[SECURITY] Fedora 22 Update: springframework-3.2.15-1.fc22

Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...

CVE-2015-4827

Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Framework...

Buffer overflow

Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Framework...

CVE-2015-4827

Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Framework...

科创政府信息公示框架任意文件上传漏洞

inurl:commfront inurl:commfront/email 该CMS多被政府网站所使用 本CMS除了POC中提到的上传点，还有很多上传点。请自行寻找。 如何寻找上传文件夹地址可以通过网站中包含上传页面的页面源代码信息获取 提交表单：...

Design/Logic Flaw

The SIM Toolkit STK framework in Android before 5.1.1 LMY48I allows attackers to 1 intercept or 2 emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171...

Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative...

Privilege escalation

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to 1 execute arbitrary code via a crafted XAML browser application XBAP or 2 bypass Code Access Security restrictions via a crafted...

Netflix Sleepy Puppy Cross-Site Scripting Payload Framework

Most automated scanning and security tools that ferret out cross-site scripting vulnerabilities don’t do much analysis beyond the target application. Netflix this week, however, released to open source a tool developed in-house that persists beyond the target app and can flag potential XSS troubl...

Man In The Middle Attack Framework: MITMf

Man In The Middle Attack Framework MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques. Originally built to address the significant shortcomings of other tools e.g Ettercap, Mallory, it’s been almost complete...

[SECURITY] Fedora 22 Update: php-ZendFramework2-2.4.7-1.fc22

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

Hack Codegen - Facebook Open-Sources Code That Writes Code

Good news for Open Source Lovers! Facebook has open-sourced Hack Codegen – its library for automatically generating Hack code, allowing outside developers to automate some of their routine work while developing large programs. HACK is the Facebook's own programming language designed to build...

Object Scanning System: Laika BOSS

Laika is an object scanner and intrusion detection system that strives to achieve the following goals: Scalable Work across multiple systems High volume of input from many sources Flexible Modular architecture Highly configurable dispatching and dispositioning logic Tactical code insertion withou...

XSS Payload Management Framework: Sleepy Puppy

Sleepy Puppy is a cross-site scripting XSS payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time. Why Should I use Sleepy Puppy? Often when testing for client side injections HTML/JS/etc. security engineers are looking fo...

CVE-2015-2644

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect confidentiality via unknown vectors related to Security...

CVE-2015-2644

Concretely, CVE-2015-2644 affects Oracle Supply Chain Products Suite (Agile PLM Framework) version 9.3.3, where the Security subcomponent is vulnerable. A remote attacker could read data, compromising confidentiality. The CNVD entry confirms the vulnerability exists in the Agile PLM Framework’s S...

[SECURITY] Fedora 21 Update: springframework-3.2.14-1.fc21

Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...

CVE-2015-5063

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...

CVE-2015-5062

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build...

CVE-2015-5063

CVE-2015-5063 affects SilverStripe CMS & Framework 3.1.13. The vulnerability is an XSS in install.php triggered by the admin_username or admin_password parameters, allowing remote attackers to inject arbitrary web script or HTML. Related references corroborate XSS via install.php and show exploit...