Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 6 min 13 sec ago

FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

15 June, 2016 - 02:58

Posted by Vulnerability Lab on Jun 15

Document Title:
===============
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fortios-5.4.0-release-notes.pdf
Release Notes #2: http://docs.fortinet.com/uploaded/files/2861/fortios-v5.2.6-release-notes.pdf
Release Notes #3:...

CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder

14 June, 2016 - 08:55

Posted by ljj on Jun 14

Title: CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder
Author: lukasz.juszczyk at ingservicespolska.pl
Date: 25.03.2016

Affected software :
=============
nGrinder v3.3
http://naver.github.io/ngrinder/

Description :
=============
nGrinder is a platform for stress tests that enables you to execute script creation, test execution, monitoring, and
result report generator simultaneously. The open-source nGrinder offers easy...

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

14 June, 2016 - 08:07

Posted by Vulnerability Lab on Jun 14

Document Title:
===============
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852

Release Date:
=============
2016-05-25

Vulnerability Laboratory ID (VL-ID):
====================================
1852

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:...

Samsung SW Update - Insecure ACLs on SW Update Service Directory - EoP Vulnerability

13 June, 2016 - 11:51

Posted by Benjamin Gnahm on Jun 13

Blue Frost Security GmbH
https://www.bluefrostsecurity.de/
research(at)bluefrostsecurity.de
BFS-SA-2016-003
25-April-2016

nagios phishing vector & xss

13 June, 2016 - 11:51

Posted by randomsec guy on Jun 13

corewindow can be used to phish users:
http://jdoe:jdoe () nagioscore demos nagios com/nagios/index.php?corewindow=http://wikipedia.com

also to perform xss:
http://jdoe:jdoe () nagioscore demos nagios
com/nagios/index.php?corewindow=javascript://zz%250a;onload=alert(document.domain)//

FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability

13 June, 2016 - 09:50

Posted by Vulnerability Lab on Jun 13

Document Title:
===============
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1853

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
====================================
1853

Common Vulnerability Scoring System:
====================================
5.1

Product & Service Introduction:...

CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability

13 June, 2016 - 09:44

Posted by Vulnerability Lab on Jun 13

Document Title:
===============
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1856

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
====================================
1856

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

SQL Injection Vulnerabilities found in European Commisssion & European Parliament

8 June, 2016 - 09:55

Posted by Vulnerability Lab on Jun 08

Press|News: (SecurityWeek) Researchers have discovered several SQL
injection vulnerabilities in the websites of the European Parliament and
the European Commission — both hosted on the official domain of the
European Union (europa.eu).

URL:
http://www.securityweek.com/sql-injection-flaws-found-european-union-websites

Microsoft Education - Code Execution Vulnerability

7 June, 2016 - 10:15

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Microsoft Education - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1669

MSRC Case: 32314
TRK: 0001002809

Research Article: http://www.kieranclaessens.be/uncategorized/microsoft-education-remote-code-execution/

Release Date:
=============
2016-06-07

Vulnerability Laboratory ID (VL-ID):
====================================
1669...

Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability

7 June, 2016 - 10:14

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1854

Release Date:
=============
2016-06-07

Vulnerability Laboratory ID (VL-ID):
====================================
1854

Common Vulnerability Scoring System:
====================================
7.5

Product & Service Introduction:...

Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability

7 June, 2016 - 10:12

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1855

Release Date:
=============
2016-06-06

Vulnerability Laboratory ID (VL-ID):
====================================
1855

Common Vulnerability Scoring System:
====================================
2.5

Product & Service Introduction:...

Mapbox (API) - Filter Bypass & Persistent Vulnerability

7 June, 2016 - 10:09

Posted by Vulnerability Lab on Jun 07

Document Title:
===============
Mapbox (API) - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1787

ID: #119802

Release Date:
=============
2016-06-06

Vulnerability Laboratory ID (VL-ID):
====================================
1787

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...