Core Security - Corelabs Advisory
http://corelabs.coresecurity.com
Vivotek IP Cameras RTSP Authentication Bypass
1. *Advisory Information*
Title: Vivotek IP Cameras RTSP Authentication Bypass
Advisory ID: CORE-2013-0704
Advisory URL:
http://www.coresecurity.com/advisories/vivotek-ip-cameras-rts
Advisory ID: HTB23177
Product: appRain
Vendor: appRain
Vulnerable Version(s): 3.0.2 and probably prior
Tested Version: 3.0.2
Advisory Publication: October 9, 2013 [without technical details]
Vendor Notification: October 9, 2013
Public Disclosure: November 6, 2013
Vulnerability Type: SQL Injecti
Product: Open-Xchange AppSuite
Vendor: Open-Xchange GmbH
Internal reference: 29147 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML
Tags in a Web Page)
Vulnerable version: prior to 7.4.0
Vulnerable component: backend
Fixed version: 7.2.2-rev25, 7.4.0-rev14
Repo
[SOJOBO-ADV-13-03] - Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site
Scripting
I. * Information *
==
Name : Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting
Software : Gallery Bank 2.0.19 and possibly below.
Vendor Homepage : http://gallery-bank.com/
the following directories is vulnerable to path disclosure vulnerability in
wordpress jigoshop Plugin 1.8
#
#
# @@@@@@@ @@@@@ @@@
# @@@@@@@@@ @@ @@@ @@@@@ @
=
INTERNET SECURITY AUDITORS ALERT 2013-005
- Original release date: 3rd March 2013
- Last revised: 10th March 2013
- Discovered by: Eduardo Garcia Melia
- Severity: 5.2/10 (CVSS Base Scored)
=
I. VULNERABILI
=
INTERNET SECURITY AUDITORS ALERT 2013-018
- Original release date: July 26th, 2013
- Last revised: July 26th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID: CVE-2013-6163
==
=
INTERNET SECURITY AUDITORS ALERT 2013-017
- Original release date: July 26th, 2013
- Last revised: July 26th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 6.8/10 (CVSSv2 Base Scored)
- CVE-ID: CVE-2013-6164
==