Katie Moussouris on the Latest Wassenaar Arrangement Rules

Threatpost editor Mike Mimoso talks to HackerOne chief policy officer Katie Moussouris about the U.S. implementation of the Wassenaar Arrangement rules and where things stand close to seven months after the initial draft was pulled off the table for a rewrite...

Government Promises Comment Period on Next Wassenaar Draft

It’s been months since the U.S. Commerce Department’s Bureau of Industry and Security pulled the U.S. implementation of the Wassenaar Arrangement off the table for an unusual rewrite of the rules governing so-called intrusion software. The overly broad rule drew the ire of security and privacy...

WordPress < 3.7.9 / 3.8.x < 3.8.9 / 3.9.x < 3.9.7 / 4.1.x < 4.1.6 / 4.2.x < 4.2.3 Multiple Vulnerabilities

Binary data 9030.prm...

Zendesk: Stored XSS in Draft Articles.

See title...

MGASA-2015-0464 Updated moodle packages fix security vulnerability

In Moodle before 2.8.9, if guest access is open on the site, unauthenticated users can store Atto draft data through the editor autosave area, which could be exploited in a denial of service attack CVE-2015-5332. In Moodle before 2.8.9, due to a CSRF issue in the site registration form, it is...

POP Peeper 4.0.1 - SEH Over-Write Exploit

Exploit for windows platform in category dos / poc ''' Exploit Title: POP Peeper SEH Over-write. Date: 9/14/2015 Exploit Author: UnN0n Software Link: http://www.esumsoft.com/download Version: v4.0.1 Tested on: Windows 7 x8632 BIT DUMP: ''' EAX 00000000 ECX 20203029 EDX 77C5660D ntdll.77C5660D EBX...

POP Peeper 4.0.1 - Overwrite (SEH)

''' Exploit Title: POP Peeper SEH Over-write. Date: 9/14/2015 Exploit Author: UnN0n Software Link: http://www.esumsoft.com/download Version: v4.0.1 Tested on: Windows 7 x8632 BIT DUMP: ''' EAX 00000000 ECX 20203029 EDX 77C5660D ntdll.77C5660D EBX 00000000 ESP 0012EC5C EBP 0012EC7C ESI 00000000 ED...

POP Peeper 4.0.1 - Overwrite (SEH)

POP Peeper 4.0.1 - Overwrite SEH ''' Exploit Title: POP Peeper SEH Over-write. Date: 9/14/2015 Exploit Author: UnN0n Software Link: http://www.esumsoft.com/download Version: v4.0.1 Tested on: Windows 7 x8632 BIT DUMP: ''' EAX 00000000 ECX 20203029 EDX 77C5660D ntdll.77C5660D EBX 00000000 ESP...

Shopify: customers password hash leak!!!!

An endpoint in the Draft Order feature would return a serialized version of the Customer that contained the account password hashed and salted as well as the last password reset token when available...

Design/Logic Flaw

WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...

WordPress Draft Creation Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. WordPress has a security vulnerability, users with Subscriber rights can create drafts through the Quick Draft feature...

WordPress < 3.7.9 / 3.8.9 / 3.9.7 / 4.1.6 / 4.2.3 Multiple Vulnerabilities

According to its version number, the WordPress application running on the remote web server is either version 3.7.x prior to 3.7.9, 3.8.x prior to 3.8.9, 3.9.x prior to 3.9.7, 4.1.x prior to 4.1.6, or 4.2.x prior to 4.2.3. It is, therefore, potentially affected by the following vulnerabilities : ...

MGASA-2015-0290 Updated wordpress package fixes security vulnerabilities

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site CVE-2015-5622. WordPress versions 4.2.2 and earlier are affected by an issue where it was possible for a user with Subscriber...

Updated wordpress package fixes security vulnerabilities

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site CVE-2015-5622. WordPress versions 4.2.2 and earlier are affected by an issue where it was possible for a user with Subscriber...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox / mozilla-nss (SUSE-SU-2014:1510-1)

update to Firefox 31.2.0 ESR bnc900941 - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 bmo1001994, bmo1011354, bmo1018916, bmo1020034, bmo1023035, bmo1032208, bmo1033020, bmo1034230, bmo1061214, bmo1061600, bmo1064346, bmo1072044, bmo1072174 Miscellaneous memory safety hazards rv:33.0/rv:31.2 - MFSA...

Android SMS Resend

INTRODUCTION ================================== In Android 5.0, an unprivileged app can resend all the SMS stored in the user's phone to their corresponding recipients or senders without user interaction. No matter whether these SMS are sent to or received from other people. This may leads to...

Android SMS Resend Vulnerability

Android versions prior to 5.0 allow an unprivileged application the ability to resend all the SMS's stored in the users phone. INTRODUCTION ================================== In Android 5.0, an unprivileged app can resend all the SMS stored in the user's phone to their corresponding recipients or...

Draft retrieval in the editor doesn't respect page or space permissions

Drafts are supposed to be per user and private but given a draft id, which should be easy to guess as they are sequential, you can access the contents of any draft, both for new and existing pages by using the following urls:...

Draft retrieval in the editor doesn't respect page or space permissions

Drafts are supposed to be per user and private but given a draft id, which should be easy to guess as they are sequential, you can access the contents of any draft, both for new and existing pages by using the following urls:...

WordPress 2.3.1 Unauthorized Post Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26885/info WordPress is prone to a vulnerability that lets unauthorized users read draft posts before they have been published. This issue affects WordPress 2.3.1; other versions may also be affected. NOTE: This BID is...