Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 7 min 56 sec ago

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

2 August, 2016 - 04:14

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1882

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1882

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability

2 August, 2016 - 04:04

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1888

Video: http://www.vulnerability-lab.com/get_content.php?id=1892

Release Date:
=============
2016-08-02

Vulnerability Laboratory ID (VL-ID):
====================================
1888

Common Vulnerability Scoring System:...

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

2 August, 2016 - 04:01

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1891

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...

Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability

2 August, 2016 - 03:58

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1887

Release Date:
=============
2016-07-29

Vulnerability Laboratory ID (VL-ID):
====================================
1887

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...

FortiManager (Series) - Multiple Web Vulnerabilities

2 August, 2016 - 03:55

Posted by Vulnerability Lab on Aug 02

Document Title:
===============
FortiManager (Series) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1684

Fortinet PSIRT ID: 1624459

Release Notes 1: http://docs.fortinet.com/uploaded/files/2910/fortimanager-v5.4.0-release-notes.pdf
Release Notes 2: http://docs.fortinet.com/uploaded/files/2963/fortimanager-v5.2.6-release-notes.pdf
Release Notes 3:...

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin

1 August, 2016 - 07:45

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160724-0021...

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

1 August, 2016 - 04:31

Posted by Vulnerability Lab on Aug 01

Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1891

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...

Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

1 August, 2016 - 04:28

Posted by Vulnerability Lab on Aug 01

Document Title:
===============
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fortios-5.4.0-release-notes.pdf
Release Notes #2: http://docs.fortinet.com/uploaded/files/2861/fortios-v5.2.6-release-notes.pdf
Release Notes...

Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin

1 August, 2016 - 04:20

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
Stored Cross-Site Scripting vulnerability in WP Live Chat Support
WordPress Plugin
------------------------------------------------------------------------
Dennis Kerdijk <dennis.at.securelabs.nl> & Erwin Kievith
<erwin.at.securelabs.nl>, July 2016

------------------------------------------------------------------------
Abstract...

Cross-Site Scripting in Contact Bank WordPress Plugin

1 August, 2016 - 02:12

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
Cross-Site Scripting in Contact Bank WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Contact Bank...

SQL injection vulnerability in Booking Calendar WordPress Plugin

1 August, 2016 - 02:11

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
SQL injection vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------
Edwin Molenaar, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
An SQL injection vulnerability exists in the Booking...

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin

1 August, 2016 - 02:11

Posted by Summer of Pwnage on Aug 01

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------
Edwin Molenaar, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in...

Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA

31 July, 2016 - 07:40

Posted by Summer of Pwnage on Jul 31

------------------------------------------------------------------------
Multiple vulnerabilities in All In One WP Security & Firewall plugin
login CAPTCHA
------------------------------------------------------------------------
Sipke Mellema, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
The login CAPTCHA provided by the...

Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin

31 July, 2016 - 07:39

Posted by Summer of Pwnage on Jul 31

------------------------------------------------------------------------
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress
Plugin
------------------------------------------------------------------------
Bente Schopman, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple stored Cross-Site Scripting...

Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP

31 July, 2016 - 07:38

Posted by Summer of Pwnage on Jul 31

------------------------------------------------------------------------
Insert PHP WordPress Plugin allows authenticated user to execute
arbitrary PHP
------------------------------------------------------------------------
Marcel Vermeulen <vermeulen.mc.at.gmail.com> & Ed van der Vlies
<ecvdvlies.at.gmail.com>, July 2016

------------------------------------------------------------------------
Abstract...

ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities

29 July, 2016 - 05:11

Posted by Vulnerability Lab on Jul 29

Document Title:
===============
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1890

Release Date:
=============
2016-07-28

Vulnerability Laboratory ID (VL-ID):
====================================
1890

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...

Saveya Bounty #1 - Bypass & Persistent Vulnerability

28 July, 2016 - 05:05

Posted by Vulnerability Lab on Jul 28

Document Title:
===============
Saveya Bounty #1 - Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1857

SaveYa ID: 56

Acknowledgements: https://www.saveya.com/white-hat-program-acknowledgements

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
====================================
1857

Common Vulnerability Scoring System:...

Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities

28 July, 2016 - 05:02

Posted by Vulnerability Lab on Jul 28

Document Title:
===============
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1881

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
====================================
1881

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...

Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability

28 July, 2016 - 04:59

Posted by Vulnerability Lab on Jul 28

Document Title:
===============
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1886

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
====================================
1886

Common Vulnerability Scoring System:
====================================
4.5

Product & Service Introduction:...

Zortam Media Studio 20.60 - Buffer Overflow Vulnerability

28 July, 2016 - 04:57

Posted by Vulnerability Lab on Jul 28

Document Title:
===============
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1884

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
====================================
1884

Common Vulnerability Scoring System:
====================================
6.5

Product & Service Introduction:...