XSS and CS vulnerabilities in BuddyPress for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin BuddyPress for WordPress. I've disclosed vulnerabilities in JW Player in June and August including in commercial version JW Player Pro and disclosed vulnerabilities in Rokbox in December. And BuddyPress uses this...

CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities

OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful...

Enterpriser16 LoadBalancer v7.1 - Multiple Web Vulnerabilities

Title: ====== Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: ===== 2012-12-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=785 VL-ID: ===== 785 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Load...

Enterpriser16 LoadBalancer multiple security vulnerabilities

Multiple Web interface vulnerabilities...

CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability

OVERVIEW CubeCart 5.x versions are vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...

CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities

OVERVIEW CubeCart 5.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which...

[SECURITY] [DSA 2591-1] mahara security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2591-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 27, 2012 http://www.debian.org/security/faq -...

Multiple vulnerabilities in RocketTheme themes for WordPress

Hello 3APA3A! Earlier I've wrote to the list about multiple vulnerabilities in multiple themes for WordPress http://seclists.org/fulldisclosure/2012/Dec/236. In that later I've mentioned 16 themes by RocketTheme with Rokbox: Afterburner, Refraction, Solarsentinel, Mixxmag, Iridium, Infuse,...

Multiple XSS vulnerabilities in Cerberus FTP Server <= 5.0.5.1 [CVE-2012-6339]

Overview =============== Cerberus FTP Server http://www.cerberusftp.com/ is a secure and reliable FTP server with many features and available functionality. It was discovered that the Web Administration interface has multiple persistent Cross Site Scripting XSS vulnerabilities. In the log viewer...

CubeCart 4.4.6 and lower | Multiple SQL Injection Vulnerabilities

OVERVIEW The CubeCart 4.4.6 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...

Wordpress Pingback Port Scanner

Hi folks, Wordpress 3.5 has it's XML-RPC Interface enabled by default. See here for more information: http://www.ethicalhack3r.co.uk/security/introduction-to-the-wordpress-xml-rpc-api/ http://codex.wordpress.org/Version3.5Settings I read through the article and took a look at the Pinback API sinc...

'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469)

I. DESCRIPTION --------------------------------------- portable-phpMyAdmin doesn't verify an existing WordPress session privileged or not when accessing the plugin file path directly. Because of how this plugin works, a default installation will provide a full phpMyAdmin console with the privileg...

[USN-1666-1] Aptdaemon vulnerability

========================================================================== Ubuntu Security Notice USN-1666-1 December 17, 2012 aptdaemon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro

---+ Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext, whic...

TinyBrowser Upload Shell Vulnerability

Hello guys! I'll draw your attention to one exploit at 1337day.com and other their domains: http://1337day.com/exploit/19732. I've wrote to 1337day.com about it already at 19.11.2012. So it should concern every list, which posted that exploit from 1337day.com. This is AFU vulnerability in...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

File Upload Concern in Front Account 2.3.13 and OpenDocMan 1.2.6.2

I have put this in a separate report since they are not strictly vulnerabilities. By default, both software apps allow the end user to upload any HTML file they wish. This means that files with malicious javascript may be uploaded to the server. The issue is that when a user clicks view for these...

aptdaemon key validation vulnerability

PPA GPG key is validated incorrectly...

Addressbook v8.1.24.1 Group Name XSS

Instructions. After authentication, click on the Group tab at the top. Click on the New Group Button on the group page. For the group name the first field enter the following XSS test string: SCRIPTalertString.fromCharCode88,83,83/SCRIPT Then call the XSS string from the URL -- technically one...

FCKEditor File Upload Vulnerability

Description: There is no validation on the extensions when FCKEditor 2.6.8 ASP version is dealing with the duplicate files. As a result, it is possible to bypass the protection and upload a file with any extension. - Reference: http://www.exploit-db.com/exploits/23005/ vulnerable versions: prior...

OpenDocMan 1.2.6.2 - 3 Vulnerabilities

1 - Unprotected id parameter ----------------------------- In check-in.php the id variable is not filtered so that one can put in additional SQL statements. I have been able to get a UNION SELECT query to run but I do not think it's exploitable because there is a second query that runs with the i...

