EC-CUBE Payment Module and GMO-PG Payment Module Input Validation Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Japan. The platform supports product login, user evaluation, art layout, etc. EC-CUBE Payment Module and GMO-PG Payment Module are payment modules developed by Japan GMO Payment Gateway Company which are use...

Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE

Overview EC-CUBE Payment Module and GMO-PG Payment Module PG Multi-Payment Service, which are additional modules for EC-CUBE, provided by GMO Payment Gateway, Inc. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability in the management screen CWE-79 - CVE-2018-0657 Inp...

CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...

Movable Type plugin MTAppjQuery vulnerable to PHP code execution

Overview MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file CWE-434, which may lead to arbitrary PHP...

WordPress Redirection Redirection Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Redirection is one of the redirection plug-ins used to manage the 301 redirection and tracking 404 errors . A...

Design/Logic Flaw

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...

Netsweeper Arbitrary File Upload Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. An arbitrary file upload vulnerability exists in the webadmin/ajaxfilemanager/ajaxfilemanager.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. A remote attacker...

SOY CMS vulnerable to directory traversal

Overview SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. SOY CMS contains a directory traversal vulnerability CWE-22 due to a flaw in processing shopid parameter. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

baserCMS vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

ALPINE-CVE-2016-6306

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service out-of-bounds read via crafted certificate operations, related to s3clnt.c and s3srvr.c...

Advertising Alliance to morph hung it to the Union HackingTeam vulnerability weapons attack millions of Internet users-vulnerability warning-the black bar safety net

In the 1 1 month, 3 6 0 Internet Security Center monitoring to a product called“restartokwecha“Downloader Trojan to intercept the amount of surge,and its trace is found, the Trojan turned out from the PConline Pacific computer network, the 1ting a listen to the music network, the...

EC-CUBE vulnerable to cross-site request forgery

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability CWE-352. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Kirby CMS Cross-Site Request Forgery Vulnerability

Kirby CMS is a file-based content management system that is flexible, easy to use and easy to install. KirbyCMS suffers from a cross-site request forgery vulnerability in its implementation, which could be exploited by an attacker to execute arbitrary script code in the context of an affected...

[SECURITY] [DLA 156-1] samba security update

Package : samba Version : 2:3.5.6dfsg-3squeeze12 CVE ID : CVE-2015-0240 Debian Bug : 779033 Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code executio...

GLPI 0.85.2 Shell Upload / Privilege Escalation

Multiple vulnerabilities have been identified in GLPI http://www.glpi-project.org. 1/ Arbitrary file upload Severity: Important Versions Affected =========== All versions between 0.85 and 0.85.2 Description ======= When an user wants to create a new ticket, he has the possibility to add an...

Updated x11-server packages fix CVE-2015-0255

Updated x11-server packages fix security vulnerability: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengt...

xorg-server -- Information leak in the XkbSetGeometry request of X servers.

Peter Hutterer reports: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string...

CVE-2010-5077

server/svmain.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service network traffic amplification via a spoofed 1 getstatus or 2 rcon request...

OpenSSL multiple security vulnerabilities

DoS and protocol version downgrades in client and server code, memory corruptions and information leaks in client code...

Vulnerability in OpenSSL - OpenSSL TLS protocol downgrade attack

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher...