Debian Security Advisory DSA 3403-1 (libcommons-collections3-java - security update)

This update backports changes from the commons-collections 3.2.2 release which disable the deserialisation of the functors classes unless the system property org.apache.commons.collections.enableUnsafeSerialization is set to true . This fixes a vulnerability in unsafe applications deserialising...

Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory — Mozilla

Security researcher Kent Howard reported an Apple issue present in OS X 10.10 Yosemite where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X fr...

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

Advisory ID: HTB23226 Product: Forma Lms Vendor: http://www.formalms.org/ Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: November 4, 2014 Public Disclosure: Novemb...

MODX Revolution 2.2.14 CSRF / XSS Vulnerabilities

MODX Revolution version 2.2.14 suffers from reflective cross site scripting, persistent cross site scripting, and cross site request forgery vulnerabilities. Product: MODX Revolution Vendor: MODX Vulnerable Versions: 2.0.0–2.2.14 Tested Version: 2.2.14 Advisory Publication: 16 July, 2014 without...

Reflected Cross-Site Scripting (XSS) in MODX Revolution

High-Tech Bridge Security Research Lab discovered vulnerability in MODX Revolution, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in MODX Revolution: CVE-2014-5451 The vulnerability exists due to insufficient sanitization of input data...

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

High-Tech Bridge Security Research Lab discovered two vulnerabilities in Forma Lms, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable website. 1 Reflected Cross-Site Scripting XSS in Forma Lms: CVE-2014-5257 1.1 The vulnerability exists due to insufficient...

PicturesPro Photo Cart 3.9 - Search Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30798/info Photo Cart is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browse...

Yblog funk.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in...

Exiv2 - Corrupted EXIF Data Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16400/info Exiv2 is susceptible to a denial-of-service vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input data before attempting to read it, resulting in an...

Yblog uss.php action Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in...

ASP Portal Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic conten...

Gcards 1.13 Addnews.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20461/info gcards is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in the context of...

LinPHA 1.3.2/1.3.3 new_images.php XSS

No description provided by source. source: http://www.securityfocus.com/bid/34500/info LinPHA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Attackers can leverage these issues to execute arbitrary script code in the...

Openfire <= 3.6.2 'user-properties.jsp' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32938/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Simpnews 2.x admin/pwlost.php Unspecified XSS

No description provided by source. source: http://www.securityfocus.com/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute...

BOINC 5.10.20 text_search_action.php search_string Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25644/info BOINC Berkeley Open Infrastructure for Network Computing is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage...

Apple Mac OS X Server 10.5 - Wiki Server Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28278/info Apple Mac OS X Server Wiki Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary...

DanPHPSupport 0.5 index.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code...

CVE-2013-4729

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

CVE-2013-4729

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...