6680 matches found
directnic.com XSS vulnerability
Vulnerable URL: https://directnic.com/search?query=0'"...
Symfony PHP Framework Session Fixation
Advisory: Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality A session fixation vulnerability within the Symfony web application framework's "Remember Me" login functionality allows an attacker to impersonate the victim towards the web application if the session ID value...
Pro PoS Malware Simple, But Less Sophisticated Than Initially Thought
A strain of point-of-sale malware that began making the rounds on underground markets late last month is easy to use, but less sophisticated than initial reports suggested. According to researchers at Talos, Cisco’s research division, Pro PoS is mostly built on Alina, another type of POS malware...
bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability
bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability. Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: Novemb...
CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties
Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this...
Moderate: Red Hat Bug Fix Advisory: pcre bug fix update
Updated pcre packages that fix several bugs are now available for Red Hat Enterprise Linux 7. PCRE is a Perl-compatible regular expression library. This update fixes the following bugs: Previously, non-matched groups within capturing groups up to a forced match were not being properly reset by...
D-Link DIR-815 Buffer Overflow / Command Injection Vulnerabilities
D-Link DIR-815 suffers from buffer overflow and command injection vulnerabilities. Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown , Patrick Cline email protected CVE: None Note: All these security issues have been...
D-Link DIR-615 Buffer Overflow Vulnerability
D-Link DIR-615 suffers from multiple buffer overflow vulnerabilities. Title: Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality Vendors contacted: William Brown , Patrick Cline email protected CVE: None Note: All these security issues have been discussed with the...
D-Link DGL5500 - HNAP Buffer Overflow
D-Link DGL5500 - HNAP Buffer Overflow Advisory Information Title: DGL5500 Un-Authenticated Buffer overflow in HNAP functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor...
D-Link DIR-601 - Command Injection
D-Link DIR-601 - Command Injection Advisory Information Title: DIR-601 Command injection in ping functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they...
D-Link DIR-601 Command Injection
Advisory Information Title: DIR-601 Command injection in ping functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email...
D-Link DIR-818W - Multiple Vulnerabilities
Advisory Information Title: DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated...
D-Link DIR-825 (vC) - Multiple Vulnerabilities
Advisory Information Title: DIR-825 vC Buffer overflows in authentication,HNAP and ping functionalities. Also a directory traversal issue exists which can be exploited Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been...
D-Link DGL5500 - HNAP Buffer Overflow
Advisory Information Title: DGL5500 Un-Authenticated Buffer overflow in HNAP functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues a...
WordPress i1.wp.com Functionality Abuse
Exploit Title: Wordpress i1.wp.com Abuse of Functionality Date: Nov 12th 2015 WASC: WASC-42 Exploit Author: Andrea Menin github.com/theMiddleBlue/ Video: https://www.youtube.com/watch?v=6g2khjbflmA Description: ------------ Abuse of Functionality is an attack technique that uses a web site's own...
CVE-2015-8007
The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification...
CVE-2015-8007
The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification...
CentOS Update for kernel CESA-2015:1978 centos7
Check the version of kernel SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882322";...
iBackDoor: High-Risk Code Hits iOS Apps
Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...