.1 - enumerate DNS hostnames faster | release announcement.

2017-09-04 Thread Levi Shahar
HI list. I wrote a script to enumerate dns hostnames faster using only 100~ LOC. this is an alternative to the good old dnsmap by pagvac. The source code is here: https://github.com/bindh3x/dnsmap.sh --bindh3x ___ Sent through the Full Disclosure mail

[FD] "VirusTotal Windows Uploader" poor design of privacy

2017-09-04 Thread Eitan Caspi via Fulldisclosure
Somethingto share with you, which I am not sure is known enough:   Recently,while I was tweaking a network monitoring systems, I noticed an upload of afile that its name included a full local Windows file path, ending with a nameof a file I uploaded to VirusTotal, using their Windows applicati

[FD] Hijacking .uk domains with eNom

2017-09-04 Thread Joseph Harris
the m group security advisory [2017090100]: Zero-confirmation inter-account transfers of .uk domains with eNom * Discovery date: 2017-05-02 * Publish date: 2017-09-01 (+122 days) * Product: https://www.enom.com/, the website for eNom Inc. and their APIs, all eNom resellers * Vulnerable: yes, as of

[FD] SEC-T 0x0Anniversary Con next week

2017-09-04 Thread mattias bååth via Fulldisclosure
Hey all, We're really happy about our speaker lineup this year, but we already sold out apart from a few tickets to our pre-conference Training on malware reversal. However, we will be broadcasting the entire conference live, including interviews with the speakers. Now if you have a hackspace or

[FD] Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-)

2017-09-04 Thread Peter Weidenbach
Document Title: === Authentication Bypass in Xerox Printers – It is not a bug! It is a legacy feature ;-) Description: Xerox enforces authentication before updating a firmware or install a configuration file (clone file) in recent firmware versions. That seems quite reason

[FD] Asterisk vulnerable to RTP Bleed

2017-09-04 Thread Sandro Gauci
# Asterisk vulnerable to RTP Bleed - Authors: - Klaus-Peter Junghanns - Sandro Gauci - Vulnerable version: Asterisk 11.4.0 to 14.6.1 (fix incomplete) - References: AST-2017-005, CVE-2017-14099 - Advisory URL: