SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by ISecAuditors Security Advisories on Mar 26

=============================================
INTERNET SECURITY AUDITORS ALERT 2013-001
- Original release date: January 30th, 2013
- Last revised: March 25th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Score)
=============================================

I. VULNERABILITY
-------------------------
CSRF vulnerability in LinkedIn

II. BACKGROUND
-------------------------
LinkedIn is a social networking service and...

Posted by Michael Gilbert on Mar 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-2652-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
March 24, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxml2
Vulnerability : external entity expansion
Problem...

Posted by Eric Urban on Mar 25

Rose will just responds to me with engrish when I email them. I have no
point of contact for hi silicon. I would gladly assist the manufacturer in
addressing this hole if put into contact with the right people.

Posted by Henri Salo on Mar 25

You can report next issue to the plugins<snip>wordpress.org address and they will
remove the plugin from showing up in plugin index site[1] or whatever it is
called and users can't install it using WordPress administrator-interface before
developer of the plugin has fixed the vulnerability. I will send the
plugins-guys email right now to get the process on-going. You can also directly
contact me in case you need help coordinating...

Posted by Henri Salo on Mar 25

Did you report this to the vendor?

Posted by Eric Urban on Mar 25

I have been hacking on a Rosewill RSVA11001 for a while now, something to
suck up my free time. I had pulled apart the firmware previously but did
not succeed in finding a way to get a shell on the device. The box is
Hi3515 based, I found an exploit for another similar box (Ray Sharp) but it
did not work. The Rosewill firmware seems to use an executable that listens
on two ports rather one when communicating with the Windows-based control...

Posted by Paul Dart on Mar 25

Hi all,

Could whoever has access to the Google Calendar update it for tomorrow's
meeting please (before they stop the service ;-)

Thanks and see you all tomorrow,

Paul

Posted by Fernando A. Lagos B. on Mar 25

I. Background
--------------
[-] Affected plugin: WP Banners Lite
[-] Plugin Description: The plugin easily allows you to manage ad
banners on your site.
[-] Plugin URL: http://wordpress.org/extend/plugins/wp-banners-lite/
[-] Tested Version: 1.29, 1.31, 1.40
[-] Reported: YES - but no answer
[-] Report Date: 03/12/13
[-] Published:
http://blog.zerial.org/seguridad/vulnerabilidad-en-plugin-para-wordpress-afecta-a-mas-de-200-sitios/

II. Details...

Posted by sergio on Mar 25

Posted by MustLive on Mar 24

Hello list!

In February I've wrote about Cross-Site Scripting vulnerabilities in
ZeroClipboard and multiple web applications. This is additional information
on this topic.

XSS vulnerabilities in ZeroClipboard
http://securityvulns.ru/docs29105.html
XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for
Piwigo, TAO and TableTools for DataTables for jQuery
http://securityvulns.ru/docs29104.html
XSS vulnerabilities in...

Posted by Rob Armstrong on Mar 24

#
#
# Backupbuddy - sensitive data exposure in importbuddy.php
#
# "the premiere WordPress backup plugin to backup, restore and move
WordPress"
# http://ithemes.com/purchase/backupbuddy/
#
# known versions affected: v1.3.4, v2.1.4, v2.2.25, v2.2.28, v2.2.4, likely
other versions also
#
# impact:
# access to wordpress site and sql backups
# disclosure of server configuration information
#
# author: robarmstrong.te71 () gmail...

Posted by metropolis haxor on Mar 24

Hi guys,
You can find the software affected at http://www.jaow.net/uploads/jaow_2.4.8.zip
Thanks,

Metropolis
###########################################
#
# Script Name : JAOW 2.4.8
#
# Version : 2.4.8
#
# Bug Type : XSS vulnerability
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered : 23/03/2013
#
# Download app : http://www.jaow.net/uploads/jaow_2.4.8.zip
#
# Google search : Propuls� par Jaow 2.4.8 -
#...