Details
Software: Watu PRO Play
Version: 1.9.2.1
Homepage: http://calendarscripts.info/watupro/modules.html#play
Advisory report:
https://security.dxw.com/advisories/stored-xss-in-watu-pro-play-allows-unauthenticated-attacker-to-do-almost-anything-an-admin-can/
CVE: Awaiting assig
Details
Software: Watu PRO
Version: 4.8.8.4
Homepage: http://calendarscripts.info/watupro/
Advisory report:
https://security.dxw.com/advisories/csrf-in-watu-pro-allows-unauthenticated-attackers-to-delete-quizzes/
CVE: Awaiting assignment
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A
Details
Software: Watu PRO
Version: 4.8.8.4
Homepage: http://calendarscripts.info/watupro/
Advisory report:
https://security.dxw.com/advisories/stored-xss-in-watu-pro-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; A
So we have the first bona fide research casualty of the new Wassenaar
Agreement wording (ugh). HP and counsel are concerned over Japanese
implementation of it, so they will not be involved with Pwn2Own Mobile in
Japan. Given typical Japanese government bureaucracy, I don't think I can
fault them. H
Serendipity 2.0.1: Persistent XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Serendipity 2.0.1
Fixed in: 2.0.2
Fixed Version Link:
https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip
Vendor Contact:
NibbleBlog 4.0.3: Code Execution
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: NibbleBlog 4.0.3
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: Website: http://www.nibbleblog.com/
Vulnerability Type: C
NibbleBlog 4.0.3: CSRF
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: NibbleBlog 4.0.3
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: Website: http://www.nibbleblog.com/
Vulnerability Type: CSRF
Re
*(o_O)!
Document Title:
===
PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1486
Video: http://www.vulnerability-lab.com/get_content.php?id=1485
Watch Video: