Dropbox Patches Remotely Exploitable Vulnerability in SDK

Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the storage app that enabled attackers to connect applications to a Dropbox account without the user’s consent. This could have opened users up to the theft of information from any app that use...

UpdraftPlus <= 1.9.50 - Privilege Escalation via Nonce Leakage

The UpdraftPlus WordPress Backup Plugin WordPress plugin was affected by a Privilege Escalation via Nonce Leakage security vulnerability...

PT-2014-8999 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4.1 Description: The issue allows remote attackers to conduct cross-site request forgery CSRF attacks. This is possible due to the improper handling of empty nonces, which can lead to the hijacking ...

Amazon Linux AMI : python-oauth2 (ALAS-2014-425)

The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonce...

Medium: python-oauth2

Issue Overview: The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers t...

CVE-2014-7203

libzmq aka ZeroMQ/C++ 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors...

CVE-2014-7203

libzmq (ZeroMQ/C++) 4.0.x before 4.0.5 exposes a replay vulnerability (CVE-2014-7203) because nonces are not guaranteed unique, enabling man-in-the-middle replay attacks via unspecified vectors. The issue is fixed in libzmq 4.0.5 (e.g., openSUSE/SUSE updates reference CVE-2014-7203 and CVE-2014-7...

CVE-2014-7203

libzmq aka ZeroMQ/C++ 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors...

EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079)

The remote host is running a version of EMC Documentum Content Server that is affected by multiple vulnerabilities : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only...

DEBIAN-CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

UBUNTU-CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

WordPress WPtouch Plugin <= 3.x - Insecure Nonce Generation

Because of this vulnerability, a logged­-in attacker can potentially take over the website by uploading a backdoor and then do anything he wants. Solution Update the plugin...

Wordpress WPTouch Authenticated File Upload Exploit

The Wordpress WPTouch plugin contains an auhtenticated file upload vulnerability. A wp-nonce CSRF token is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to...

McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075)

The remote host is running a version of McAfee VirusScan Enterprise for Linux VSEL that is affected by multiple vulnerabilities due to flaws in the included OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial...

Wordpress WPTouch Authenticated File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress WPTouch Authenticated File Upload', 'Description' = %q The Wordpress WPTouch plugin contains an auhtenticated file upload...

WordPress WPTouch Authenticated File Upload

The WordPress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce CSRF token is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to...

HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)

The version of HP Version Control Repository Manager installed on the remote host is prior to 7.3.4, and thus is affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or...

Outlook Web Access 2007 CSRF Vulnerability

No description provided by source. Source: http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails Demo: http://www.youtube.com/watch?v=Bx-zfu0uXYg After Nduja Connection worm and the Memova issue, it's now time to shed a light on vulnerabilities affecting corporate webmails. And wh...

WordPress PureHTML plugin <= 1.0.0 - SQL Injection

No description provided by source. Exploit Title: WordPress PureHTML plugin = 1.0.0 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip Version: 1.0.0 tested Note:...

McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)

The remote host is running a version of McAfee ePolicy Orchestrator that is affected by multiple vulnerabilities due to flaws in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Not...