DEBIAN-CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

ZebOS routing remote shell service enabled

...

WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection

Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-27 Download Site: https://wordpress.org/plugins/wp-powerplaygallery Vendor: WP SlideShow Vendor Notified: 2015-06-29 Advisory:...

trial-sport.ru XSS vulnerability

Vulnerable URL: http://trial-sport.ru/gds.php?q=xss=1=0=0=0';alert/XSSposed///=0from=0to= Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 20:57 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 16001 Google...

CollabNet Subversion Edge autocomplete on

Vuln Title: The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Ris...

How to Anonymously Access Wi-Fi from 2.5 Miles Away Using This Incredible Device

Anonymity is something that seems next to impossible in this era of government surveillance. Even Tor and VPNs are no longer seem to be enough to protect user privacy. Once your IP address is discovered, your Game Over! However, a method have been devised that not only allow users to anonymously...

Fedora 22 : abrt-2.6.0-1.fc22 / gnome-abrt-1.2.0-1.fc22 / libreport-2.6.0-1.fc22 / satyr-0.18-1.fc22 (2015-9886)

Security fixes for : - CVE-2015-3315 - CVE-2015-3142 - CVE-2015-1869 - CVE-2015-1870 - CVE-2015-3151 - CVE-2015-3150 - CVE-2015-3159 abrt : - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hserror.log from /tmp - Do...

IPsec-Tools IKE Daemon Remote Denial of Service Vulnerability

IPsec-Tools is a user-space implementation of different IPSecs ported from KAME's libipsec, setkey and racoon, and supports various BSD systems. A null pointer reference error in the IPsec-Tools 'gssapiinit' function src/racoon/gssapi.c allows a remote attacker to submit special UDP packets that...

USN-2603-1 thunderbird vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application...

Remote DLL Injector v2.0 - Command-line Tool to Inject DLL into Remote Process

Remote DLL Injector is the free command-line tool to Inject DLL into remote process. Currently it supports DLL injection using the CreateRemoteThread technique. Being a command-line tool makes it easy to integrate into your automation scripts. Also useful when you are remotely operating on the...

Apple MAC OS X < 10.9/10 - Local Root Exploit

Exploit for macOS platform in category local exploits / osx-irony-assist.m Copyright c 2010 by Apple MACOS X include import import / where you want to write it! / define BACKDOORBIN "/var/db/.AccessibilityAPIEnabled" int doassistivecopyconst char spath, const char dpath NSAutoreleasePool pool =...

DEBIAN-CVE-2015-1856

OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...

openstack-nova: console Cross-Site WebSocket hijacking

It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...

JVN#56297719: JBoss RichFaces vulnerable to remote Java code execution

JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Impact When a specially crafted input is processed, arbitrary Java code may be executed on the application...

White House Executive Order Declares Cyber National Emergency

U.S. President Barack Obama last week issued an Executive Order declaring a national emergency and deputizing the Treasury Secretary and Attorney General to apply sanctions and other consequences for international actors deemed to have engaged in “cyber-enabled activities” detrimental to U.S...

Cisco IOS XE Autonomic Networking Infrastructure Multiple Vulnerabilities (cisco-sa-20150325-ani)

According to its self-reported version, the version of Cisco IOS running on the remote host is affected by the following vulnerabilities : - A flaw exists in the ANI due to failing to properly validate Autonomic Networking AN messages. This could allow a remote attacker to spoof an Autonomic...

CVE-2015-2767

Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."...

Design/Logic Flaw

Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."...

CVE-2015-2767

Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."...

CVE-2015-2767

CVE-2015-2767 is an unspecified vulnerability affecting Websense TRITON AP-EMAIL, specifically in versions earlier than 8.0.0, linked to the Autocomplete feature. Public CNVD/NVD records describe an information exposure risk without explicit impact details; one CNVD entry notes that attackers cou...