CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

[SECURITY] Fedora 22 Update: abrt-2.6.0-1.fc22

abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality...

Cross site scripting

Cross-site scripting XSS vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the posttitle parameter to wp-admin/post-new.php, which is not properly handled in the snippet preview...

Cross-site request forgery (CSRF) vulnerability in Spina gem

"Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management."...

Oracle Linux 5 : kernel (ELSA-2015-1042)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1042 advisory. - fs pipe: fix pipe corruption and iovec overrun on partial copy Mateusz Guzik 1203787 CVE-2015-1805 Tenable has extracted the preceding description block...

SOL16704 - cURL and libcurl vulnerability CVE-2015-3143

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column...

ElasticSearch exposure local arbitrary file read vulnerability, impact 1. 4. 5 and 1. 5. Before 2 all versions-bug warning-the black bar safety net

! Recently in exploit-db on the aerator out of the ElasticSearch plug-in functionality directory traversal Path Transversal cause local arbitrary file read vulnerability, impact 1. 4. 5 and 1. 5. Before 2 All version. In zoomeye on casually looking for a few tried, found vulnerabilities in the ar...

Hikvision DS-7108HWI-SH XML Injection / Abuse Issues

Hello list! There are vulnerabilities in Hikvision DS-7108HWI-SH. These are XML Injection, Abuse of Functionality and Brute Force vulnerabilities. All these vulnerabilities are present in other IP cameras and DVR of Hikvision. ------------------------- Affected vendors: -------------------------...

SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2013:0674-1)

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : CVE-2013-0871: A race condition in ptrace2 could be used by local attackers to crash the kernel and/or execute code in kernel context...

Hikvision DS-2CD2012-I XML Injection / Abuse Issues

Hello list! There are vulnerabilities in Hikvision DS-2CD2012-I. These are XML Injection, Abuse of Functionality and Brute Force vulnerabilities. All these vulnerabilities are present in other IP cameras and DVR of Hikvision. ------------------------- Affected vendors: -------------------------...

openSUSE Security Update : gnu_parallel (openSUSE-2015-358)

GNU parallel was updated to version 20150422 to fix one security issue, several bugs and add functionality. The following vulnerability was fixed : - A local attacker could make a user overwrite one of his own files with a single byte when using --compress, --tmux, --pipe, --cat or --fifo when...

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

[SECURITY] Fedora 22 Update: gnupg2-2.1.2-2.fc22

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Novell ZENworks Preboot Policy Service Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within ZENworks Preboot Policy Service, which listens on port 13331. The vulnerability is in...

CVE-2014-9718

The 1 BMDMA and 2 AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service memory consumption or infinite loop, and system crash via a PRDT with zero complete...

CVE-2014-9718

The 1 BMDMA and 2 AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service memory consumption or infinite loop, and system crash via a PRDT with zero complete...

UBUNTU-CVE-2014-9718

The 1 BMDMA and 2 AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service memory consumption or infinite loop, and system crash via a PRDT with zero complete...

Moodle 2.0.x < 2.0.5 / 2.1.x < 2.1.2 Multiple Vulnerabilities

Binary data 8713.prm...

Unspecified Vulnerability in Oracle PeopleSoft Product PeopleSoft Enterprise PeopleTools Component

Oracle PeopleSoft is a suite of enterprise human capital management solutions.PeopleSoft Enterprise PeopleTools is a tool and technology platform component that transforms the way organizations manage, use, and maintain PeopleSoft software. An unspecified security vulnerability exists in the PIA...

CVE-2015-0496

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality...