CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

CVE-2013-5356

Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors...

Authentication flaw

Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors...

openSUSE Security Update : icinga (openSUSE-SU-2014:0069-1)

imported upstream version 1.10.2 - includes fix for possible denial of service in CGI executables: CVE-2013-7108 bnc856837 - core: Add an Icinga syntax plugin for Vim 4150 - LE/MF - core: Document dropped options logexternalcommandsuser and eventprofilingenabled 4957 - BA - core: type in spec...

openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)

update to 1.1.15 bnc768680 : - security fix: complete authz support for remote SVN views CVE-2012-3356 - security fix: log msg leak in SVN revision view with unreadable copy source CVE-2012-3357 Additionally the following non-security issues have been addressed : - fix several instances of...

CentOS 5 : kernel (CESA-2014:0740)

Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140610)

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory...

SOL15300 - Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438

Recommended Action ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate th...

CVE-2014-3758

Cross-site scripting XSS vulnerability in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality...

Cross site scripting

Cross-site scripting XSS vulnerability in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality...

Sql injection

Multiple SQL injection vulnerabilities in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the 1 search or 2 list functionality...

CVE-2014-3758

The CVE refers to a Cross-Site Scripting (XSS) vulnerability in the TYPO3 extension BibTex Publications (si_bibtex) version 0.2.3, exposed through the import functionality. The TYPO3 security bulletin TYPO3-EXT-SA-2014-020 documents affected versions (0.2.3 and below) and lists XSS (alongside SQL...

WordPress Flexolio XSS / Disclosure / File Upload

Hello list! There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER. In April 2011 I wrote about vulnerabilities in TimThumb...

Multiple vulnerabilities in Joomla-Base

Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insufficient Anti-automation vulnerabilities in Joomla-Base. This is package of Joomla with different plugins with their vulnerabilities. These vulnerabilities are in Google Maps plugin for...

Multiple vulnerabilities in Flexolio for WordPress

Hello 3APA3A! There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER. In April 2011 I wrote about vulnerabilities in TimThumb...

Multiple vulnerabilities in Js-Multi-Hotel for WordPress

Hello 3APA3A! There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress. Earlier I wrote about two other vulnerabilities. These are Abuse of Functionality, Denial of Service, Cross-Site Scripting and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for WordPress. Ther...

Cross site scripting

Cross-site scripting XSS vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality...

CVE-2014-2260

Cross-site scripting XSS vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality...

CVE-2014-2657

CVE-2014-2657 affects PaperCut MF prior to version 14.1 (Build 26983) where the vulnerability lies in the print release functionality, with the impact and attack vectors described as unknown and remotely exploitable in embedded MFPs. The NVD entry notes a base score of 7.5 (HIGH) with NETWORK att...

CVE-2014-2042

CVE-2014-2042 affects Livetecs Timelive; unrestricted file upload in the Manage Project functionality (Uploads/) enables remote code execution. Affected: Timelive up to version 6.2.71. Root cause: lack of file-type restrictions and permissive Read/Execute on uploaded files. Impact: potential arbi...