Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

: From: Mark Litchfield mark () securatary com : As previously stated, I would post an update for Ektron CMS bypassing : the security fix. : A full step by step with the usual screen shots can be found at - : http://www.securatary.com/vulnerabilities Uh... you expect people to login to

Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

: : From: Mark Litchfield mark () securatary com : : : As previously stated, I would post an update for Ektron CMS bypassing : : the security fix. : : : A full step by step with the usual screen shots can be found at - : : http://www.securatary.com/vulnerabilities : : Uh... you expect

Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

: This is not the behavior of the site as of 48 hours ago. : Let me check. Normal registration should also be available ? Infact I : will remove the registration. : : The purpose of this whole registration in the first place was to allow : for future postings I am going to make later this

Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

On 2/4/2014 2:51 PM, security curmudgeon wrote: : From: Mark Litchfield mark () securatary com : As previously stated, I would post an update for Ektron CMS bypassing : the security fix. : A full step by step with the usual screen shots can be found at - :

Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

On 2/4/2014 3:01 PM, security curmudgeon wrote: : : From: Mark Litchfield mark () securatary com : : : As previously stated, I would post an update for Ektron CMS bypassing : : the security fix. : : : A full step by step with the usual screen shots can be found at - : :

Re: [Full-disclosure] [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

On 2/4/2014 3:13 PM, security curmudgeon wrote: : This is not the behavior of the site as of 48 hours ago. : Let me check. Normal registration should also be available ? Infact I : will remove the registration. : : The purpose of this whole registration in the first place was to allow : for

Re: [Full-disclosure] [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

On 2/4/2014 3:13 PM, security curmudgeon wrote: : This is not the behavior of the site as of 48 hours ago. : Let me check. Normal registration should also be available ? Infact I : will remove the registration. : : The purpose of this whole registration in the first place was to allow : for

Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

s/with their Facebook or Twitter credentials//g On Tue, Feb 4, 2014 at 10:51 PM, security curmudgeon jeri...@attrition.orgwrote: : From: Mark Litchfield mark () securatary com : As previously stated, I would post an update for Ektron CMS bypassing : the security fix. : A full step by

[Full-disclosure] CVE-2014-1237 (XSS in i-doit Pro)

# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # # # # CVE ID : CVE-2014-1237 # CSNC ID: CSNC-2014-002 # Product: i-doit # Vendor: synetics Gesellschaft für

[Full-disclosure] [SECURITY] [DSA 2854-1] mumble security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2854-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso February 05, 2014

[Full-disclosure] [SECURITY] [DSA 2855-1] libav security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2855-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff February 05, 2014

[Full-disclosure] [Security-news] SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure

View online: https://drupal.org/node/2187453 * Advisory ID: DRUPAL-SA-CONTRIB-2014-009 * Project: Tagadelic [1] (third-party module) * Version: 6.x * Date: 2014-February-05 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Information Disclosure

[Full-disclosure] [Security-news] SA-CONTRIB-2014-010 Services - Access Bypass and Privilege Escalation

View online: https://drupal.org/node/2189509 * Advisory ID: DRUPAL-SA-CONTRIB-2014-010 * Project: Services [1] (third-party module) * Version: 7.x * Date: 2014-February-05 * Security risk: Highly critical [2] * Exploitable from: Remote * Vulnerability: Access bypass

[Full-disclosure] [Security-news] SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure

View online: https://drupal.org/node/2189643 * Advisory ID: DRUPAL-SA-CONTRIB-2014-011 * Project: Push Notifications [1] (third-party module) * Version: 7.x * Date: 2014-February-05 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Information

Re: [Full-disclosure] [SPAM] Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

On 2/4/2014 6:36 PM, Mark Litchfield wrote: On 2/4/2014 3:13 PM, security curmudgeon wrote: : This is not the behavior of the site as of 48 hours ago. : Let me check. Normal registration should also be available ? Infact I : will remove the registration. : : The purpose of this whole

[Full-disclosure] CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. *Advisory Information* Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:

[Full-disclosure] [Security-news] SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)

View online: https://drupal.org/node/2189751 * Advisory ID: DRUPAL-SA-CONTRIB-2014-012 * Project: Modal Frame API [1] (third-party module) * Version: 6.x * Date: 2014-February-05 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site