[FD] Video WiFi Transfer 1.01 - Directory Traversal Vulnerability

Document Title: === Video WiFi Transfer 1.01 - Directory Traversal Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1288 Release Date: = 2014-08-02 Vulnerability Laboratory ID (VL-ID): =

[FD] FreeDisk v1.01 iOS - Multiple Web Vulnerabilities

Document Title: === FreeDisk v1.01 iOS - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1287 Release Date: = 2014-08-01 Vulnerability Laboratory ID (VL-ID):

[FD] Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability

Document Title: === Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1265 Ebay Inc ID: EIBBP-28091 Video: http://www.vulnerability

[FD] CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall

Vulnerability title: Authentication Bypass in Barracuda Web Application Firewall CVE: CVE-2014-2595 Vendor: Barracuda Product: Web Application Firewall Affected version: Firmware v7.8.1.013 Fixed version: N/A Reported by: Nick Hayes Details: It is possible to re-use a link which includes a non-ex

[FD] Superfish 7.x Minor Cross Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Superfish 7.x-1.9 Cross Site Scripting Vulnerability Author: Ubani A Balogun Reported: June 25, 2014 Product Description: - Superfish integrates jQuery Superfish plugin with y

[FD] [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

1. Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software (see Additional Information section) include but are not limited to reflected XSS, source code/sensitive information disclosure, privile

[FD] LinkedIn User Account Handling Vulnerability(s)

=== Varutra Consulting Responsible Vulnerability Disclosure - Vulnerability release date: November 11th, 2013 - Last revised: February 5th, 2014 - Discovered by: http://varutra.com/blog/?p=281 =

[FD] HybridAuth <= 2.1.2 Remote Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ## # _ ___ _ _ _ _ # | | / _ \| \ | |/ ___|/ ___| / \|_ _| # | | | | | | \| | | _| | / _ \ | | # | |__| |_| | |\ | |_| | |___ / ___ \| |

[FD] Microsoft Exchange Multiple Vulnerabilities

Exchange Multiple Internal IP Disclosures -- Advisory: http://foofus.net/?p=758 http://www.securitypentest.com/2014/08/exchange-multiple-internal-ip.html Autodiscover Enumeration Vulnerability -- Advisory: http://foof

Re: [FD] XXE Injection in HP Release Control

Hello MustLive, Did you disclose this to HP? You didn't mention whether this is 0-day or disclosed (I think you usually publish your disclosure timeline) Thanks Doug Date: Thu, 31 Jul 2014 23:58:51 +0300 From: "MustLive" To: , Subject: [FD] XXE Injection in HP Release Control Message-I

[FD] Outdated Software on Huffington Post

0h4i! 1m a p3rs0n wh0 l1k3z t0 3x4m1n3 s1t3z 1n t3h 4l3x4 t0p 500 t0d4y, l3tz take a l00k at huffp0 && s33 wu7 f41lz 4w41t! https://secure.huffingtonpost.com/robots.txt User-agent: * Disallow: /backstage/ Disallow: /blackberry/ Disallow: /users/ Disallow: /contact/pop/ Disallow: /t/ Disallow: /a

[FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing]

### The Preferred Roaming List Zero Intercept Attack # SUMMARY # Attackers in position to carry out Monkey-in-the-Middle against CDMA2000 links between customer stations and their carrier BTS equipment can leverage silent push PRL updates to apply a routing list preferring paths through malicious

Re: [FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing]

On Fri, Aug 1, 2014 at 4:06 AM, coderman wrote: > ... > # ADDITIONAL INFORMATION # > Will not be coming from this channel. This includes no press; sorry. > Third parties encouraged to continue and disseminate additional > inquiry, however! please direct questions to Mathew Solnik and Marc Blanch

Re: [FD] Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing]

On Fri, Aug 1, 2014 at 4:06 AM, coderman wrote: > ... > Any carrier phones or specific builds known to not accept PRL updates > without authorization should be noted in response to this thread... anon from the wiki pointed out the verizon rigmaiden aircard incident.[0] while not a smart phone, t

Re: [FD] XXE Injection in HP Release Control

It's not an 0day, I dropped this in may. On Mon, Aug 4, 2014 at 9:39 AM, Douglas Held wrote: > Hello MustLive, > > Did you disclose this to HP? You didn't mention whether this is 0-day or > disclosed (I think you usually publish your disclosure timeline) > > Thanks > Doug > > Date: Thu, 31 Jul

Re: [FD] Superfish 7.x Minor Cross Site Scripting Vulnerability

Thanks for reporting this bug to the Drupal Security Team and for sharing a description of it here. I think the mitigating factors section is a little unclear. I've added some information about them inline below. On Mon, Aug 4, 2014 at 12:54 PM, Ubani Balogun wrote: > > Mitigating Factors: > -

[FD] (kind of) new tool: american fuzzy lop

Hey all, Since I haven't really ever properly done it, i wanted to "officially" announce american fuzzy lop, a novel instrumentation-driven fuzzer that, among other things, had some luck finding a bunch of fairly interesting image parsing security issues (e.g., CVE-2013-6629, CVE-2013-6630). http