Cross-Site Scripting in 3rd party library Flowplayer

It has been discovered, that editors could change, create or delete metadata of files without permission. Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 to 7.3.0...

[SECURITY] Fedora 20 Update: python-oauth2-1.5.211-8.fc20

Oauth2 was originally forked from Leah Culver and Andy Smith's oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal's fork. A number of notable differences exist between this code and its forefathers: - 100...

[SECURITY] Fedora 19 Update: python-oauth2-1.5.211-8.fc19

Oauth2 was originally forked from Leah Culver and Andy Smith's oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal's fork. A number of notable differences exist between this code and its forefathers: - 100...

Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Request Forgery CSRF Overall Severity: Low Release Date: January 31, 2014 Affected Versions: All versions below 6.2 CVE: Will be requested. Probl...

Potential for signature integrity compromise in Intel® Integrated Performance Primitives (Intel® IPP) Cryptography Domain

Summary: The cryptography CP domain in Intel’s newest version of Intel® Integrated Performance Primitives Intel® IPP v7.1 has been enhanced to improve its security and customers are strongly urged to update to this release. Description: Intel IPP v7.1 introduces Intel® AVX & Intel® AVX2 performan...

Fedora 8 : mod_suphp-0.6.3-1.fc8 (2008-2868)

This update is a security update fixing two local privilege escalation problems. modsuphp 0.6.2 contains two race condition regarding symlink checks. Using this attack vector a local attacker has the ability of changing symlinks in the timeframe between the security check and the php execution...

[SA20088] phpCOIN E-Mail Address Disclosure of Arbitrary Messages

TITLE: phpCOIN E-Mail Address Disclosure of Arbitrary Messages SECUNIA ADVISORY ID: SA20088 VERIFY ADVISORY: http://secunia.com/advisories/20088/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: phpCOIN 1.x http://secunia.com/product/4722/...

phpBB 2.0.17 released

Hi everyone, phpBB Group announces the release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release addresses several bugfixes and some low security issues as well as the recently seemingly wide-spread XSS issue only affecting Internet Explorer. Please have a loo...