Design/Logic Flaw

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...

CVE-2013-7179

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...

CVE-2013-7137

The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burdenuserrememberme cookie to 1...

CSRF, DoS and IL vulnerabilities in WordPress

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

[DAVOSET] Tool for conducting DDoS attacks

DAVOSET – it is console command line tool for conducting DDoS attacks on the sites via Abuse of Functionality vulnerabilities at other sites. Changelog v1.1.5 Added error handler in GetCookie. Added new services into lists of zombies. Removed non-working services from lists of zombies. Usage 1...

Scientific Linux Security Update : xorg-x11-server on SL6.x i386/x86_64 (20131121)

A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure. CVE-2013-1940 This...

CVE-2013-6039

Multiple cross-site scripting XSS vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to 1 admin/hostdependencies.php, 2 admin/hosts.php, or other unspecified pages that allow search input, related to the search functionali...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to 1 admin/hostdependencies.php, 2 admin/hosts.php, or other unspecified pages that allow search input, related to the search functionali...

CVE-2013-6039

Multiple cross-site scripting XSS vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to 1 admin/hostdependencies.php, 2 admin/hosts.php, or other unspecified pages that allow search input, related to the search functionali...

PT-2013-5935 · Nagios · Nagiosql

Name of the Vulnerable Software and Affected Versions: NagiosQL version 3.2 SP2 Description: The issue is related to multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to various pages,...

CVE-2013-5414

The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...

CVE-2013-5379

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality...

CVE-2013-5379

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality...

Design/Logic Flaw

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

[SECURITY] Fedora 18 Update: gnupg2-2.0.22-1.fc18

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

[SECURITY] Fedora 19 Update: gnupg2-2.0.22-1.fc19

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Cisco IOS Software DHCP Server remember Functionality Vulnerability

An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit...

SOL14734 - Apache HTTP server vulnerability CVE-2013-2249

Recommended Action To mitigate this vulnerability for ARX, do not enable the API functionality. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security...

Multiple vulnerabilities in RokStories for WordPress

Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokStories for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...