[SECURITY] Fedora 23 Update: python-django-1.8.14-1.fc23

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 23 Update: kf5-kauth-5.24.0-1.fc23

KAuth is a framework to let applications perform actions as a privileged us er...

[SECURITY] Fedora 24 Update: kf5-kauth-5.24.0-1.fc24

KAuth is a framework to let applications perform actions as a privileged us er...

Spring Boot framework the expression injection vulnerability

No description provided by source...

Information disclosure

The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080...

Vulnerability warning: the Spring Boot framework, the expression injection vulnerability-vulnerability warning-the black bar safety net

High-risk vulnerability exposure always occurs at an unexpected moment: the weekend all of them are ready to enjoy the weekend time, the Spring Boot framework SpEL expression inject Common Vulnerability exposure exploit this vulnerability, a remote attacker on the server to execute arbitrary...

WebNMS Framework Server Arbitrary Text File Download

This module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to download files off the file system by using a directory traversal attack on the FetchFile servlet. Note that only text files can be downloaded properly, as any binary file will get mangled by...

WebNMS Framework Server Arbitrary File Upload

This module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to upload text files by using a directory traversal attack on the FileUploadServlet servlet. A JSP file can be uploaded that then drops and executes a malicious payload, achieving code execution...

CVE-2016-2496

The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796...

CVE-2016-2496

The CVE-2016-2496 issue concerns the Framework UI permission-dialog in Android 6.x before 2016-06-01. A partially overlapping window allows tapjacking and access to arbitrary private-storage files due to an internal bug (26677796). The vulnerability’s impact is described as elevated access to pri...

zentaoPHP框架 SQL注入漏洞

No description provided by source...

Debian DSA-3588-1 : symfony - security update

Two vulnerabilities were discovered in Symfony, a PHP framework. - CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions randombytes or opensslrandompseudobytes are not available, the...

Compression Side-Channel Attack Framework: Rupture

A COMPRESSION SIDE-CHANNEL ATTACK FRAMEWORK Rupture is a framework for easily conducting BREACH and other compression-based attacks Rupture is a framework for conducting network attacks against web services. It is focused on compression-attacks, but provides a generalized scalable system for...

JVN#41772178: Apache Cordova vulnerable to arbitrary plugin execution

Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where arbitrary plugins may be executed. Impact Accessing a specially crafted URL may result in...

CANToolz aka YACHT (Yet Another Car Hacking Tool) - Framework for Black-Box CAN Network Analysis

CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MIT...

CVE-2016-2426

server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GETACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal...

CVE-2016-2426

The CVE-2016-2426 entry describes an Information Disclosure vulnerability in Android Framework’s ContentService (Android 4.x up to 6.x). The root cause is that ContentService.java does not check GET_ACCOUNTS permission, allowing a crafted local application to obtain sensitive information from aff...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...

CVE-2015-8606

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...

CVE-2015-8606

CVE-2015-8606 affects SilverStripe CMS & Framework. Multiple XSS vulnerabilities exist in versions prior to 3.1.16 and 3.2.x prior to 3.2.1, exploitable via the Locale or FailedLoginCount parameter in admin/security/EditForm/field/Members/item/new/ItemEditForm. Impact is that remote attackers can...