Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 2 min 54 sec ago

[CVE-2016-3659]Cacti graph_view.php SQL Injection Vulnerability

4 April, 2016 - 12:50

Posted by xiaotian.wang () dbappsecurity com cn on Apr 04


[SE-2012-01] Broken security fix in IBM Java 7/8

4 April, 2016 - 12:50

Posted by Security Explorations on Apr 04

Hello All,

Those concerned about security of IBM Java [1] may find this post
interesting.

We discovered that a fix for a security vulnerability (Issue 67)
[2] we reported to the company in May 2013 didn't address the
problem properly.

This is the 6th instance of a broken patch we encountered from
IBM. Previously, the company failed to address 4 other issues
(with one of them improperly patched for two times in a row).

Similarly to...

FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability

4 April, 2016 - 06:40

Posted by Vulnerability Lab on Apr 04

Document Title:
===============
FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename)
Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Date:
=============
2016-04-04

Vulnerability Laboratory ID (VL-ID):
====================================
1687

Common Vulnerability Scoring System:...

Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability

4 April, 2016 - 06:33

Posted by Vulnerability Lab on Apr 04

Document Title:
===============
Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1810

Release Date:
=============
2016-04-04

Vulnerability Laboratory ID (VL-ID):
====================================
1810

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:...

Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability

4 April, 2016 - 06:32

Posted by Vulnerability Lab on Apr 04

Document Title:
===============
Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1808

Release Date:
=============
2016-04-01

Vulnerability Laboratory ID (VL-ID):
====================================
1808

Common Vulnerability Scoring System:
====================================
3

Product & Service Introduction:...

Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability

31 March, 2016 - 07:08

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1806

Release Date:
=============
2016-03-31

Vulnerability Laboratory ID (VL-ID):
====================================
1806

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...

Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability

31 March, 2016 - 07:05

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1694

Trand Micro ID: 1-1-1035080936

Release Date:
=============
2016-03-31

Vulnerability Laboratory ID (VL-ID):
====================================
1694

Common Vulnerability Scoring System:
====================================
6.5

Product &...

Dorsa Web CMS - Multiple SQL Injection Vulnerabilities

31 March, 2016 - 06:49

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
Dorsa Web CMS - Multiple SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1807

Release Date:
=============
2016-03-31

Vulnerability Laboratory ID (VL-ID):
====================================
1807

Common Vulnerability Scoring System:
====================================
7

Product & Service Introduction:...

Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities

31 March, 2016 - 06:48

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1804

Release Date:
=============
2016-03-30

Vulnerability Laboratory ID (VL-ID):
====================================
1804

Common Vulnerability Scoring System:
====================================
7.5

Product & Service Introduction:...

Docker UI v0.10.0 - Multiple Persistent Vulnerabilities

31 March, 2016 - 06:46

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
Docker UI v0.10.0 - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1803

Release Date:
=============
2016-03-29

Vulnerability Laboratory ID (VL-ID):
====================================
1803

Common Vulnerability Scoring System:
====================================
3.7

Product & Service Introduction:...

Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities

31 March, 2016 - 06:45

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web
Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1802

Release Date:
=============
2016-03-28

Vulnerability Laboratory ID (VL-ID):
====================================
1802

Common Vulnerability Scoring System:
====================================
2.9

Product & Service...

WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities

31 March, 2016 - 06:43

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1788

Release Date:
=============
2016-03-23

Vulnerability Laboratory ID (VL-ID):
====================================
1788

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Hi Technology & Services CMS - SQL Injection Vulnerabilities

31 March, 2016 - 06:42

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
Hi Technology & Services CMS - SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1785

Release Date:
=============
2016-03-22

Vulnerability Laboratory ID (VL-ID):
====================================
1785

Common Vulnerability Scoring System:
====================================
7.4

Product & Service Introduction:...

Patron Info System - SQL Injection Vulnerability

31 March, 2016 - 06:40

Posted by Vulnerability Lab on Mar 31

Document Title:
===============
Patron Info System - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1784

Release Date:
=============
2016-03-21

Vulnerability Laboratory ID (VL-ID):
====================================
1784

Common Vulnerability Scoring System:
====================================
7.6

Product & Service Introduction:
===============================...

PayPal Bug Bounty #121 - (Profile) Filter Bypass & Persistent Web Vulnerability

30 March, 2016 - 05:19

Posted by Vulnerability Lab on Mar 30

Document Title:
===============
PayPal Bug Bounty #121 - (Profile) Filter Bypass & Persistent Web
Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1627

ID: EIBBP-32725

Video: http://www.vulnerability-lab.com/get_content.php?id=1697

Release Date:
=============
2016-03-30

Vulnerability Laboratory ID (VL-ID):
====================================
1627

Common Vulnerability Scoring...

APPLE-SA-2016-03-21-7 OS X Server 5.1

23 March, 2016 - 17:41

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-7 OS X Server 5.1

OS X Server 5.1 is now available and addresses the following:

Server App
Available for: OS X Yosemite v10.10.5 and later
Impact: An administrator may unknowingly store backups on a volume
without permissions enabled
Description: An issue in Time Machine server did not properly warn
administrators if permissions were ignored when performing a server
backup. This issue was addressed through improved...

APPLE-SA-2016-03-21-6 Safari 9.1

23 March, 2016 - 17:41

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-6 Safari 9.1

Safari 9.1 is now available and addresses the following:

libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762

Safari...

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002

23 March, 2016 - 17:41

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update
2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available
and addresses the following:

apache_mod_php
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions...

APPLE-SA-2016-03-21-4 Xcode 7.3

23 March, 2016 - 17:41

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-4 Xcode 7.3

Xcode 7.3 is now available and addresses the following:

otool
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes
(@squiffy)

subversion...

APPLE-SA-2016-03-21-3 tvOS 9.2

23 March, 2016 - 17:41

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-3 tvOS 9.2

tvOS 9.2 is now available and addresses the following:

FontParser
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's...