JShielder - LAMP/LEMP Secure Deployment

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little...

CVE-2016-0852

Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors...

UBUNTU-CVE-2015-8922

The readCodersInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted 7z file, related to the 7zfolder struct...

ComfortableMexicanSofa CMS Engine Detection

The script sends a HTTP request to the server and attempts to extract the version from the reply. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Resize Image On The Fly and Cache 1.1.0 and previous

Resize Image On The Fly and Cache - content plugin by s2software.it Version 1.1.0 and likely all previous Open folder permissions Resolution: update to version 1.3.3 Existing users will need to manually fix the permissions of folder /images/cache to 755 or delete it in order to be recreated by th...

Valve Steam Privilege Acquisition Vulnerability

Valve Steam is a Linux-based operating system for living room gaming from the American company Valve. A security vulnerability exists in Valve Steam version 2.10.91.91, which originates when the program assigns weak permissions user: read/write to the Install folder. This vulnerability can be...

CVE-2015-7985

Valve Steam 2.10.91.91 uses weak permissions Users: read and write for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file...

CVE-2015-7985

Valve Steam 2.10.91.91 uses weak permissions Users: read and write for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file...

CVE-2015-7985

Valve Steam 2.10.91.91 uses weak permissions Users: read and write for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file...

CVE-2015-7985

Valve Steam 2.10.91.91 has weak permissions on the Install folder (Users: read/write), enabling local privilege escalation via a trojan steam.exe. Affected component: Steam Install directory; root cause: improper file permissions. Impact: local privilege gain; exploitation details or in-wild stat...

openSUSE Security Update : roundcubemail (openSUSE-2015-699)

roundcubemail was updated to version 1.0.7 to fix two security issues. These security issues were fixed : - XSS issue in drag-n-drop file uploads - Disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder...

Subrion 3.x - Multiple Vulnerabilities

Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X Tested Version = Latest, 3.3.5 on a Wamp Server. x Google...

ownCloud Server Cross-Site Scripting Vulnerability

ownCloud Server is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek. ownCloud Server is a server version. A cross-site scripting vulnerability exists in ownCloud Server versions prior to 7.0.5 and 8.0.4 and prior to 8.0.x. The vulnerability...

CVE-2015-5953

Cross-site scripting XSS vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " double quote character in a filename in a shared folder...

CVE-2015-5953

Cross-site scripting XSS vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " double quote character in a filename in a shared folder...

IPython Notebook and Jupyter Notebook Cross-Site Scripting Vulnerabilities

IPython is an enhanced version of Python's native interactive shell developed by the IPython team.Notebook is one of the development environments.Jupyter Notebook is one of the suite of web applications for creating and sharing code and illustrative text documents. A cross-site scripting...

Lenovo Caught (3rd Time) Pre-Installing Spyware on its Laptops

Lenovo has once again been caught installing spyware on its laptops and workstations without the user's permission or knowledge. One of the most popular computer manufacturers is being criticized for selling some refurbished laptop models pre-installed with invasive marketing software that sends...

DEBIAN-CVE-2015-6938

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

PYSEC-2015-24

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

CVE-2015-6938

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...