CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 3, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

CVE-2014-8680

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

VMware vCloud Automation Center privilege escalation

Privilege escalation via "Connect by Using VMRC" functionality...

CVE-2014-8488

Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...

Cross site scripting

Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...

CVE-2014-8488

Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...

gollum-grit_adapter Search Functionality Allows Arbitrary Command Execution

The gollum-gritadapter gem contains a flaw that can allow arbitrary command execution. Grit implements its search functionality by shelling out to git grep. In turn, git grep takes a -O or --open-files-in-pages option that will pipe the results of grep to an arbitrary process. By failing to...

Updated sddm packages fix security vulnerabilities

Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...

X (Formerly Twitter): Abuse of "Remember Me" functionality.

Steps to Reproduce:- 1. Navigate to https://twitter.com/login, Fill up the required details and click on the "Log in" button. Make sure you have checked "Remember Me" check-box. 2. Login Successfully, Analyze the cookie using FireBug, specially "authtoken" and "remembercheckedon". These cookies...

OracleVM 2.1 : xen (OVMSA-2009-0001)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix permissions problem with VM.GuestMetrics bugz 7265 - Disable ovs-disabled-create-netif-if-vif-type-set-ioemu.patch - Include proper patch for bugz 7807 - Implement VM.GuestMetrics to communicate...

CSRF in "bookmarks" application - ownCloud

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Server: CSRF in "bookmarks" application

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

Apple iOS 8.1.1 Fixes Several Code-Execution Flaws

Apple has patched 10 vulnerabilities in iOS, including a pair of bugs that allowed arbitrary code execution and one that enables an attacker to run random binaries on a target device. The patches come in iOS 8.1.1, a small update to the company’s mobile operating system. There are several serious...

[SECURITY] Fedora 19 Update: konversation-1.5.1-1.fc19

A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more...

CentOS 6 : xorg-x11-server (CESA-2013:1620)

Updated xorg-x11-server packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...

libvncserver security update

CentOS Errata and Security Advisory CESA-2014:1826 Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS ba...

Stuxnet's First Five Victims Provided Path to Natanz

Stuxnet’s first five victims were a carefully crafted list of targets that ultimately provided the attackers with the road map they needed to get inside a uranium enrichment plant in Natanz, Iran and disrupt the country’s nuclear program. Cobbled together from clues left behind by the infamous...

Vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This...