Home page logo
/
fulldisclosure logo
Full Disclosure Mailing List

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
201419427343432521317416789115107
2013282162290263227259277303187294222224
2012611477390382323428394393210277236280
2011590687439561572565367393370995466511
2010637502564453408631417445414523342696
2009979380465318282292550455421339386502
2008615496600821681403591559639531739635
2007593629573744555661662530709935582641
200699274018658677891058770771578678545495
2005939676950666678437766107889067710651531
200413581534149911531451103113701314109111741424731
200350540529650042189212511942176318061123782
2002314835685381456313

Latest Posts

[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness Egidio Romano (Oct 23)
----------------------------------------------------------------
TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
----------------------------------------------------------------

[-] Software Link:

http://testlink.org/

[-] Affected Versions:

Version 1.9.12 and prior versions.

[-] Weakness Description:

The vulnerable code is located in the /lib/functions/database.class.php script:

208....

[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability Egidio Romano (Oct 23)
--------------------------------------------------------------------------
TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
--------------------------------------------------------------------------

[-] Software Link:

http://testlink.org/

[-] Affected Versions:

Version 1.9.12 and prior versions.

[-] Weakness Description:

The vulnerable code is located in the /lib/execute/execSetResults.php script:

428....

CVE-2014-7180 - ElectricCommander Local Privilege Escalation Sean Wright (Oct 23)
Classification: //Dell SecureWorks/Confidential - Limited External
Distribution:

############################################################################
######
# * Title: ElectricCommander Local Privilege Escalation
# * Advisory ID: SWRX-2014-010
# * Advisory
URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-20
14-010/
# * Date published: Wednesday, October 22, 2014
# * CVE: CVE-2014-7180
# * CVSS v2 base...

File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 23)
Document Title:
===============
File Manager v4.2.10 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1343

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1343

Common Vulnerability Scoring System:
====================================
9

Product & Service Introduction:...

Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability Vulnerability Lab (Oct 23)
Document Title:
===============
Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1222

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1222

Common Vulnerability Scoring System:
====================================
3

Product & Service Introduction:...

Incredible PBX remote command execution exploit Simo Ben youssef (Oct 22)
#!/usr/bin/perl
#
# Title: Incredible PBX remote command execution exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered: 1 September 2014
# Coded: 21 October 2014
# Published: 21 October 2014
# MorXploit Research
# http://www.MorXploit.com
# Vendor: PBX in a Flash
# Vendor url: http://pbxinaflash.net/
# Software: Incredible PBX 11
# Version: 2.0.6.5.0
# Product url: http://incrediblepbx.com/
# Download:...

Re: [oss-security] CVE request: remote code execution in Android CTS Mario Vilas (Oct 22)
Seems to me like it was. Also, wouldn't a user who can edit those files
also be able to, for example, patch the executable files as well? I haven't
actually checked the file permissions but it seems like a reasonable
assumption.

Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 22)
Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar, @_larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed in v2.7.2.
Full Advisory: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
CVE: 2014-8334,2014-8335
OSVDBID:...

Mulesoft ESB Authenticated Privilege Escalation Brandon Perry (Oct 22)
Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code
Execution

Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to
create an administrator user due to a lack of permissions check in the
handler/securityService.rpc endpoint. The following HTTP request can be
made by any authenticated user, even those with a single role of Monitor.

POST /mmc-3.5.1/handler/securityService.rpc HTTP/1.1

Host:...

File Manager v4.2.10 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 22)
Document Title:
===============
File Manager v4.2.10 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1343

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1343

Common Vulnerability Scoring System:
====================================
9

Product & Service Introduction:...

iFunBox Free v1.1 iOS - File Include Vulnerability Vulnerability Lab (Oct 22)
Document Title:
===============
iFunBox Free v1.1 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1344

Release Date:
=============
2014-10-20

Vulnerability Laboratory ID (VL-ID):
====================================
1344

Common Vulnerability Scoring System:
====================================
6.4

Product & Service Introduction:
===============================...

FileBug v1.5.1 iOS - Path Traversal Web Vulnerability Vulnerability Lab (Oct 21)
Document Title:
===============
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1342

Release Date:
=============
2014-10-15

Vulnerability Laboratory ID (VL-ID):
====================================
1342

Common Vulnerability Scoring System:
====================================
5.1

Product & Service Introduction:...

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities Vulnerability Lab (Oct 21)
Document Title:
===============
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1341

Release Date:
=============
2014-10-14

Vulnerability Laboratory ID (VL-ID):
====================================
1341

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:...

AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability Asterisk Security Team (Oct 20)
Asterisk Project Security Advisory - AST-2014-011

Product Asterisk
Summary Asterisk Susceptibility to POODLE Vulnerability
Nature of Advisory Unauthorized Data Disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Medium...

Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains) Jing Wang (Oct 20)
Domains:
http://lxr.mozilla.org/
http://mxr.mozilla.org/
(The two domains above are almost the same)

Websites information:
lxr.mozilla.org, mxr.mozilla.org are cross references designed to display
the Mozilla source code. The sources displayed are those that are currently
checked in to the mainline of the mozilla.org CVS server, Mercurial Server,
and Subversion Server; these pages are updated many times a day, so they
should be pretty close to...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]