CVE-2016-4253

CVE-2016-4253 affects Adobe Experience Manager: backup functionality in versions 5.6.1, 6.0, 6.1, and 6.2 is reported to disclose sensitive information via unspecified vectors. Connected sources corroborate an information-disclosure issue in the Backup feature. The CNVD entry explicitly states th...

NUUO NVRmini 2 3.0.8 - Remote Code Execution

NUUO NVRmini 2 3.0.8 - Remote Code Execution !/usr/bin/env python NUUO Remote Root Exploit Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with...

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery Add Admin input type="hidden" name="password2" value=...

NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion

NUUO Arbitrary File Deletion Vulnerability Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: ================================================================== Tested on: GNU/Linux 3.0.8 armv7l GNU/Linux 2.6.31.8 armv5tel lighttpd/1.4.28 PHP/5.5.3 Vulnerability discovered...

CVE-2016-3838

Android 6.x before 2016-08-01 allows attackers to cause a denial of service loss of locked-screen 911 functionality via a crafted application that uses the app-pinning feature, aka internal bug 28761672...

CVE-2016-3838

Android 6.x before 2016-08-01 allows attackers to cause a denial of service loss of locked-screen 911 functionality via a crafted application that uses the app-pinning feature, aka internal bug 28761672...

Code injection

Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service loss of Bluetooth 911 functionality via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210...

CVE-2016-3838

Android 6.x before 2016-08-01 allows attackers to cause a denial of service loss of locked-screen 911 functionality via a crafted application that uses the app-pinning feature, aka internal bug 28761672...

CVE-2016-3838

CVE-2016-3838 affects Android 6.x prior to 2016-08-01. The issue is a denial-of-service in which a crafted application using the app-pinning feature can cause loss of the locked-screen 911 functionality (internal bug 28761672). Connected sources corroborate the vulnerability as described in CVE r...

megamedia.pl XSS vulnerability

Vulnerable URL: http://www.megamedia.pl/szukaj.php?n=t=x" onmouseover=promptOPENBUGBOUNTY " Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 393123 VIP website status:| No Check...

Gratipay: Content Spoofing/Text Injection

Researcher @ahsantahir reported a content spoofing on the search functionality. The search query was displayed in the page, but without any prefix. We added "Results for:", so nobody can be misinformed. This has been fixed in the last version and the fix is now deployed. Thanks for making Gratipa...

[SECURITY] Fedora 23 Update: kf5-kross-5.24.0-1.fc23

Kross is a scripting bridge to embed scripting functionality into an application. It supports QtScript as a scripting interpreter backend...

[SECURITY] Fedora 23 Update: kf5-bluez-qt-5.24.0-1.fc23

BluezQt is Qt-based library written handle all Bluetooth functionality...

[SECURITY] Fedora 23 Update: kf5-baloo-5.24.0-1.fc23

A Tier 3 KDE Frameworks 5 module that provides indexing and search function ality...

[SECURITY] Fedora 24 Update: kf5-baloo-5.24.0-1.fc24

A Tier 3 KDE Frameworks 5 module that provides indexing and search function ality...

[SECURITY] Fedora 24 Update: kf5-bluez-qt-5.24.0-1.fc24

BluezQt is Qt-based library written handle all Bluetooth functionality...

90minut.pl XSS vulnerability

Vulnerable URL: http://www.90minut.pl/szukaj.php?tekst=Legia%25...

Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

ruilen.nl XSS vulnerability

Vulnerable URL: https://www.ruilen.nl/advertenties/zoeken.php?list=1=0==" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1837734 VIP website status:| No Check ruilen.nl SSL...

SQL injection attack

PMASA-2016-40 Announcement-ID: PMASA-2016-40 Date: 2016-07-14 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this...