[Full-disclosure] Update [RCA-201309-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities

Update Fixed wrong dates. Details Application: HMS Testimonials ( http://wordpress.org/plugins/hms-testimonials/ ) Version: 2.0.10 Type: Wordpress Plugin Vendor: Jeff Kreitner ( http://profiles.wordpress.org/kreitje/ ) Vulnerability: - Cross-Site R

[Full-disclosure] Research survey: web pentests with hybrid control+data flow graphs

Hi, If you are a web pentester, can you please fill out this short research survey? - https://docs.google.com/forms/d/1EXavadsf8z4R48qAemo9XRA2N--__R5eXtiwszZ81ic/viewform - Hybrid Control+Data Flow Graphs for Web Application Penetration Testing -- We aim at evaluati

[Full-disclosure] [RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities

Details Application: HMS Testimonials ( http://wordpress.org/plugins/hms-testimonials/ ) Version: 2.0.10 Type: Wordpress Plugin Vendor: Jeff Kreitner ( http://profiles.wordpress.org/kreitje/ ) Vulnerability: - Cross-Site Request Forgery (CWE-352) - Cross-Site Scripting (CWE

[Full-disclosure] pixlr.com bluecoat image file bypass

if one is confined to the bluecoat (bluecoat.com) proxysg, the pixlr.com/editor page allows him or her to bypass the proxy to download arbitrary images from any source assuming the pixlr.com servers have access themselves to retrieve the image. donations to btc: 1CGw4gpZGZkpQeUMg7s6ip3hp8ZRj9pTGx

Re: [Full-disclosure] [ MDVSA-2013:210 ] firefox

On Wed, Aug 07, 2013 at 04:48:22PM +0300, Georgi Guninski wrote: > > > On Wed, Aug 07, 2013 at 12:36:01PM +0200, secur...@mandriva.com wrote: > > > > Security researcher Georgi Guninski reported an issue with Java > > > Just to clarify: I haven't report _any_ "issues" to mozilla > since y

[Full-disclosure] OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy

Hi, Exact Audio Copy (see ) V1.0 beta 3, released 2011-09-11, installs the following OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components: 1. Microsoft SQL Server Compact 3.5 Service Pack 1: | X:\>filever.exe /S "%ProgramFiles%\Exact Audio Copy\sqlce*.dll" |

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure

hi KingCope the one of security features in hosting servers is : dont allow to .htaccess override from users for doing this features in httpd.conf you can use *AllowOverride None* instead of *AllowOverride all* ​with this feature you can not use this bug. tnx On Wed, Aug 7, 2013 at 8:38 PM, king

[Full-disclosure] Two Vulnerabilities in NetworkMiner : DLL Hijacking + Directory Traversal

Security Advisory ID: NETRESEC-1386968 http://netresec.com/?b=1386968 NetworkMiner version 1.4.1 and older is vulnerable to DLL hijacking and contains a directory traversal vulnerability. ==Description== NetworkMiner is a tool designed for network forensics and network security monitoring. It is