HP Virtual Table Server (VTS) Database Import RCE

The HP Virtual Table Server running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a malicious connection string or SQL command, to execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...

Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-RFI.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ================================ Advanced Electron Forum v1.0.9 AEF Exploit patched current version...

CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

UBUNTU-CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

[SECURITY] Fedora 22 Update: shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc22

Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...

[SECURITY] Fedora 23 Update: shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23

Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...

Veeam Management Pack 8.0 for System Center Update 1 Release Notes

Challenge Release Notes for Veeam Management Pack 8.0 for System Center Update 1. Cause Please confirm you are running Veeam Management Pack 8.0 prior to installing this update. You can check this in Operations Manager console under Administration | Management Packs, the build number should be...

SAML Raider - SAML2 Burp Extension

SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates. This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik...

CVE-2015-8761

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import...

Local File Disclosure

SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML without a $basedir will not import images with relative URLs, and relative...

SUSE-SU-2015:2171-1 Security update for gpg2

The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring bsc918089. - CVE-2015-1607: Fixed memcpy with overlapping ranges bsc918090. - bsc955753: Fixed a regression of 'gpg --recv' due to keyserver impor...

SUSE-SU-2015:2171-2 Security update for gpg2

The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring bsc918089. - CVE-2015-1607: Fixed memcpy with overlapping ranges bsc918090. - bsc955753: Fixed a regression of 'gpg --recv' due to keyserver impor...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2015-08318)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the 'importScripts' function in the Web Workers API implementation in Mozilla Firefox versions prior to 43.0. A remote attacker can exploit this vulnerability...

SUSE-SU-2015:2172-1 Security update for orca

This orca update fixes the following security issue. - Don't try to import modules from current working directory bsc916835, CVE-2013-4245...

Zendesk: [CRITICAL] CSRF leading to account take over

Hi , I have found a CSRF issue in .zendesk.com/jobs/createjob that leads to full account take over. Details: When using bulk user import in https://.zendesk.com/import?kind=user after you upload a CSV file and press import , a request is sent to...

targets-xml NSE Script

Loads addresses from an Nmap XML output file for scanning. Address type IPv4 or IPv6 is determined according to whether -6 is specified to nmap. Script Arguments targets-xml.iX Filename of an Nmap XML file to import targets-xml.state Only hosts with this status will have their addresses input...

GLSA-201511-01 : MirBSD Korn Shell: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201511-01 MirBSD Korn Shell: Arbitrary code execution Improper sanitation of environment import allows for appending of values to passed parameters. Impact : An attacker who already had access to the environment could so append...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.1-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...