robotshop.com XSS vulnerability

Vulnerable URL: https://www.robotshop.com/en/customer/account/create/ Details: Description| Value ---|--- Patched:| Yes, at 13.05.2016 Latest check for patch:| 13.05.2016 10:13 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 18413 VIP website status:| Yes Check...

CVE-2016-2817

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS UXSS attacks via a craft...

AirOS 6.x Arbitrary File Upload

Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's possible to a unauthenticated user to exploit this vulnerability. Example Consider the following request:...

PHPmongoDB 1.0.0 - Multiple Vulnerabilities

PHPmongoDB 1.0.0 - Multiple Vulnerabilities Exploit Title: PHPmongoDB v1.0.0 - Multiple Vulnerabilities CSRF | HTMLor Iframe Injection | XSS Reflected & Stored Date: 14.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmongodb.org Software Link:...

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: A vulnerability in PostgreSQL 9.3.x before 9.3.12 and 9.4.x before 9.4.7 leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed und...

DEBIAN-CVE-2014-9766

Integer overflow in the createbits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via large height and stride values...

CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...

UBUNTU-CVE-2015-8833

Use-after-free vulnerability in the createsmpdialog function in gtk-dialog.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item...

Hexchat IRC Client Directory Traversal Vulnerability

Hexchat formerly known as XChat-WDK is a cross-platform IRC Instant Chat over the Internet communications software. Hexchat IRC Client is one of the IRC client products based on XChat. Hexchat IRC Client version 2.11.0 has a directory traversal vulnerability in the 'logcreatepathname' function in...

Let's Create - Customized SSL, External URLs, KeyStore usage vulnerabilities

HackApp vulnerability scanner discovered that application Let's Create published at the 'play' market has multiple vulnerabilities...

Security update for samba (important)

This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648; bsc968222. Other bugs fixed: - Enable clustering CTDB support; bsc966271. - s3: smbd: Fix timestamp...

jenkins: XXE injection into job configurations via CLI (SECURITY-173)

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

IBM WebSphere Process Server Access Restriction Bypass Vulnerability

IBM WebSphere Process Server is the business process automation engine. A security vulnerability exists in Business Space in some versions of IBM WebSphere Process Server, which can be exploited by remote attackers to bypass access restrictions and create arbitrary pages or spaces...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:0816-1)

"This update for the samba server fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; bso11648 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

JasPer Memory Leak Vulnerability

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A memory leak vulnerability exists in the 'jasiccprofcreatefrombuf' function in JasPer, which can be exploited by remote attackers to cause a denial of service memory consumption...

Apache Jetspeed User Management REST API Unauthorized Access Vulnerability

Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...

JasPer 'jas_matrix_create()' function remote integer overflow vulnerability

JasPer is an open source implementation of the JPEG-2000 codec . JasPer suffers from a remote integer overflow vulnerability that allows an attacker to build malicious files that can be exploited to trick an application into parsing, which can crash the application...

Shopify: Injection via CSV Export feature in Admin Orders

i found out that the filtering of "=,-,+" is not working in all data. there's a way to bypass it. 1. Create a product with title =cmd|' /C calc'!'D2' 2. Add variants more than 2 variants then save it. 3. Go to Orders Create Order 4. search the product we made =cmd|' /C calc'!'D2' 5. Add 2 variant...

Cisco Spark REST Interface Access Bypass Vulnerability

Cisco Spark is a collaboration services solution. A security vulnerability in the REST interface of Cisco Spark allows remote attackers to bypass established access restrictions by sending web requests to create arbitrary user accounts...

CVE-2016-1322

The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584...