Bitdefender BOX 2 bootstrap download_image command injection vulnerability

Summary An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands...

ACLs not properly enforced in "documents" application - ownCloud

The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. This application uses strong and very long random "Session IDs" to limit access to specific resources. Knowledge of this ID allows...

Server: ACLs not properly enforced in "documents" application

The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. This application uses strong and very long random "Session IDs" to limit access to specific resources. Knowledge of this ID allows...

Xxe

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service read block and hang via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virConnectCompareCPU or 2 virConnectBaselineCPU API method, relate...

X-Ray 2.0 - VirusTotal frontent version for Suspicious Files Auto Submit

Raymond announce X-Ray 2.0, a program which is frontend for VirusTotal multi scanner. X-Ray will provide users with automatic submission of files that you think are suspicious to 35 Agnitum, Antiy Labs, Avast, AVG, Avira, Bitdefender, QuickHeal, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, F-Prot,...