Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability

A vulnerability in the Data Center Analytics Framework DCAF application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the us...

SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13...

SilverStripe CMS 3.1.13 XSS / Open Redirect

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS &...

[SECURITY] Fedora 20 Update: php-ZendFramework2-2.3.8-1.fc20

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

COSO Framework for Service Organizations and SOC Reporting (Part 3 of 3)

In part 1 of this series, we discussed the recent changes to the COSO framework and the overall impact that the updated framework has on service organizations that receive Service Organization Controls SOC reports...

Facebook Filter Evasion / Open Redirect

Document Title: =============== Facebook 26 - Filter Bypass & Exception Handling Redirect Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1483 http://www.vulnerability-lab.com/getcontent.php?id=1484 Video View:...

Facebook #26 - Bypass & Exception Redirect Vulnerability

Document Title: =============== Facebook 26 - Bypass & Exception Redirect Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1483 http://www.vulnerability-lab.com/getcontent.php?id=1484 Video View: https://www.youtube.com/watch?v=I65zFWF-pMg...

Facebook #26 - Bypass & Exception Redirect Vulnerability

Document Title: =============== Facebook 26 - Bypass & Exception Redirect Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1483 http://www.vulnerability-lab.com/getcontent.php?id=1484 Video View: https://www.youtube.com/watch?v=I65zFWF-pMg...

[SECURITY] Fedora 21 Update: FlightGear-3.2.0-2.fc21

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

[SECURITY] Fedora 22 Update: FlightGear-3.4.0-4.fc22

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

Security notice: Django framework arbitrary file include vulnerability-vulnerability warning-the black bar safety net

In the 4 on 2 1 May, based on the python open source web framework Django released a security Bulletin, saying that in≤1.5 version of Django contrib. markup the package there is any file that contains the vulnerability, the attacker may be by docutils to attack. On docutils The Docutils project i...

CVE-2015-2114

CVE-2015-2114 affects HP Support Solution Framework on Windows prior to 11.51.0049, where a vulnerability could allow a remote attacker to have the system download and execute an arbitrary program on a client machine via unspecified vectors. The NVD description states remote code execution with a...

The vulnerability the batch using the scan framework-vulnerability warning-the black bar safety net

0x00 Preface Each vulnerability after the outbreak, many people are in a hurry to find a batch, thinking to brush a few holes in the submission of the clouds. In fact, some of the vulnerabilities of the detection step time can be unified extraction do into the framework. Today I'll share to make...

GeniXCMS 0.0.1 SQL Injection

GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate...

Using scrapy crawl sebug vulnerability database-vulnerability warning-the black bar safety net

! Due to the project need to grab the sebug of the vulnerability database content, using the scrapy framework simple has written a gripping sebug the crawler, and stored in a database, mysql or mongodb, here to mysql, for example. About scrapy Scrapy, Python, development of a quick,high-level...

JBoss Seam 2 File Upload and Execute

Versions of the JBoss Seam 2 framework 'JBoss Seam 2 File Upload and Execute', 'Description' = %q Versions of the JBoss Seam 2 framework 2.2.1CR2 fails to properly sanitize inputs to some JBoss Expression Language expressions. As a result, attackers can gain remote code execution through the...

Facebook BBP #23 - Session ID & CSRF Vulnerability

Document Title: =============== Facebook BBP 23 - Session ID & CSRF Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1432 Facebook Security ID: 10202805822321483 Video: https://www.youtube.com/watch?v=SAr2AGLrBkQ Vulnerability Magazine:...

Debian: Security Advisory (DSA-3151-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SRC-2015-0003 : Oracle Endeca Tools and Frameworks AMF Request Beanshell Script Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fla...

CVE-2015-0404

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Error Messages...