Server: CSRF in "bookmarks" application

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

Apple iOS 8.1.1 Fixes Several Code-Execution Flaws

Apple has patched 10 vulnerabilities in iOS, including a pair of bugs that allowed arbitrary code execution and one that enables an attacker to run random binaries on a target device. The patches come in iOS 8.1.1, a small update to the company’s mobile operating system. There are several serious...

[SECURITY] Fedora 19 Update: konversation-1.5.1-1.fc19

A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more...

CentOS 6 : xorg-x11-server (CESA-2013:1620)

Updated xorg-x11-server packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...

libvncserver security update

CentOS Errata and Security Advisory CESA-2014:1826 Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS ba...

Stuxnet's First Five Victims Provided Path to Natanz

Stuxnet’s first five victims were a carefully crafted list of targets that ultimately provided the attackers with the road map they needed to get inside a uranium enrichment plant in Natanz, Iran and disrupt the country’s nuclear program. Cobbled together from clues left behind by the infamous...

Vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

D-Link DAP-1360 suffers from cross site request forgery, abuse of functionality, and brute force vulnerabilities. There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This mod...

CVE-2014-6635

Cross-site scripting XSS vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php...

CVE-2014-7298

adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality...

CVE-2014-7298

CVE-2014-7298 affects Centrify Server Suite (2008–2014.1) and Centrify DirectControl (3.x–4.2.0) on Linux/Unix. The root cause is improperly protected setuid functionality in adsetgroups, allowing local users to read arbitrary files with root privileges. The documents do not provide exploitation ...

PT-2019-4107 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.34 through 5.2.x Description: A buffer overflow flaw was found in the Linux kernel's vhost functionality, which translates virtqueue buffers to IOVs and logs buffer descriptors during migration. This flaw can be...

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

No description provided by source. DrayTek VigorACS SI = 1.3.0 Vigor ACS-SI Edition is a Central Management System for DrayTek routers and firewalls, providing System Integrators or system administration personnel a real-time integrated monitoring, configuration and management platform...

MGASA-2014-0413 Updated chromium-browser-stable packages fix security vulnerabilites

Updated chromium-browser-stable packages fix security vulnerabilities: Several security issues and other bugs have been fixed since our previous update. See the upstream release announcements for details. Note that as of version 35, the Chromium browser no longer supports browser plugins, includi...

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This is not so much a software vulnerability but more a configuration issue. 2.2 Unauthenticated...

plazathai.com XSS vulnerability

Open Bug Bounty ID: OBB-51290 Description| Value ---|--- Affected Website:| plazathai.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

Splunk collect file Directory Traversal (CVE-2013-6771)

A directory traversal vulnerability has been found in Splunk. The vulnerability is due to insufficient sanitization of user-provided input to the advanced search functionality in the "file" parameter of the "collect" script...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 update

Red Hat JBoss BRMS 6.0.3, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.3 update

Red Hat JBoss BPM Suite 6.0.3, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...