RHEL 6 : devtoolset-2-httpcomponents-client (RHSA-2014:1098)

Updated devtoolset-2-httpcomponents-client packages that fix one security issue are now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHEL 6 : devtoolset-2-axis (RHSA-2014:1123)

An updated devtoolset-2-axis package that fixes one security issue is now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

D-Link DAP-1360 suffers from cross site request forgery, abuse of functionality, and brute force vulnerabilities. There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This mod...

FreeBSD : phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page. (25b78f04-59c8-11e4-b711-6805ca0b3d42)

The phpMyAdmin development team reports : With a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries. This vulnerability can be triggered only by someone who is logged in to...

CVE-2014-5423

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary 1 debugging file or 2 developer file...

Design/Logic Flaw

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary 1 debugging file or 2 developer file...

CVE-2014-8314

CVE-2014-8314 affects SAP HANA Developer Edition Revision 70 with two reflected XSS vectors in the democontent: epm/admin/DataGen.xsjs and epm/services/multiply.xsjs, enabling remote attackers to inject arbitrary web script or HTML via unspecified vectors. The NVD entry rates the impact as partia...

CVE-2014-8313

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors...

CVE-2014-8313

The CVE-2014-8313 entry describes an evaluation (XSJX eval) injection flaw in SAP HANA’s Developer Workbench, specifically in ide/core/base/server/net.xsjs, enabling remote code execution through unspecified vectors. The vulnerability affects the Developer Workbench component of SAP HANA and is t...

[SECURITY] [DLA 58-2] apt regression fix

Package : apt Version : 0.8.10.3+squeeze6 CVE ID : CVE-2014-6273 This update fixes a regression introduced in 0.8.10.3+squeeze5 where apt would send invalid HTTP requests when sending If-Range queries. Thanks to Steven McDonald who reported1 the regression and to Michael Vogt for having uploaded ...

GetSimple CMS 3.3.1 - Cross-Site Scripting

PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1 CVE-2014-1603 by Pedro Ribeiro [email protected] from Agile Information Security Disclosure: 12/05/2014 / Last updated: 12/10/2014 Timeline: 04/11/2013 - Found bugs, produced proof of concept. 05/11/2013 - Communicated to the developer,...

neuroML 1.8.1 XSS / LFI / XXE Injection / Disclosure Vulnerabilities

neuroML version 1.8.1 suffers from cross site scripting, local file inclusion, XXE injection, and path disclosure vulnerabilities. Product: neuroML Version: Subject: Multiple Vulnerabilities Risk: High Effect: Remotely exploitable Author: Philipp Promeuschel Date: 10.10.2014 Abstract: -----------...

neuroML 1.8.1 XSS / LFI / XXE Injection / Disclosure

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: neuroML Version: Subject: Multiple Vulnerabilities Risk: High Effect: Remotely exploitable Author: Philipp Promeuschel Date: 10.10.2014 Abstract: ------------- The NeuroML project focuses on the development of an X...

TeamSpeak Client 3.0.14 Buffer Overflow

Title : TeamSpeak Client v3.0.14 - Buffer Overflow Vulnerability Severity : High+/Critical Reporters : SpyEye & Christian Galeone Software Version : 3.0.14 & Previous Versions Software Name : TeamSpeak Client Software Download Link :...

fish -- local privilege escalation and remote code execution

Fish developer David Adam reports: This release fixes a number of local privilege escalation vulnerability and one remote code execution vulnerability...

[SECURITY] Fedora 20 Update: kopete-4.14.1-1.fc20

Developer files for kopete...

Using ServiceWorker in Chrome today

The implementation for ServiceWorker has been landing in Chrome Canary over the past few months, and there's now enough of it to do some cool shit! Unnecessary representation of "cool shit" What is ServiceWorker? ServiceWorker is a background worker, it gives us a JavaScript context to add featur...

xcode-select 13.4.0 Buffer Overflow

Exploit Title: xcode-select - buffer overflow Description: xcode-select controls the location of the developer directory used by xcrun1, xcodebuild1, cc1, and other Xcode and BSD development tools. Date: Tuesday 23 2014 Exploit Author: Juan Sacco Vendor Homepage: https://developer.apple.com...

Oracle GENERATESCHEMA Buffer Overflow Exploit

This Exploit a buffer overflow in Oracle10g. When sending a specially formatted query to the GENERATESCHEMA function in the XDB.DBMSXMLSCHEMA package, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 0 then rexploit with target 1. Th...