9303 matches found
WordPress < 4.4.2 Multiple Vulnerabilities
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.4.2. It is, therefore, affected by the following vulnerabilities : - A cross-site redirection vulnerability exists due to a failure by the application to validate certain input...
WordPress Update Fixes SSRF, Open Redirect Vulnerability
Developers at WordPress are encouraging users to upgrade to the latest version, 4.4.2, in order to resolve a handful of bugs and vulnerabilities in the content management system. The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried...
VMware vCenter Multiple Vulnerabilities (VMSA-2015-0008)
The VMware vCenter Server installed on the remote host is affected by the following vulnerabilities : - An XML external entity XXE injection flaw exists in Flex BlazeDS in the file flex-messaging-core.jar due to an incorrectly configured XML parser accepting XML external entities from untrusted...
Server side request forgery (ssrf)
Cisco Unified Computing System UCS Central software 1.30.1 allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted request, aka Bug ID CSCux33575...
Adobe ColdFusion Multiple Vulnerabilities (APSB15-29) (credentialed check)
The version of Adobe ColdFusion running on the remote Windows host is affected by multiple vulnerabilities : - Multiple cross-site scripting XSS vulnerabilities exist due to a failure to validate input before returning it to the user. A remote attacker can exploit these to inject arbitrary script...
Server side request forgery (ssrf)
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
Adobe Issues HotFix For ColdFusion
Adobe this afternoon released hotfixes and security updates for three of its products that patch a handful of vulnerabilities, none of which are being publicly exploited. The most serious vulnerabilities were in ColdFusion, Adobe’s web application development platform. The hotfix affects ColdFusi...
APSB15-30 Security update available for LiveCycle Data Services
Adobe has released a security update for LiveCycle Data Services. This update includes an updated version of Apache™ BlazeDS that resolves an important server-side request forgery vulnerability. Adobe recommends users apply the available updates using the instructions provided in the "Solution"...
VMSA-2015-0008:VMware product updates address information disclosure issue.
VMSA-2015-0008.2 VMware product updates address information disclosure issue. VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2015-0008.2 VMware Security AdvisorySynopsis: VMware product updates address information disclosure issue. VMware Security AdvisoryIssue date: 2015-11-1...
Piwik 2.14.3 PHP Object Injection Vulnerability
Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution. ----------------------------------------------------------------------- Piwik = 2.14.3 DisplayTopKeywords PHP Object Injection Vulnerability...
CVE-2015-1775
Server-side request forgery SSRF vulnerability in the proxy endpoint api/v1/proxy in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call...
CVE-2015-1775
Apache Ambari (1.5.0–2.0.2) is vulnerable to SSRF via the proxy endpoint api/v1/proxy. The issue allows remote authenticated users to perform port scans and access unsecured services through a crafted REST call, due to improper validation in the proxy handling. Impact details in multiple sources ...
Xtreme Vulnerable Web Application: XVWA
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. It is recommended to host this application in local/controlled environment an...
Open-Xchange (OX) App Suite Multiple Vulnerabilities -02 (Oct 2015)
Open-Xchange OX App Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Imgur: Server Side Request Forgery In Video to GIF Functionality
imgur.com is vulnerable to Server Side Request Forgery because it fails to sanitize or verify the "url" GET parameter. This could be used by attackers to launch attacks against other 3rd party sites or proxy an attackers requests through the affected site to hide the attackers origin. In more...
Server side request forgery (ssrf)
XML external entity XXE vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery SSRF attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx...
CVE-2015-3623
XML external entity XXE vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery SSRF attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx...
Server side request forgery (ssrf)
IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request...