[FD] Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x

Hello all, I would like to inform you about the Remote Command & Code Injection vulnerabilities found in Wifi-soft's Unibox Controllers. Name: Remote Code Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage:

[FD] Path Traversal in Aspose.ZIP library

Aspose.ZIP for .NET was vulnerable to path traversal that allowed an attacker overwriting arbitrary file in a context of running application. The issue was fixed in version 19.1.0. Timeline: 04-10-2018 - Issue found and reported by email without reply. 10-10-2018 - Successfully reported in a

Re: [FD] Vulnerabilities in Zurmo 2.3.4

On Wed, Jan 02, 2019 at 04:42:08PM +0100, Daniel Bishtawi wrote: > https://www.netsparker.com/web-applications-advisories/ns-18-034-code-evolution-php-in-zurmo/ > 12th November 2018 - First Contact > 2nd January 2018 - Advisory Released Did you request CVE(s) for this? How did you contact vendor?

Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8

On Thu, Jan 03, 2019 at 10:45:36AM +0100, Daniel Bishtawi wrote: > We are glad to inform you about the vulnerabilities we reported in > Microweber 1.0.8. > Affected Versions: 1.0.8 > Homepage: https://github.com/microweber/microweber > Status: Not Fixed > CVE-ID: CVE-2018-19917 > Netsparker

[FD] New Release: UFONet v1.2 - "Armageddon!"

Hi FD, I am glad to present a new release of this tool: - https://ufonet.03c8.net "UFONet - is a toolkit designed to launch DDoS and DoS attacks." See these links for more info: - CWE-601:Open Redirect [1] - OWASP:URL Redirector Abuse [2] - Botnet requests schema [3] - Main

[FD] Multiple Cross-site Scripting Vulnerabilities in ZenPhoto 1.4.14

Hello, We are glad to inform you about the vulnerabilities we reported in ZenPhoto 1.4.14. Here are the details: Advisory by Netsparker Name: Multiple Cross-Site Scripting Vulnerabilities in ZenPhoto 1.4.14 Affected Software: ZenPhoto Affected Versions: 1.4.14 Homepage: http://www.zenphoto.org/

[FD] Reflected Cross-site Scripting in Mantis 2.11.1

Hello, We are glad to inform you about the vulnerabilities we reported in Mantis 2.11.1. Here are the details: Advisory by Netsparker Name: Reflected Cross-site Scripting in Mantis 2.11.1 Affected Software: Mantis Affected Versions: 2.11.1 Homepage: https://www.mantisbt.org/ Vulnerability:

Re: [FD] Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8

Hi Henri, There was no response after the details had been sent to pe...@microweber.com as requested by Microweber (i...@microweber.com). They did not follow up with an update on the status of the fix once the technical details has been sent, as requested and did not respond when we tried to

[FD] CSRF in MapSVG Lite could allow an attacker to do almost anything an admin can (WordPress plugin)

Details Software: MapSVG Lite Version: 3.2.3 Homepage: https://en-gb.wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/ Advisory report: https://advisories.dxw.com/advisories/csrf-mapsvg-lite/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)