CVE-2015-8800

CVE-2015-8800 affects Symantec SES:CSP/SDCS:SA and related components: SES:CSP 1.0.x before 1.0 MP5, SES:CSP for Controllers and Devices 6.5.0 before MP1, SCSP before 5.2.9 MP6, DCS:SA 6.x before 6.5 MP1 and 6.6 before MP1, and DCS:SA and Agents through 6.6 MP1. The issue allows remote authentica...

Ubuntu 14.04 LTS : Firefox regression (USN-2880-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2880-2 advisory. USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update...

USN-2880-1: Firefox vulnerabilities

Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2833-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2833-1 advisory. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered...

WordPress Multiple Vulnerabilities-01 (Dec 2015) - Windows

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

Code injection

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

CVE-2015-5841

CVE-2015-5841 concerns the CFNetwork Proxies component on macOS/iOS. Root cause: improper handling of a Set-Cookie header in HTTP CONNECT responses, enabling a remote proxy to inject cookies via a crafted response. Public references in Apple advisories show mitigation by removing the Set-Cookie h...

Ubuntu 14.04 LTS : Django vulnerabilities (USN-2671-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2671-1 advisory. Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of...

Design/Logic Flaw

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

SAP HANA system exposed to security vulnerabilities, static key exists in the database-vulnerability warning-the black bar safety net

! SAP is well-known in-memory database management system HANA was traced to the presence of security vulnerabilities, static encryption key is actually stored in the database. SAP HANA is SAP ever the fastest-growing products. Vulnerability overview ERPScan researchers held in Amsterdam the black...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of 1 administrators for requests that create an administrator account via a request to admin/usersedit.php or 2 arbitrary users for requests that conduct SQL...

CVE-2012-6691

Multiple cross-site request forgery CSRF vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 status parameter to admin/statsmonthlysales.php or 2 country parameter...

SQLassie - Effective Database Security

SQLassie is a free MySQL database firewall that prevents SQL injection attacks at runtime. SQLassie uses Bayesian classifiers to determine the likelihood of a query being an attack. This approach produces fewer false positives than other similar approaches. Security SQLassie prevents injection...

CVE-2015-1229

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

Cacti < 0.8.6f Multiple Vulnerabilities

According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.6f. It is, therefore, potentially affected by the following vulnerabilities : - Multiple vulnerabilities exist due to improper input validation in 'graphimage.php' and...

Kali Linux 1.1.0 - The Best Penetration Testing Distribution

After almost two years of public development and another year behind the scenes, we are proud to announce our first point release of Kali Linux – version 1.1.0. This release brings with it a mix of unprecedented hardware support as well as rock solid stability. For us, this is a real milestone as...

[ MDVSA-2014:237 ] perl-Mojolicious

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:237 http://www.mandriva.com/en/support/security/ Package : perl-Mojolicious Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Mojolicious package fixes security...

Mandriva Linux Security Advisory : perl-Mojolicious (MDVSA-2014:237)

Updated perl-Mojolicious package fixes security vulnerability : An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

Updated perl-Mojolicious packages fix a security vulnerability

Updated perl-Mojolicious package fixes security vulnerability: An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks...

QIWI: [send.qiwi.ru] Soap-based XXE vulnerability /soapserver/

An XML external entities injection vulnerability exists on the soap server hosted on send.qiwi.ru. The attack allows an attacker to open local files although perhaps not return the data, see below, leading at best to a DoS. Often this attack can be used to extract files from the server such as...