[FD] Stored XSS in Watu PRO Play allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)

Details Software: Watu PRO Play Version: 1.9.2.1 Homepage: http://calendarscripts.info/watupro/modules.html#play Advisory report: https://security.dxw.com/advisories/stored-xss-in-watu-pro-play-allows-unauthenticated-attacker-to-do-almost-anything-an-admin-can/ CVE: Awaiting assig

[FD] CSRF in Watu PRO allows unauthenticated attackers to delete quizzes (WordPress plugin)

Details Software: Watu PRO Version: 4.8.8.4 Homepage: http://calendarscripts.info/watupro/ Advisory report: https://security.dxw.com/advisories/csrf-in-watu-pro-allows-unauthenticated-attackers-to-delete-quizzes/ CVE: Awaiting assignment CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A

[FD] Stored XSS in Watu PRO allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)

Details Software: Watu PRO Version: 4.8.8.4 Homepage: http://calendarscripts.info/watupro/ Advisory report: https://security.dxw.com/advisories/stored-xss-in-watu-pro-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/ CVE: Awaiting assignment CVSS: 5.8 (Medium; A

[FD] PacSec (Tokyo Nov 11-12): PWN2OWN Mobile first casualty of Wassenaar, CFP extended to Friday September 4

So we have the first bona fide research casualty of the new Wassenaar Agreement wording (ugh). HP and counsel are concerned over Japanese implementation of it, so they will not be involved with Pwn2Own Mobile in Japan. Given typical Japanese government bureaucracy, I don't think I can fault them. H

[FD] Serendipity 2.0.1 - Persistent XSS

Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact:

[FD] NibbleBlog 4.0.3 - Code Execution - Not fixed

NibbleBlog 4.0.3: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://www.nibbleblog.com/ Vulnerability Type: C

[FD] NibbleBlog 4.0.3 - CSRF - Not fixed

NibbleBlog 4.0.3: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://www.nibbleblog.com/ Vulnerability Type: CSRF Re

[FD] PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability

*(o_O)! Document Title: === PayPal Inc - Security Approval & 2FA Account Auth Bypass Session Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1486 Video: http://www.vulnerability-lab.com/get_content.php?id=1485 Watch Video: