Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 2 min 41 sec ago

MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis

25 November, 2016 - 05:18

Posted by Ajin Abraham on Nov 25

Hello Folks,

MobSF v0.9.3 is released.

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS/Windows) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android, iOS and
Windows mobile Applications and supports both binaries (APK, IPA &
APPX ) and zipped source code. MobSF can also...

[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler

24 November, 2016 - 10:45

Posted by RedTeam Pentesting GmbH on Nov 24

Advisory: Less.js: Compilation of Untrusted LESS Files May Lead to Code
Execution through the JavaScript Less Compiler

RedTeam Pentesting discovered behaviour in the Less.js compiler,
which allows execution of arbitrary code if an untrusted LESS file is
compiled.

Details
=======

Product: Less Compiler
Affected Versions: probably all versions
Fixed Versions: none
Vulnerability Type: Code Execution
Security Risk: low
Vendor URL:...

Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin

23 November, 2016 - 13:39

Posted by Summer of Pwnage on Nov 23

------------------------------------------------------------------------
Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin
------------------------------------------------------------------------
Sipke Mellema, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A persistent Cross-Site Scripting vulnerability was...