Encryption and Silence Can be Targets' Best Assets

CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy...

Ebay Magento Script Insertion

Document Title: =============== Ebay Inc Magento Bug Bounty 5 - Persistent Validation & Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1226 eBay Inc. Bug Bounty Program ID: EIBBP-27288 Vulnerability Magazine:...

NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware

The U.S. National Security Agency NSA may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets’ computers, according to an analysis by Kaspersky labs and...

CVE-2015-1498

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to 1 enumerate user accounts via a getUsers request, 2 assign a role to a user account via an addAssigneesToRole request, 3 remove a role from a user account via a...

Command injection

radexecd.exe in Persistent Systems Radia Client Automation RCA 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465...

CVE-2015-1497

radexecd.exe in Persistent Systems Radia Client Automation RCA 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465...

CVE-2015-1498

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to 1 enumerate user accounts via a getUsers request, 2 assign a role to a user account via an addAssigneesToRole request, 3 remove a role from a user account via a...

CVE-2015-1498

The CVE-2015-1498 issue affects Persistent Systems Radia Client Automation. Connected sources confirm a improper access-control vulnerability in specific requests (notably getUsers, addAssigneesToRole, removeAssigneesFromRole) that enables remote attackers to enumerate user accounts and modify us...

CVE-2015-1497

CVE-2015-1497 affects Persistent Systems Radia Client Automation (RCA) and its radexecd.exe component. A remote, unauthenticated attacker can send a crafted request to TCP port 3465/TCP to execute arbitrary commands with the privileges of the radexecd process. Affected RCA versions include 7.9, 8...

FancyBox Plugin for WordPress 'mfbfw' Parameter Persistent XSS

The version of the FancyBox plugin for WordPress installed on the remote host is affected by a persistent cross-site scripting vulnerability due to a failure properly sanitize user-supplied input to the 'mfbfw' POST parameter when the 'action' parameter is set to 'update'. A remote, unauthenticat...

Ebay Inc Magento BB#5 - Persistent Validation Vulnerability

Document Title: =============== Ebay Inc Magento BB5 - Persistent Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1226 eBay Inc. Bug Bounty Program ID: EIBBP-27288 Vulnerability Magazine:...

Ebay Inc Magento BB#5 - Persistent Validation Vulnerability

Document Title: =============== Ebay Inc Magento BB5 - Persistent Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1226 eBay Inc. Bug Bounty Program ID: EIBBP-27288 Vulnerability Magazine:...

PerlTreeBBS vulnerable to cross-site scripting

Overview PerlTreeBBS from Homepage Decorator is a tree-structured bulletin board software. PerlTreeBBS contains a persistent cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Crucible does not clear all Tokens when Browser is Closed

Problem Closing a browser ends the user session. When the user re-opens the browser and accesses Crucible, there is no login prompt and Crucible treats it like an authenticated user. Any page loads after the initial will result in the user being directed to the login page. Steps to Reproduce Have...

(0Day) Persistent Systems Client Automation Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Persistent Systems Client Automation. Authentication is not required to exploit this vulnerability. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When...

Persistent Systems Client Automation Remote Elevation of Privilege Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Persistent Systems Client Automation. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of certain requests including getUsers,...

u5CMS 3.9.3 - Multiple Persistent Cross-Site Scripting / Reflected Cross-Site Scripting Vulnerabilities

u5CMS 3.9.3 Multiple Stored And Reflected XSS Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration,...

BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability

Document Title: =============== BlinkSale Bug Bounty 1 - Encode & Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1416 Release Date: ============= 2015-02-06 Vulnerability Laboratory ID VL-ID: ====================================...

BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability

Document Title: =============== BlinkSale Bug Bounty 1 - Encode & Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1416 Release Date: ============= 2015-02-06 Vulnerability Laboratory ID VL-ID: ====================================...

Google Offers Bug Bounty Vulnerability Research Grants

Google last week announced that it has instituted a program for 2015 in which researchers can receive up to 3,133.70 in grant money for bug hunting. Researchers must apply for the grants, which will be an up-front award that will be paid out before a bug is submitted, Google said. “Researchers’...