CentOS 6 : libreoffice (CESA-2015:1458)

Updated libreoffice packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Several Critical Flaws Patched in Drupal Module

There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drup...

Moderate: Red Hat Security Advisory: libreoffice security, bug fix, and enhancement update

Updated libreoffice packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

[SECURITY] Fedora 21 Update: drupal7-feeds-2.0-0.12.alpha9.fc21

Import or aggregate data as nodes, users, taxonomy terms or simple database records. This package provides the following Drupal modules: feeds feedsimport feedsnews requires drupal7-features and drupal7-views feedsui...

WordPress Modern Tribe Eventbrite Tickets Plugin <= 3.10.1 - XSS

This vulnerability is in the Event Import page. It allows an attacker to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. Solution Update the plugin...

Just-Metadata - Tool that Gathers and Analyzes Metadata about IP Addresses

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the...

Drupal User Import Module Cross-Site Request Forgery Vulnerability

Drupal is a free and open source content management system developed in PHP.User Import is a module that provides the ability to import users. A cross-site request forgery vulnerability exists in the Drupal User Import module that allows remote attackers to construct malicious URIs, trick users...

CVE-2015-4390

Multiple cross-site request forgery CSRF vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 continue or 2 delete an ongoing import via unspecified vectors...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 continue or 2 delete an ongoing import via unspecified vectors...

CVE-2015-4390

The vulnerability CVE-2015-4390 affects the Drupal contributed module User Import (versions 6.x-4.x prior to 6.x-4.4 and 7.x-2.x prior to 7.x-2.3). A Cross-Site Request Forgery (CSRF) flaw exists in management URLs that could trick an administrator into continuing or deleting an ongoing import, e...

CVE-2015-4390

Multiple cross-site request forgery CSRF vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 continue or 2 delete an ongoing import via unspecified vectors...

Shopify: XSS at importing Product List

steps t reproduce: goto https://blahblah.myshopify.com/admin/products click on Import Products and upload the file in attachment and you will be able to trigger XSS...

SAP HANA DB Arbitrary File Read Vulnerability

SAP HANA DB is an in-memory database based on rows and columns. SAP HANA DB has a security vulnerability that allows remote attackers to read arbitrary files using the IMPORT FROM SQL statement...

Lychee 'importUrl()' function remote code execution vulnerability

Lychee is a free, open source image management tool. A remote code execution vulnerability exists in Lychee. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application, which could also result in a denial of service...

WordPress Custom Contact Forms Plugin <= 5.1.0.3 - Database Import/Export

This plugin is prone to a database import/export vulnerabilities. Solution Update the plugin...

Alienvault OSSIM/USM Multiple Vulnerabilities

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects all previous versions as well. Fixed Version: No fix ha...

Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects all previous versions as well. Fixed Version: No fix ha...

Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities

Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely...

Fedora 21 : libreoffice-4.3.7.2-3.fc21 (2015-7022)

Fix some .docx import crashes. And finally fix the re-render of checked-unchecked checkbox transition update to 4.3.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and forma...

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...