Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 15 min 15 sec ago

Cross-Site Scripting vulnerability in Master Slider WordPress Plugin

12 July, 2016 - 11:36

Posted by Summer of Pwnage on Jul 12

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...

Cross-Site Scripting vulnerability in Email Users WordPress Plugin

12 July, 2016 - 11:35

Posted by Summer of Pwnage on Jul 12

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Email Users WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the...

Persistent Cross-Site Scripting in WordPress Activity Log plugin

11 July, 2016 - 14:45

Posted by Summer of Pwnage on Jul 11

------------------------------------------------------------------------
Persistent Cross-Site Scripting in WordPress Activity Log plugin
------------------------------------------------------------------------
Han Sahin, July 2016

https://sumofpwn.nl/advisory/2016/activity-log-plugin.png

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A...

Persistent Cross-Site Scripting in WP Live Chat Support plugin

11 July, 2016 - 09:53

Posted by Securify B.V. on Jul 11

------------------------------------------------------------------------
Persistent Cross-Site Scripting in WP Live Chat Support plugin
------------------------------------------------------------------------
Han Sahin, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A persistent Cross-Site Scripting (XSS) vulnerability has been...

Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin

10 July, 2016 - 01:46

Posted by Summer of Pwnage on Jul 09

------------------------------------------------------------------------
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
------------------------------------------------------------------------
David Vaartjes, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A stored Cross-Site Scripting vulnerability was...

Ultimate Member Local File Inclusion vulnerability

10 July, 2016 - 01:41

Posted by Summer of Pwnage on Jul 09

------------------------------------------------------------------------

Ultimate Member Local File Inclusion vulnerability

------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

Abstract

------------------------------------------------------------------------

It was discovered that Ultimate Member is vulnerable to PHP File...

BMW ConnectedDrive - (Update) VIN Session Vulnerability

8 July, 2016 - 03:29

Posted by Vulnerability Lab on Jul 08

Document Title:
===============
BMW ConnectedDrive - (Update) VIN Session Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1736

Release Date:
=============
2016-07-07

Vulnerability Laboratory ID (VL-ID):
====================================
1736

Common Vulnerability Scoring System:
====================================
6

Product & Service Introduction:...

BMW - (Token) Client Side Cross Site Scripting Vulnerability

8 July, 2016 - 03:27

Posted by Vulnerability Lab on Jul 08

Document Title:
===============
BMW - (Token) Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1737

Release Date:
=============
2016-07-06

Vulnerability Laboratory ID (VL-ID):
====================================
1737

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...

[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability

7 July, 2016 - 10:56

Posted by Egidio Romano on Jul 07

---------------------------------------------------------------------------
IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
---------------------------------------------------------------------------

[-] Software Link:

https://invisionpower.com/

[-] Affected Versions:

Version 4.1.12.3 and prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the...

CODEBLUE.JP - Conference in Tokyo Calling for Papers by Aug.10

7 July, 2016 - 10:04

Posted by CFP on Jul 07

Dear all,

CODE BLUE in Tokyo is looking for innovative and creative research topics
regarding to security to be presented at the conference.

We are calling for U24 submissions while General/Tech submissions.

CODE BLUE is an international conference in Tokyo with the cutting egdes
talks from all over the world, and is a place for all participants to
exchange information and interact beyond borders and languages.

We will support the travel...

Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648)

7 July, 2016 - 10:04

Posted by David Coomber on Jul 07

Acer Portal Android Application - MITM SSL Certificate Vulnerability
(CVE-2016-5648)

Zero-day flaw lets hackers tamper with your car through BMW portal

7 July, 2016 - 10:02

Posted by Vulnerability Lab on Jul 07

Title: Zero-day flaw lets hackers tamper with your car through BMW portal

URL:
http://www.zdnet.com/article/hackers-can-tamper-with-car-registration-through-bmw-connected-car-portal/