RHEL 7 : docker (RHSA-2015:0623)

Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

SA-CONTRIB-2015-065 - Registration codes - Multiple vulnerabilities

Registration codes module allows new account registrations only for users who provide a valid registration code. The module was not properly sanitizing user supplied text in some pages, thereby exposing XSS vulnerabilities. Additionally, some URLs were not protected against CSRF, a malicious user...

Cisco IOS Software Authentication Proxy Bypass Vulnerability

A vulnerability in the Authentication Proxy feature of Cisco IOS Software could allow a remote attacker to bypass the authentication. The vulnerability is due to the incorrect processing of unsupported Authentication, Authorization, and Accounting AAA return codes from the AAA feature by the...

SQL Injection in Huge IT Slider WordPress Plugin

High-Tech Bridge Security Research Lab discovered an SQL injection vulnerability in Huge IT Slider WordPress Plugin. This vulnerability can be exploited by website administrators as well as anonymous attackers to inject and execute arbitrary SQL queries within the application’s database. 1 SQL...

WordPress Contact Form DB 2.8.26 Cross Site Scripting

Title: WordPress 'Contact Form DB' plugin - XSS Version: 2.8.26 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/contact-form-7-to-database-extension/ Contacted WordPress: 2015/01/26...

WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF

Because of this vulnerability, attacker can hijack the authentication of administrators for requests that delete logs of 404 HTTP status codes. Solution Update the plugin...

ZTE Datacard MF19 Privilege Escalation / DLL Hijacking

/ Exploit Title:ZTE Datacard MF19 0V1.0.0B04 PCWMOBILISALGV1.0.0B03 mobilis Insecure Permissions Local Privilege Escalation & PoC Local crash & DLL Hijacking Exploit mmsdllr.dll, mediaplayerdll.dll Date: 1/01/2015 Author: Hadji Samir [email protected] Link...

ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability

Document Title: =============== ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1387 Release Date: ============= 2014-12-24 Vulnerability Laboratory ID VL-ID: ===================================...

BookFresh - Persistent Clients Invite Vulnerability

Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...

Supr Shopsystem 5.1.0 - Persistent UI Vulnerability

Exploit for php platform in category web applications Product & Service Introduction: =============================== SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. Without installation and own webspace you can begin to...

IBM WebSphere Portal Information Disclosure Vulnerability (PI27710)

The version of IBM WebSphere Portal installed on the remote host is affected by an information disclosure vulnerability that allows a remote attacker to identify whether or not a file exists based on the webserver error codes. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2014-4821

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of...

Code injection

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of...

CVE-2014-4821

CVE-2014-4821 affects IBM WebSphere Portal 6.1.0.x (up to 6.1.0.6 CF27), 6.1.5.x (up to 6.1.5.3 CF27), 7.0.x (up to 7.0.0.2 CF28), 8.0.x (up to 8.0.0.1 CF14), and 8.5.0 before CF03. The vulnerability is an information-disclosure issue where the web server returns different error codes depending o...

Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability

Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ====================================...

Android Bluetooth Pairing Packet Processing Vulnerability&#65288;by wangzq from NCNIPC&#65289;

I. Summary Bluetooth Pairing Packet is written to a NFC tag, which can be touched by a NFC mobile phone for bluetooth pairing. A logic flaw has been found in some versions of Andorid mobile phone. The flaw can cause NFC phones'bluetooth turned on, regardless of whether the pairing succeeds or not...

HTTP Login Utility

This module attempts to authenticate to an HTTP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/http' class...

Microsoft Yammer - Bypass & Persistent Vulnerabilities

Document Title: =============== Microsoft Yammer - Bypass & Persistent Vulnerabilities References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1330 View: https://www.youtube.com/watch?v=0w8S3uryeII Advisory: http://www.vulnerability-lab.com/getcontent.php?id=976 Release Date:...

PayPal Inc #90 PM - Buffer Overflow Vulnerability

Document Title: =============== PayPal Inc 90 PM - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=940 http://www.vulnerability-lab.com/getcontent.php?id=1274 Release Date: ============= 2014-10-02 Vulnerability Laboratory I...

unbreakable enterprise kernel security bug fix update

2.6.39-400.215.10 - auditsc: auditkrule mask accesses need bounds checking Andy Lutomirski Orabug: 19590597 CVE-2014-3917 2.6.39-400.215.9 - oracleasm: Add support for new error return codes from block/SCSI Martin K. Petersen Orabug: 18438934 2.6.39-400.215.8 - ibipoib: CSUM support in connected...