UBUNTU-CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

[SECURITY] Fedora 22 Update: shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc22

Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...

[SECURITY] Fedora 23 Update: shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23

Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...

Veeam Management Pack 8.0 for System Center Update 1 Release Notes

Challenge Release Notes for Veeam Management Pack 8.0 for System Center Update 1. Cause Please confirm you are running Veeam Management Pack 8.0 prior to installing this update. You can check this in Operations Manager console under Administration | Management Packs, the build number should be...

SAML Raider - SAML2 Burp Extension

SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates. This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik...

CVE-2015-8761

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import...

Local File Disclosure

SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML without a $basedir will not import images with relative URLs, and relative...

SUSE-SU-2015:2171-1 Security update for gpg2

The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring bsc918089. - CVE-2015-1607: Fixed memcpy with overlapping ranges bsc918090. - bsc955753: Fixed a regression of 'gpg --recv' due to keyserver impor...

SUSE-SU-2015:2171-2 Security update for gpg2

The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring bsc918089. - CVE-2015-1607: Fixed memcpy with overlapping ranges bsc918090. - bsc955753: Fixed a regression of 'gpg --recv' due to keyserver impor...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2015-08318)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the 'importScripts' function in the Web Workers API implementation in Mozilla Firefox versions prior to 43.0. A remote attacker can exploit this vulnerability...

SUSE-SU-2015:2172-1 Security update for orca

This orca update fixes the following security issue. - Don't try to import modules from current working directory bsc916835, CVE-2013-4245...

Zendesk: [CRITICAL] CSRF leading to account take over

Hi , I have found a CSRF issue in .zendesk.com/jobs/createjob that leads to full account take over. Details: When using bulk user import in https://.zendesk.com/import?kind=user after you upload a CSV file and press import , a request is sent to...

targets-xml NSE Script

Loads addresses from an Nmap XML output file for scanning. Address type IPv4 or IPv6 is determined according to whether -6 is specified to nmap. Script Arguments targets-xml.iX Filename of an Nmap XML file to import targets-xml.state Only hosts with this status will have their addresses input...

GLSA-201511-01 : MirBSD Korn Shell: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201511-01 MirBSD Korn Shell: Arbitrary code execution Improper sanitation of environment import allows for appending of values to passed parameters. Impact : An attacker who already had access to the environment could so append...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.1-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

CVE-2008-1530

GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."...

UBUNTU-CVE-2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function pythonmodulepath...

SAP Netwaver - XML External Entity Injection

Title: SAP Netwaver - XML External Entity Injection Author: Lukasz Miedzinski GPG: Public key provided in attachment Date: 29/10/2014 CVE: CVE-2015-7241 Affected software : =================== SAP Netwear : 7.01 Vendor advisories only for customers: =================== External ID : 851975 2014...