7377 matches found
[ANN] Apache Struts 2.3.20 GA release available with security fix
The Apache Struts group is pleased to announce that Apache Struts 2.3.20 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is...
CentOS 7 : glibc (CESA-2014:2023)
Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Moderate: Red Hat Security Advisory: glibc security and bug fix update
Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Papoo CMS 6.0.0 Rev. 4701 - Stored XSS Vulnerability
Exploit for php platform in category web applications Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability...
JVN#97384696: TSUTAYA App for Android vulnerable to arbitrary Java method execution
TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted web page, an arbitrary Java method may be executed. Solution Update the software Update to the latest version according to the information provided by the...
[SECURITY] [DLA 113-1] bsd-mailx security update
Package : bsd-mailx Version : 8.1.2-0.20100314cvs-1+deb6u1 CVE ID : CVE-2014-7844 It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can...
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability
Document Title: =============== iWifi for Chat v1.1 iOS - Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1375 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID VL-ID: ====================================...
Design/Logic Flaw
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...
CVE-2014-7192
Removed by vendor...
CVE-2014-7192
CVE-2014-7192 affects the syntax-error npm module (before 1.1.1) used with Node.js 0.10.x, including in IBM Rational Application Developer and related IBM/RSA products. The vulnerability stems from improper input handling in the syntax-error/index.js file, enabling remote attackers to execute arb...
CHARGE Anywhere Breached, Plain Text Data Accessed
CHARGE Anywhere, a New Jersey-based developer of payment gateway and mobile payment applications, on Tuesday disclosed that it had been breached and that hackers had access to transactions leaving its network, perhaps going back as far as 2009. Most of the traffic was encrypted, the company said ...
JVN#13160869: Chyrp vulnerable to cross-site scripting
Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability. Impact An arbitrary script which may be embedded by an authenticated attacker could be executed on the Admin user's web browser. Solution Update the software Update to the latest version according to the information...
Gogs Markdown Renderer Cross Site Scripting Vulnerability
Gogs markdown renderer suffers from a cross site scripting vulnerability. Versions 0.3.1-9-g49dc57e are affected. XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. tak...
Another Wordpress Classifieds Plugin - SQL Injection
No description provided by source. Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ SQL injection Details: The parameter...
IL and CSRF vulnerabilities in D-Link DAP-1360
Hello 3APA3A! There are Information Leakage and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other...
WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection
Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ SQL injection Details: The parameter “keywordphrase” is susceptible to a time-base...
WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection
WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ SQL injectio...
Another Wordpress Classifieds Plugin - SQL Injection Vulnerability
Another WordPress Classifieds plugin suffers from cross site scripting and remote SQL injection vulnerabilities. Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download:...