Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 16 min 28 sec ago

Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin

3 August, 2016 - 15:48

Posted by Summer of Pwnage on Aug 03

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in search function Activity Log
WordPress Plugin
------------------------------------------------------------------------
Edwin Molenaar, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability...

Cross-Site Scripting in WangGuard WordPress Plugin

2 August, 2016 - 13:48

Posted by Summer of Pwnage on Aug 02

------------------------------------------------------------------------
Cross-Site Scripting in WangGuard WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the WangGuard...

Cross-Site Scripting in Uji Countdown WordPress Plugin

2 August, 2016 - 13:48

Posted by Summer of Pwnage on Aug 02

------------------------------------------------------------------------
Cross-Site Scripting in Uji Countdown WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Uji Countdown...

WinSaber - Unquoted Service Path Privilege Escalation

2 August, 2016 - 04:17

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
WinSaber - Unquoted Service Path Privilege Escalation

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1879

Release Date:
=============
2016-07-29

Vulnerability Laboratory ID (VL-ID):
====================================
1879

Common Vulnerability Scoring System:
====================================
4.2

Product & Service Introduction:...

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

2 August, 2016 - 04:14

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1882

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1882

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability

2 August, 2016 - 04:04

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1888

Video: http://www.vulnerability-lab.com/get_content.php?id=1892

Release Date:
=============
2016-08-02

Vulnerability Laboratory ID (VL-ID):
====================================
1888

Common Vulnerability Scoring System:...

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

2 August, 2016 - 04:01

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1891

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...

Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability

2 August, 2016 - 03:58

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1887

Release Date:
=============
2016-07-29

Vulnerability Laboratory ID (VL-ID):
====================================
1887

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...

FortiManager (Series) - Multiple Web Vulnerabilities

2 August, 2016 - 03:55

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
FortiManager (Series) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1684

Fortinet PSIRT ID: 1624459

Release Notes 1: http://docs.fortinet.com/uploaded/files/2910/fortimanager-v5.4.0-release-notes.pdf
Release Notes 2: http://docs.fortinet.com/uploaded/files/2963/fortimanager-v5.2.6-release-notes.pdf
Release Notes 3:...

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin

1 August, 2016 - 07:45

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160724-0021...

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

1 August, 2016 - 04:31

Posted by Vulnerability Lab on Aug 01

Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1891

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...

Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

1 August, 2016 - 04:28

Posted by Vulnerability Lab on Aug 01

Document Title:
===============
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fortios-5.4.0-release-notes.pdf
Release Notes #2: http://docs.fortinet.com/uploaded/files/2861/fortios-v5.2.6-release-notes.pdf
Release Notes...

Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin

1 August, 2016 - 04:20

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
Stored Cross-Site Scripting vulnerability in WP Live Chat Support
WordPress Plugin
------------------------------------------------------------------------
Dennis Kerdijk <dennis.at.securelabs.nl> & Erwin Kievith
<erwin.at.securelabs.nl>, July 2016

------------------------------------------------------------------------
Abstract...

Cross-Site Scripting in Contact Bank WordPress Plugin

1 August, 2016 - 02:12

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
Cross-Site Scripting in Contact Bank WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Contact Bank...

SQL injection vulnerability in Booking Calendar WordPress Plugin

1 August, 2016 - 02:11

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
SQL injection vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------
Edwin Molenaar, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
An SQL injection vulnerability exists in the Booking...

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin

1 August, 2016 - 02:11

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------
Edwin Molenaar, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in...

Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA

31 July, 2016 - 07:40

Posted by Summer of Pwnage on Jul 31

------------------------------------------------------------------------
Multiple vulnerabilities in All In One WP Security & Firewall plugin
login CAPTCHA
------------------------------------------------------------------------
Sipke Mellema, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
The login CAPTCHA provided by the...

Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin

31 July, 2016 - 07:39

Posted by Summer of Pwnage on Jul 31

------------------------------------------------------------------------
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress
Plugin
------------------------------------------------------------------------
Bente Schopman, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple stored Cross-Site Scripting...

Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP

31 July, 2016 - 07:38

Posted by Summer of Pwnage on Jul 31

------------------------------------------------------------------------
Insert PHP WordPress Plugin allows authenticated user to execute
arbitrary PHP
------------------------------------------------------------------------
Marcel Vermeulen <vermeulen.mc.at.gmail.com> & Ed van der Vlies
<ecvdvlies.at.gmail.com>, July 2016

------------------------------------------------------------------------
Abstract...

ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities

29 July, 2016 - 05:11

Posted by Vulnerability Lab on Jul 29

Document Title:
===============
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1890

Release Date:
=============
2016-07-28

Vulnerability Laboratory ID (VL-ID):
====================================
1890

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...