Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)

Source: https://code.google.com/p/google-security-research/issues/detail?id=461 Windows: NtUserGetClipboardAccessToken Token Leak Redux Platform: Windows 8.1 Update, Windows 10 Build 10130 Class: Security Bypass/EoP Summary: The NtUserGetClipboardAccessToken win32k system call exposes the access...

Magento Bug Bounty #19 - Persistent Filename Vulnerability

Document Title: =============== Magento Bug Bounty 19 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1570 ID: APPSEC-1059 Release Date: ============= 2015-09-11 Vulnerability Laboratory ID VL-ID:...

Amazon Linux: Security Advisory (ALAS-2012-89)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Virtual Freer v1.57 - Authentication Bypass Vulnerability

Document Title: =============== Virtual Freer v1.57 - Authentication Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-04 Vulnerability Laboratory ID VL-ID: ====================================...

Serendipity 2.0.1 Blind SQL Injection

Serendipity 2.0.1: Blind SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected]...

Serendipity 2.0.1 Shell Upload

Serendipity 2.0.1: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...

Serendipity 2.0.1 Cross Site Scripting

Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...

Thumbnail Carousel Slider < 1.0.1 - Authenticated Shell Upload & CSRF

The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor. PoC Create a file name...

firefox: multiple issues

CVE-2015-4497 use-after-free when resizing canvas element during restyling: Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a canvas element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references...

WordPress Navis DocumentCloud 0.1 Cross Site Scripting

Details ================ Software: Navis DocumentCloud Version: 0.1 Homepage: https://wordpress.org/plugins/navis-documentcloud/ Advisory report: https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ CVE: CVE-2015-2807 CVSS: 6.4 Medium;...

PayPal Notify - Cross Site Request Forgery Vulnerability

Document Title: =============== PayPal Notify - Cross Site Request Forgery Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1584 Video: https://www.youtube.com/watch?v=1NO4I28J-0s Release Date: ============= 2015-08-25 Vulnerability Laboratory ID VL-ID:...

Low: Red Hat Security Advisory: libunwind security update

Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Microsoft Office 2007 MSO.dll Use-After-Free Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1 The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified...

Microsoft Office 2007 - mso.dll Use-After-Free (MS15-081)

Microsoft Office 2007 - mso.dll Use-After-Free MS15-081 Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1 The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application...

Microsoft Office 2007 - &#039;mso.dll&#039; Use-After-Free (MS15-081)

Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1 The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This samp...

Bolt 2.2.4 Shell Upload Vulnerability

Bolt version 2.2.4 suffers from a code execution vulnerability via shell upload. Bolt 2.2.4: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: Bolt 2.2.4 Fixed in: 2.2.5 Fixed Version Link: http://bolt.cm/distribution/archive/bolt-2.2.5.zip Vendor Contact:...

ModX Revolution 2.3.5-pl Cross Site Scripting Vulnerability

ModX Revolution version 2.3.5-pl suffers from a reflective cross site scripting vulnerability. ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability Security Advisory – Curesec Research Team 1. Introduction Affected Product: ModX Revolution 2.3.5-pl Fixed in: not fixed Fixed...

CodoForum 3.3.1 - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications CodoForum 3.3.1: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team http://blog.curesec.com/article/blog/CodoForum-331-Multiple-SQL-Injection-Vulnerabilities-42.html 1. Introduction Affected Product: CodoForum 3.3...

BigTree CMS 4.2.3 - (Authenticated) SQL Injection

BigTree CMS 4.2.3 - Authenticated SQL Injection BigTree CMS 4.2.3: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team Online-Reference: http://blog.curesec.com/article/blog/BigTree-CMS-423-Multiple-SQL-Injection-Vulnerabilities-39.html 1. Introduction Affected Produc...

BigTree CMS 4.2.3 - (Authenticated) SQL Injection

BigTree CMS 4.2.3: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team Online-Reference: http://blog.curesec.com/article/blog/BigTree-CMS-423-Multiple-SQL-Injection-Vulnerabilities-39.html 1. Introduction Affected Product: BigTree CMS 4.2.3 Fixed in: 4.2.4 Fixed Versi...