WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting

Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored Cross-Site Scripting XSS vulnerability has been found in the WassUp Real Time...

JasPer Denial of Service Vulnerability (CNVD-2016-10047)

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A denial of service vulnerability exists in JasPer, which can be exploited by an attacker to crash an application and cause a denial of service...

WordPress Core 4.5.3 - Directory Traversal / Denial of Service

Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to create a denial of service condition of an affected...

WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting

WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Abstract A Cross-Site Scripting vulnerability was found in the Count per Day WordPress Plugin. This issue can be exploited by an unauthenticated...

WordPress Count per Day 3.5.4 Plugin - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Abstract A Cross-Site Scripting vulnerability was found in the Count per Day WordPress Plugin. This issue can be exploited by an unauthenticated attacker and allows an...

WordPress Booking Calendar 6.2 Plugin - SQL Injection

Exploit for php platform in category web applications SQL injection vulnerability in Booking Calendar WordPress Plugin Abstract An SQL injection vulnerability exists in the Booking Calendar WordPress plugin. This vulnerability allows an attacker to view data from the database. The affected...

WordPress ALO EasyMail NewsLetter 2.9.2 Plugin - Cross-Site Request Forgery (Add/Import Arbitrary Su

Exploit for php platform in category web applications Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This issue has been found during the Summer of Pwnage hacker...

WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This issue has been found during the Summer of Pwnage hacker event, running from July 1-29. A community summer event...

Multiple stored cross-site scripting vulnerabilities in emlog

emlog is a functional blog and CMS builder based on PHP and MySQL. There are multiple stored cross-site scripting vulnerabilities in emlog. The stored XSS vulnerabilities are caused due to the emlog 6.9 open source software code writing process, some of which fails to do input filtering...

TCExam Information Disclosure Vulnerability

TCExam is an open source e-testing system.TCExam currently uses open source CBA software. TCExam has an information disclosure vulnerability that allows attackers to exploit the vulnerability to gain access to sensitive information...

How to remote control someone else's Wireless Mouse: depth expose mouseJack insider-vulnerability warning-the black bar safety net

A． The preamble Recently a United States Internet of things security startup company Bastille released a about the Wireless Mouse of the vulnerability disclosure report, known as multi-producers of the production of wireless mouse and wireless keyboard there is a security vulnerability, a malicio...

ISC BIND rndc Control Instance Denial of Service Vulnerability

ISC BIND is a set of open source software that implements the DNS protocol. A design flaw in the BIND rndc control instance's handling of request input can lead to an assertion failure in sexpr.c or alist.c, which can ultimately lead to the exit of the named process when a malformed packet is sen...

NBD Denial of Service Vulnerability

NBD is a stable and efficient open source network storage software , can be used to build Linux-based network storage system . NBD has a denial-of-service vulnerability that allows remote attackers to exploit the vulnerability, resulting in a denial of service...

Linux Australia Breached by Hackers

Linux Australia, a consortium in charge of organizing Linux conferences Down Under, acknowledged over the weekend it was breached by attackers who were able to secure access to one of its servers, and with it, potential user information. In a detailed email to users on Saturday, the group’s...

OpenDaylight Helium Authentication Bypass Vulnerability

Opendaylight, a project of the Linux Foundation in the United States, is a community-driven, open-source, software-defined networking framework that contains an ensemble of modules capable of performing networking tasks that need to be done quickly. An authentication bypass vulnerability exists i...

[SECURITY] Fedora 20 Update: docker-io-1.4.1-6.fc20

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Multiple Cross-Site Scripting Vulnerabilities in Zurmo CRM

Zurmo CRM is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. Multiple cross-site scripting vulnerabilities exist in Zurmo CRM because it fails to properly filter user-supplied input. An attacker could potentially exploit these...

2015 Computer Security Risks and Trends to Watch

P4ssw0rds got you down? POODLEs Bashing you over the head giving you Heartbleed? Well, bad puns aside, 2014 was a rough year and you can surely expect more of the same in 2015—with a few new twists. Hackers will still chase credit card numbers and point-of-sale systems, but they’ve got their eye ...

bug vulnerability handling mechanism system-bugtracker-bug warning-the black bar safety net

For the company configured a Bug tracking system, 找到BugTracker.NET,read a bit, the translation of which is configuration. After a research experience then put up to share. A friend in need can be the following URL to download http://sourceforge.net/project/showfiles.php?groupid=66812 BugTracker...

Fedora Update for moodle FEDORA-2014-4152

Check for the Version of moodle OpenVAS Vulnerability Test Fedora Update for moodle FEDORA-2014-4152 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...