TP-LINK TDDP Buffer Overflow / Missing Authentication

Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode: User...

Relevanssi Premium 1.14.4 Code Execution Vulnerability

An unserialization vulnerability in Relevanssi Premium version 1.14.4 could allow for code execution. Details ================ Software: Relevanssi Premium Version: v1.14.4 Homepage: https://www.relevanssi.com/ Advisory report:...

CVE-2016-1598

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages...

CVE-2016-1598

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages...

Code injection

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages...

CVE-2016-1598

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages...

The vulnerability of the Linux operating system’s kernel allows a hacker to trigger a service failure or cause other adverse effects.

The vulnerability in the drivers/media/platform/msm/broadcast/tsc.c file of the Linux operating system’s TSC driver is related to pointer assignment errors. Exploiting this vulnerability could allow a remote attacker to trigger a service failure or cause other effects through a specially created...

Airmail 3.0.2 Cross Site Scripting

Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, [email protected] Date: 2016-08-15 Version: 3.0.2 and earlier Platform: OS X and iOS Site: http://airmailapp.com/...

IBM QRadar SIEM Incorrect Privilege Assignment Local Elevation of Privilege Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM...

Drupal 7.x < 7.44 / 8.1.x < 8.1.3 User Module Account Saving Improper Role Assignment Remote Issue

Binary data 9399.prm...

The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure

The vulnerability of the Cisco IOS operating system is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger a service failure pointer assignment to zero through a specially crafted SNMP request...

FRticket Ticket System 1 Cross Site Scripting

Exploit Title: FRticket - Ticket System - Stored XSS Google Dork: if applicable Date: 11.06.2016 Exploit Author: Hamit ABİŞ Vendor Homepage: http://codecanyon.net/item/frticket-ticket-system/16539836 Version: v1 About Get the world’s most popular customer support ticket system. FRticket is...

FRticket Ticket System - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Exploit Title: FRticket - Ticket System - Stored XSS Google Dork: if applicable Date: 11.06.2016 Exploit Author: Hamit ABİŞ Vendor Homepage: http://codecanyon.net/item/frticket-ticket-system/16539836 Version: v1 About Get the world’s most...

FRticket Ticket System - Persistent Cross-Site Scripting

Exploit Title: FRticket - Ticket System - Stored XSS Google Dork: if applicable Date: 11.06.2016 Exploit Author: Hamit ABİŞ Vendor Homepage: http://codecanyon.net/item/frticket-ticket-system/16539836 Version: v1 About Get the world’s most popular customer support ticket system. FRticket is...

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

CVE-2016-2157

CVE-2016-2157 is a CSRF vulnerability in Moodle affecting mod/assign/adminmanageplugins.php. It lets remote attackers hijack administrator authentication for requests that manage Assignment plugins. Affected Moodle versions include through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x b...

CVE-2016-2543

The sndseqioctlremoveevents function in sound/core/seq/seqclientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted ioctl call...

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of the IOFireWireFamily component in the Mac OS X operating system is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to trigger a service failure pointer assignment to zero...

FreeBSD : moodle -- multiple vulnerabilities (a430e15d-f93f-11e5-92ce-002590263bf5)

Marina Glancy reports : - MSA-16-0003: Incorrect capability check when displaying users emails in Participants list - MSA-16-0004: XSS from profile fields from external db - MSA-16-0005: Reflected XSS in moddata advanced search - MSA-16-0006: Hidden courses are shown to students in Event Monitor ...