CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

Heartbleed Bug (CVE-2014-0160) and Qt

Although Qt as such is not affected by the Heartbleed Bug CVE-2014-0160 found in OpenSSL, it affects users of Qt, so I wanted to write a short summary about the topic. As defined at : "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakne...

Splunk collect file Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Splunk. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the advanced search...

CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities

CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title : CMS Made Simple 1.11.10 Multiple XSS Vulnerability Google dork : N/A Date : 02/04/2014 Exploit Author : Blessen Thomas Vendor Homepage : http://www.cmsmadesimple.org/ Software Link : N/A Version : 1.11.10 Test...

WordPress Js-Multi-Hotel 2.2.1 XSS / DoS / Disclosure / Abuse

Hello list! There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress. Earlier I wrote about two other vulnerabilities. These are Abuse of Functionality, Denial of Service, Cross-Site Scripting and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for WordPress. There...

[SECURITY] Fedora 20 Update: python-logilab-common-0.61.0-1.fc20

This package contains several modules providing low level functionality shared among some python projects developed by logilab...

Code injection

Sophos Web Appliance before 3.7.8.2 allows 1 remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the userworkstation variable in a customized template, and remote authenticated users to execute arbitrary commands via she...

PYSEC-2014-62

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...

Moderate: Red Hat Security Advisory: redhat-support-plugin-rhev security update

An updated redhat-support-plugin-rhev package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fr...

CVE-2013-6489

Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service segmentation fault via a crafted emoticon value, which triggers an integer overflow and a buffer overflow...

CVE-2013-7179

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...

Design/Logic Flaw

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...

CVE-2013-7179

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...

CVE-2013-7137

The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burdenuserrememberme cookie to 1...

CSRF, DoS and IL vulnerabilities in WordPress

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

[DAVOSET] Tool for conducting DDoS attacks

DAVOSET – it is console command line tool for conducting DDoS attacks on the sites via Abuse of Functionality vulnerabilities at other sites. Changelog v1.1.5 Added error handler in GetCookie. Added new services into lists of zombies. Removed non-working services from lists of zombies. Usage 1...

Scientific Linux Security Update : xorg-x11-server on SL6.x i386/x86_64 (20131121)

A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure. CVE-2013-1940 This...

CVE-2013-6039

Multiple cross-site scripting XSS vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to 1 admin/hostdependencies.php, 2 admin/hosts.php, or other unspecified pages that allow search input, related to the search functionali...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to 1 admin/hostdependencies.php, 2 admin/hosts.php, or other unspecified pages that allow search input, related to the search functionali...

CVE-2013-6039

Multiple cross-site scripting XSS vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to 1 admin/hostdependencies.php, 2 admin/hosts.php, or other unspecified pages that allow search input, related to the search functionali...