D-Link DAP-1360 Abuse / Cross Site Request Forgery

D-Link DAP-1360 suffers from cross site request forgery, abuse of functionality, and brute force vulnerabilities. There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This mod...

CVE-2014-6635

Cross-site scripting XSS vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php...

CVE-2014-7298

adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality...

CVE-2014-7298

CVE-2014-7298 affects Centrify Server Suite (2008–2014.1) and Centrify DirectControl (3.x–4.2.0) on Linux/Unix. The root cause is improperly protected setuid functionality in adsetgroups, allowing local users to read arbitrary files with root privileges. The documents do not provide exploitation ...

PT-2019-4107 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.34 through 5.2.x Description: A buffer overflow flaw was found in the Linux kernel's vhost functionality, which translates virtqueue buffers to IOVs and logs buffer descriptors during migration. This flaw can be...

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

No description provided by source. DrayTek VigorACS SI = 1.3.0 Vigor ACS-SI Edition is a Central Management System for DrayTek routers and firewalls, providing System Integrators or system administration personnel a real-time integrated monitoring, configuration and management platform...

MGASA-2014-0413 Updated chromium-browser-stable packages fix security vulnerabilites

Updated chromium-browser-stable packages fix security vulnerabilities: Several security issues and other bugs have been fixed since our previous update. See the upstream release announcements for details. Note that as of version 35, the Chromium browser no longer supports browser plugins, includi...

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This is not so much a software vulnerability but more a configuration issue. 2.2 Unauthenticated...

plazathai.com XSS vulnerability

Open Bug Bounty ID: OBB-51290 Description| Value ---|--- Affected Website:| plazathai.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

Splunk collect file Directory Traversal (CVE-2013-6771)

A directory traversal vulnerability has been found in Splunk. The vulnerability is due to insufficient sanitization of user-provided input to the advanced search functionality in the "file" parameter of the "collect" script...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 update

Red Hat JBoss BRMS 6.0.3, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.3 update

Red Hat JBoss BPM Suite 6.0.3, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

osCommerce 2.3.4 - Multiple vulnerabilities

No description provided by source. Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerable...

Medium: json-c

Issue Overview: The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions. Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service...

Wordpress Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities Google Dork: N/A Date: 09.09.2014 Exploit Author: Fikri Fadzil - email protected Vendor Homepage - http://wpsuportplus.byethost7.com/...

WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities

WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities Exploit Title: Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities Google Dork: N/A Date: 09.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor...

[SECURITY] Fedora 20 Update: glibc-2.18-14.fc20

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Debian DSA-3012-1 : eglibc - security update

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve...

[SECURITY] [DSA 3013-1] s3ql security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3013-1 [email protected] http://www.debian.org/security/ Florian Weiemr August 27, 2014 http://www.debian.org/security/faq -...