Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 14 min 10 sec ago

CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning

6 May, 2016 - 07:28

Posted by Lab I-Tracing on May 06

=============================================
Web Server Cache Poisoning in CMS Made Simple
=============================================

CVE-2016-2784

Product Description
===================

CMS Made Simple is a great tool with many plugins to publish content on the Web. It aims to
be simple to use by end users and to provide a secure and robust website.

Website: http://www.cmsmadesimple.org/

Description
===========

A remote...

Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting

6 May, 2016 - 07:28

Posted by Julien Ahrens on May 06

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Swagger Editor
Vendor URL: https://github.com/swagger-api/swagger-editor
Type: Cross-Site Scripting [CWE-79]
Date found: 2015-04-07
Date published: 2016-05-03
CVSSv3 Score: 6.3 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien...

NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities

6 May, 2016 - 07:28

Posted by Bhadresh Patel on May 06

Title:
====

NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities

Credit:
======

Name: Bhadresh Patel
Company/affiliation: HelpAG
Website: www.helpag.com

CVE:
=====

CVE-2015-6023, CVE-2016-6024

Date:
====

03-05-2016 (dd/mm/yyyy)

Vendor:
======

NetComm Wireless is a leading developer and supplier of high performance
communication devices that connect businesses and people to the internet.

Products and services:...

APPLE-SA-2016-05-03-1 Xcode 7.3.1

6 May, 2016 - 07:26

Posted by Apple Product Security on May 06

APPLE-SA-2016-05-03-1 Xcode 7.3.1

Xcode 7.3.1 is now available and addresses the following:

Git
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A heap-based buffer overflow issue existed in the
handling of filenames. This issue was addressed by updating git to
version 2.7.4.
CVE-ID
CVE‑2016‑2315
CVE‑2016‑2324

Xcode 7.3.1 may be obtained from:...