Multiple vulnerabilities in RokBox for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Rokbox for WordPress. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload, Content Spoofing and Information Leakage vulnerabilities. Rokbox uses...

Path Traversal Vulnerability on Secure Transport versions 5.1 SP2 and earlier

Secure Transport Path Traversal Vulnerability Public Disclosure Date: November 11, 2012 Vendors Affected: Axway http://www.axway.com Systems Affected: Secure Transport Problem: A path traversal vulnerability was identified in SecureTransport versions 5.1 SP2 and earlier on the Microsoft Windows...

Nova information leakage

LVM images are not cleared on reallocation...

VMWare View directory traversal

VMware View Connection Server directory traversal...

unity firefox extension crossorigin policy bypass

No description provided...

DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)

Title ----- DDIVRT-2012-48 VMware View Connection Server Directory Traversal CVE-2012-5978 Severity -------- High Date Discovered --------------- September 26, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description...

[btrfs] is vulnerable to a hash-DoS attack

Hello folk, The btrfs file system, part of the linux kernel, is vulnerable to a trivial hash-DoS attack. More details can be found here: http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/ Enjoy! Pascal Junod -- http://crypto.junod.info @cryptopathe...

btrfs DoS

DoS via reproducable hash collisions...

[USN-1665-1] unity-firefox-extension vulnerability

========================================================================== Ubuntu Security Notice USN-1665-1 December 13, 2012 unity-firefox-extension vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

[USN-1663-1] Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1663-1 December 12, 2012 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Password Disclosure in D-Link IP Cameras (CVE-2012-4046)

A password disclosure vulnerability in the D-Link DCS-9xx series IP cameras allows attackers to gain administrator level access to the camera when on the same broadcast domain. CVE-2012-4046 Details:...

Microsoft Windows multiple security vulnerabilities

Buffer overflow on OpenType and TrueType fonts parsing, memory corruption on filname handling, DirectPlay buffer overflow, DirectAccess IP-HTTPS insufficient certificate check...

apt information leakage

Weak term.log file permission...

Microsoft Word memory corruption

Memory corruption on RTF parsing...

Microsoft Exchange DoS

Invalid RSS feeds processing...

Microsoft Internet Explorer multiple security vulnerabilities

Few use-after-free vulnerabilities...

HP OpenVMS DoS

DoS via LOGIN and ACMELOGIN...

[security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Local Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03599086 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03599086 Version: 1 HPSBOV02834...

Internet Explorer information leakage

Page can track any mouse movements, even behind the page...

[USN-1660-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-1660-1 December 11, 2012 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

gobofilter buffer overflow

Buffer overflow on base64 parsing...

[SECURITY] [DSA 2585-1] bogofilter security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2585-1 [email protected] http://www.debian.org/security/ December 11, 2012 http://www.debian.org/security/faq -...

Information disclosure (mouse tracking) vulnerability in Microsoft Internet Explorer versions 6-10

Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused or minimised. Package: Microsoft Internet Explorer Affected: Tested on versions 6–10 Introduction ----------------- A security vulnerability in Internet Explorer, versions...

Maxthon and Avant browsers multiple security vulnerabilities

Crossite scripting, information leakage, code execution...

Multiple critical vulnerabilities in Maxthon and Avant browsers

Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities were demonstrated during HITBAMS2012 security conference and more recently at HackPra. Affected Products - Maxthon www.maxthon.com - Avant Browser www.avantbrowser.com Security...

Linux kernel IPv6 filterin bypass

It's possible to bypass filtering with overlapping fragments...

GNU GIMP memory corruption

Memory corruption on XWD files parsing...

XSS vulnerability in swfupload in ExpressionEngine

Hello 3APA3A! Here is information about Cross-Site Scripting vulnerability in swfupload in ExpressionEngine. After publication of my advisory XSS vulnerability in web applications with swfupload: AionWeb, Magento, Liferay Portal, SurgeMail, symfony http://securityvulns.ru/docs28761.html and after...

Snare for Linux Cross-Site Request Forgery

Snare for Linux Cross-Site Request Forgery I. BACKGROUND ---------------------- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and storage. II...