Document Title:
===
Video WiFi Transfer 1.01 - Directory Traversal Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1288
Release Date:
=
2014-08-02
Vulnerability Laboratory ID (VL-ID):
=
Document Title:
===
FreeDisk v1.01 iOS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1287
Release Date:
=
2014-08-01
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent
(Payment Information) Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1265
Ebay Inc ID: EIBBP-28091
Video: http://www.vulnerability
Vulnerability title: Authentication Bypass in Barracuda Web Application
Firewall
CVE: CVE-2014-2595
Vendor: Barracuda
Product: Web Application Firewall
Affected version: Firmware v7.8.1.013
Fixed version: N/A
Reported by: Nick Hayes
Details:
It is possible to re-use a link which includes a non-ex
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Superfish 7.x-1.9 Cross Site Scripting Vulnerability
Author: Ubani A Balogun
Reported: June 25, 2014
Product Description:
-
Superfish integrates jQuery Superfish plugin with y
1. Advisory Overview
Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster
Recovery solution affecting both the client and server software (see Additional
Information section) include but are not limited to reflected XSS, source
code/sensitive information disclosure, privile
===
Varutra Consulting Responsible Vulnerability Disclosure
- Vulnerability release date: November 11th, 2013
- Last revised: February 5th, 2014
- Discovered by: http://varutra.com/blog/?p=281
=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
##
# _ ___ _ _ _ _
# | | / _ \| \ | |/ ___|/ ___| / \|_ _|
# | | | | | | \| | | _| | / _ \ | |
# | |__| |_| | |\ | |_| | |___ / ___ \| |
Exchange Multiple Internal IP Disclosures
--
Advisory:
http://foofus.net/?p=758
http://www.securitypentest.com/2014/08/exchange-multiple-internal-ip.html
Autodiscover Enumeration Vulnerability
--
Advisory:
http://foof
Hello MustLive,
Did you disclose this to HP? You didn't mention whether this is 0-day or
disclosed (I think you usually publish your disclosure timeline)
Thanks
Doug
Date: Thu, 31 Jul 2014 23:58:51 +0300
From: "MustLive"
To: ,
Subject: [FD] XXE Injection in HP Release Control
Message-I
0h4i! 1m a p3rs0n wh0 l1k3z t0 3x4m1n3 s1t3z 1n t3h 4l3x4 t0p 500
t0d4y, l3tz take a l00k at huffp0 && s33 wu7 f41lz 4w41t!
https://secure.huffingtonpost.com/robots.txt
User-agent: *
Disallow: /backstage/
Disallow: /blackberry/
Disallow: /users/
Disallow: /contact/pop/
Disallow: /t/
Disallow: /a
### The Preferred Roaming List Zero Intercept Attack
# SUMMARY #
Attackers in position to carry out Monkey-in-the-Middle against
CDMA2000 links between customer stations and their carrier BTS
equipment can leverage silent push PRL updates to apply a routing list
preferring paths through malicious
On Fri, Aug 1, 2014 at 4:06 AM, coderman wrote:
> ...
> # ADDITIONAL INFORMATION #
> Will not be coming from this channel. This includes no press; sorry.
> Third parties encouraged to continue and disseminate additional
> inquiry, however!
please direct questions to Mathew Solnik and Marc Blanch
On Fri, Aug 1, 2014 at 4:06 AM, coderman wrote:
> ...
> Any carrier phones or specific builds known to not accept PRL updates
> without authorization should be noted in response to this thread...
anon from the wiki pointed out the verizon rigmaiden aircard
incident.[0] while not a smart phone, t
It's not an 0day, I dropped this in may.
On Mon, Aug 4, 2014 at 9:39 AM, Douglas Held wrote:
> Hello MustLive,
>
> Did you disclose this to HP? You didn't mention whether this is 0-day or
> disclosed (I think you usually publish your disclosure timeline)
>
> Thanks
> Doug
>
> Date: Thu, 31 Jul
Thanks for reporting this bug to the Drupal Security Team and for sharing a
description of it here.
I think the mitigating factors section is a little unclear. I've added some
information about them inline below.
On Mon, Aug 4, 2014 at 12:54 PM, Ubani Balogun wrote:
>
> Mitigating Factors:
> -
Hey all,
Since I haven't really ever properly done it, i wanted to "officially"
announce american fuzzy lop, a novel instrumentation-driven fuzzer
that, among other things, had some luck finding a bunch of fairly
interesting image parsing security issues (e.g., CVE-2013-6629,
CVE-2013-6630).
http
17 matches
Mail list logo