DEBIAN-CVE-2015-0209

Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...

UBUNTU-CVE-2015-0209

Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...

WordPress WP All Import Plugin <= 3.2.4 - Multiple Vulnerabilities

This plugin is prone to an SQL injection and cross site scripting vulnerabilities. Because of them, attackers can gain admin access to your website or trick you into visiting the malicious URL. Solution Update the plugin...

Debian DSA-3191-1 : gnutls26 - security update

Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0282 GnuTLS does not verify the RSA PKCS 1 signature algorithm to match the signature algorith...

WP All Import Pro <= 4.1.1 - Multiple Vulnerabilities

Multiple issues were fixed, such as Authenticated SQL Injection, Authenticated Reflected XSS and Unauthorised access to some methods...

ArcSight Logger - Arbitrary File Upload Code Execution

ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...

WordPress Custom Field Suite Plugin <= 2.4 - Insufficient Authorisation

Because of this vulnerability, attacker can import and export custom fields. Solution Update the plugin...

PhpMoAdmin vulnerability analysis report-vulnerability warning-the black bar safety net

phpMoAdmin is a convenient online MongoDB management tool that can be used to create, delete and modify databases and indexes, view and data search tool that provides database startup time and memory statistics, support for JSON format data import and export the php application. Recently named...

Wordpress WP All Import 3.2.3 plugin RCE Vulnerability

WordPress WP All Import plugin versions 3.2.3 and below suffer from a remote shell upload vulnerability. ------------------------------------------------------------------------------ WordPress WP All Import Plugin RCE ------------------------------------------------------------------------------...

WordPress WP All 3.2.3 Shell Upload

------------------------------------------------------------------------------ WordPress WP All Import Plugin RCE ------------------------------------------------------------------------------ - Vulnerability Author: James Golovich @Pritect - Exploit Author Evex @Evex1337 - Plugin Link:...

UBUNTU-CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate...

WP All Import Pro <= 4.1.0 - RCE

WP All Import does not properly verify that a user has permission to execute functions. Coupled with an interesting method that allows arbitrary functions in specific objects to be called allows this to be leveraged in many ways...

WordPress WP All Import Plugin <= 3.2.3 - Remote Code Execution

Because of this vulnerability, remote attackers can upload arbitrary files to system or retrieve any files on the system that ends in .txt or .html. Solution Update the plugin...

OpenStack Glance Denial of Service Vulnerability (CNVD-2015-01203)

Glance provides restful APIs to query the metadata of a virtual machine image, and can obtain the image. A denial of service vulnerability exists in OpenStack Glance, as the OpenStack Glance import task fails to update the image, allowing an attacker to exploit the vulnerability to crash the...

[SECURITY] Fedora 20 Update: drupal7-path_breadcrumbs-3.2-1.fc20

Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...

jbpm-designer: XXE in BPMN2 import

An XML External Entity XXE flaw was found in the jbpm-designer BPMN2 import function. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...

jbpm-designer: XXE in BPMN2 import

An XML External Entity XXE flaw was found in the jbpm-designer BPMN2 import function. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...

Nscan: Fast internet-wide scanner

Nscan: Fast internet-wide scanner Nscan is a fast Network scanner optimized for internet-wide scanning purposes and inspired by Masscan and Zmap. It has it’s own tiny TCP/IP stack and uses Raw sockets to send TCP SYN probes. It doesn’t need to set SYN Cookies so it doesn’t wastes time checking if...

Exif Pilot 4.7.2 - Buffer Overflow (SEH)

!/usr/bin/env ruby Exploit Title: Exif Pilot SEH Based Buffer Overflow Version: version 4.7.2 Download: http://www.colorpilot.com/load/exif.exe Tested on: Windows XP sp2 Exploit Author: Osanda M. Jayathissa E-Mail: osandacatunseen.is =begin Click Tools Options Customize 35mm tab Import and choose...

Wordpress Pie Register Plugin 2.0.13 - Privilege Escalation Vulnerability

Exploit for php platform in category web applications Exploit Title: Pie Register 2.0.13 Privilege escalation Date: 16-10-2014 Software Link: https://wordpress.org/plugins/pie-register/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE:...