Discuz! 后台开启广播条件下的存储型跨站脚本漏洞和ssrf漏洞

No description provided by source...

openstack-glance: Glance image status manipulation through locations

An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to...

Pornhub: HTTP Track/Trace Method Enabled

Researcher identified that HTTP TRACE method was enabled...

Wix ShoutOut - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Wix ShoutOut published at the 'play' market has multiple vulnerabilities...

CVE-2016-1262

Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway RTSP ALG is enabled, allow remote attackers to cause a denial of service flowd crash v...

ownCloud Server Information Disclosure Vulnerability (CNVD-2016-00189)

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud, which provides file management, music storage, calendaring, etc. OwnCloud Server is a server version. A security vulnerability exists in ownCloud Server that stems from a failure of the program to...

CentOS Update for nss CESA-2016:0007 centos7

Check the version of nss SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882355";...

Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities

Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities Full Disclosure: Exploit Title : Belkin N150 Wireless Home Router Multiple Vulnerabilities Exploit Author : Rahul Pratap Singh Date : 30/Nov/2015 Home Page Link : http://www.belkin.com Blog Url : 0x62626262.wordpress.com Linkedin :...

Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities

Full Disclosure: Exploit Title : Belkin N150 Wireless Home Router Multiple Vulnerabilities Exploit Author : Rahul Pratap Singh Date : 30/Nov/2015 Home Page Link : http://www.belkin.com Blog Url : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Status : Not Patche...

Oracle Linux 7 : krb5 (ELSA-2015-2154)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2154 advisory. - the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed: - Bug 1144498 'Fix the race condition in the libkrb5 replay cache' - Bug 1163402 'kdb5ldaputil...

ZTE ZXHN H108N R1A Default Account Privilege Bypass Vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE The root account uses the 'root' password, which can be exploited by a remote attacker to take full control of the device when the system is enabled with Telnet service...

[SECURITY] Fedora 23 Update: drupal7-active_tags-2.0-0.9.alpha1.fc23

Active Tags adds a new option to free tagging taxonomies. If selected the taxonomy widget is replaced by a new jQuery enabled tag entry widget. This package provides the following Drupal 7 module: activetags...

SOL17461 - OpenSSH vulnerability CVE-2015-5352

Recommended Action 1By default, the vulnerable code is not enabled and is not used by the affected BIG-IP, BIG-IQ, and Enterprise Manager versions. In a standard/default configuration, the vulnerability is not exposed. If you are running a version listed in the Versions known to be vulnerable...

Bad performance noticed on issues with long history

Performing some testing with JIRA 6.4.5, I've noticed that there is a huge difference when logging work on an issue with no history and on an issue with a long history. I enabled Profiling on JIRA to check the difference: Example 1: Issue with 858 entries on history: noformat 2015-10-21...

IBM Multi-Enterprise Integration Gateway_2 Information Disclosure Vulnerability

IBM Multi-Enterprise Integration Gateway is a cross-enterprise integrated communications gateway product from IBM in the United States. An information disclosure vulnerability exists in IBM Multi-Enterprise Integration Gateway2, which allows an authenticated remote user to obtain sensitive...

moirans.e-bricodrive.fr XSS vulnerability

Vulnerable URL: http://moirans.e-bricodrive.fr/produitListe.php?searchString=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E=PERTINENCE=Envoyer Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 23:02 GMT Vulnerability type:| XSS...

[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22

The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...

Check for Windows 10 Cortana Search

Check for Windows 10 Cortana Search SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.96195";...

Target Says SEC Won't Pursue Enforcement Action as a Result of Data Breach

Target officials say that the Securities and Exchange Commission, one of several U.S. agencies investigating the massive data breach at the company in 2013, has decided not to punish Target as a result of the breach. The Target data breach is one of the larger such incidents ever. The breach...

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability of the ssl3getclientkeyexchange function in the OpenSSL library exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to cause a service failure by sending a ClientKeyExchange message of zero length during authentication procedures...