Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 1 min 33 sec ago

Daily Edition theme for WordPress

4 April, 2016 - 12:50

Posted by MustLive on Apr 04

Hello!

In October I wrote you about vulnerability in the plugin for WordPress,
which was 100% repeat of my vulnerability, which I disclosed in 2010. And
here is another case, now with theme for WordPress.

Concerning this advisory about Daily Edition at security mailing lists:
https://packetstormsecurity.com/files/130753/WordPress-Daily-Edition-Theme-1.6.2-Path-Disclosure.html
http://seclists.org/fulldisclosure/2015/Mar/57

Wang Jing disclosed...

DotCMS injection Vulnerability

4 April, 2016 - 12:50

Posted by p0x2015 on Apr 04

Hello,please Add the following to the security mailing-lists.

1??Description

Exploit Title: SQL Injection Vulnerability in DotCms v3.3

Date: 3-28-2016

Vendor Homepage: http://dotcms.com/

Vendor: dotcms

Software: Content Management System

Version: v3.3

CVE:CVE-2016-3688

2??Product Summary

================

dotcms is a fully featured open source enterprise grade J2EE/Java based web content management system for
building/managing...

[CVE-2016-3659]Cacti graph_view.php SQL Injection Vulnerability

4 April, 2016 - 12:50

Posted by xiaotian.wang () dbappsecurity com cn on Apr 04


[SE-2012-01] Broken security fix in IBM Java 7/8

4 April, 2016 - 12:50

Posted by Security Explorations on Apr 04

Hello All,

Those concerned about security of IBM Java [1] may find this post
interesting.

We discovered that a fix for a security vulnerability (Issue 67)
[2] we reported to the company in May 2013 didn't address the
problem properly.

This is the 6th instance of a broken patch we encountered from
IBM. Previously, the company failed to address 4 other issues
(with one of them improperly patched for two times in a row).

Similarly to...

FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability

4 April, 2016 - 06:40

Posted by Vulnerability Lab on Apr 04

Document Title:
===============
FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename)
Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Date:
=============
2016-04-04

Vulnerability Laboratory ID (VL-ID):
====================================
1687

Common Vulnerability Scoring System:...

Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability

4 April, 2016 - 06:33

Posted by Vulnerability Lab on Apr 04

Document Title:
===============
Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1810

Release Date:
=============
2016-04-04

Vulnerability Laboratory ID (VL-ID):
====================================
1810

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:...

Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability

4 April, 2016 - 06:32

Posted by Vulnerability Lab on Apr 04

Document Title:
===============
Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1808

Release Date:
=============
2016-04-01

Vulnerability Laboratory ID (VL-ID):
====================================
1808

Common Vulnerability Scoring System:
====================================
3

Product & Service Introduction:...