medyahaber.com XSS vulnerability

Vulnerable URL: http://medyahaber.com/ara.php?Kelime=asd"--...

[SECURITY] Fedora 22 Update: ipython-2.4.1-7.fc22

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

timbuk2.com XSS vulnerability

Vulnerable URL: http://www.timbuk2.com/search?cgid=root...

bdlive.co.za XSS vulnerability

Vulnerable URL: http://www.bdlive.co.za/search/asd"...

Low: Red Hat Bug Fix Advisory: xorg-x11-server bug fix and enhancement update

Updated xorg-x11-server packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed...

[SECURITY] Fedora 22 Update: php-horde-Horde-Core-2.20.6-1.fc22

These classes provide the core functionality of the Horde Application Framework...

imaks.su XSS vulnerability

Vulnerable URL: http://imaks.su/magazin/search?a=0by=%22%3E%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3B%3C%2Fscript%3Etext=%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3B%3C%2Fscript%3Eprice Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS...

SOL16945 - Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844

CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...

Apple Safari Multiple Vulnerabilities-01 (Jul 2015) - Mac OS X

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

NewStatPress <= 1.0.4 - SQL Injection

The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. PoC The...

WordPress Vulcan Theme XSS / Disclosure/ DoS

Hello list! Let's back to vulnerabilities, which I disclosed in April 2011, which can be used for DDoS attacks on other sites, e.g. with my DAVOSET http://seclists.org/fulldisclosure/2015/Jun/111. In addition to hundreds of themes, which I wrote about in previous years, here is another theme for...

Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass

Hello 3APA3A! Let's back to vulnerabilities, which I disclosed in April 2011, which can be used for DDoS attacks on other sites, e.g. with my DAVOSET http://seclists.org/fulldisclosure/2015/Jun/111. In addition to hundreds of themes, which I wrote about in previous years, here is another theme fo...

CVE-2015-3660

Cross-site scripting XSS vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content...

CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to...

Design/Logic Flaw

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cau...

CVE-2015-3660

Cross-site scripting XSS vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content...

CVE-2015-3660

This CVE (CVE-2015-3660) affects Safari/WebKit PDF rendering. Vulnerable if using Safari before 6.2.7, 7.x before 7.1.7, or 8.x before 8.0.7; an attacker can inject arbitrary script/HTML via a crafted URL in embedded PDF content (XSS). Remediation is to update to non-affected Safari/WebKit versio...

CVE-2015-3660

Cross-site scripting XSS vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content...

Massachusetts Institute of Technology（MIT）invention vulnerabilities automatically repair system-vulnerability warning-the black bar safety net

! In this month's Computer Society programming languages design and implementation Conference on the Association for Computing Machinery's Programming Language Design and Implementation, the MIT researchers demonstrated a new system, it is possible by introducing other, more security of applicati...

CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...