SQL Buddy 1.3.3 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: SQL Buddy 1.3.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/18/2015 Disclosed to public: 10/07/2015 Release...

Chyrp CMS 2.5.2 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Chyrp CMS 2.5.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Github: https://github.com/chyrp/chyrp Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015...

Memory corruption in libjar through zip files — Mozilla

Security researcher Gustavo Grieco reported a buffer underflow in libjar triggered through a maliciously crafted ZIP format file. This results in a potentially exploitable crash...

Buffer overflow during image interactions in canvas — Mozilla

Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash...

PHP yaml_parse_url Double Free Vulnerability

The yaml parsing functions suffers from an exploitable double free caused by the error path for the phpvarunserialize call on line 797 of pecl/fileformats/yaml.git/parse.c. Title: PHP yamlparseurl Double Free Credit: John Leitch email protected Url1:...

Pligg CMS 2.0.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Code Execution & CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to publi...

Pligg CMS 2.0.2 CSRF / Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Code Execution & CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/201...

Pligg CMS 2.0.2 - Directory Traversal

Pligg CMS 2.0.2 - Directory Traversal Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor:...

Pligg CMS 2.0.2 - Multiple SQL Injections

Pligg CMS 2.0.2 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor:...

Pligg CMS 2.0.2 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015 Releas...

Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: Code Execution & CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/201...

Pligg CMS 2.0.2 - Multiple SQL Injections

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015 Releas...

CVE-2015-7889

creationtimestamp| type| source ---|---|--- 2015-10-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38558...

java -- multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...

Mageia: Security Advisory (MGASA-2015-0313)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux/MIPS Kernel NetUSB - Remote Code Execution Exploit

Exploit for multiple platform in category remote exploits !/usr/bin/env python Source: http://haxx.in/blasty-vs-netusb.py CVE-2015-3036 - NetUSB Remote Code Execution exploit Linux/MIPS =========================================================================== This is a weaponized exploit for th...

Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Netgear Router Firmware N3001.1.0.311.0.1.img and N300-1.1.0.281.0.1.img Vendor: NETGEAR CVE ID: requested Subject: Authentication Bypass Risk: High Effect: Remotely exploitable over LAN/WLAN Author: Daniel Haake...

Netgear N300 Authentication Bypass Vulnerability

Netgear N300 routers suffer from an authentication bypass vulnerability that allows for complete compromise. COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Netgear Router Firmware N3001.1.0.311.0.1.img and N300-1.1.0.281.0.1.img Vendor: NETGEAR CVE ID: requeste...

QARK - Tool to look for several security related Android application vulnerabilities

Q uick A ndroid R eview K it - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the...

Updated gdk-pixbuf2.0 packages fix security vulnerabilities

Updated gdk-pixbuf packages fix security vulnerabilities: Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.0. This issue is triggered by the scaling of a malformed tga format image and results in a potentially exploitable crash CVE-2015-7673. Security research...