WordPress Lazy Load Plugin <= 0.6 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

XSS in Mail Whitelist Field

Jira Admins can create a persistant XSS on the Incoming Mail configuration page. When the value code "alert1 code is inserted into the Witelisted Domain field on the page code /secure/admin/IncomingMailServers.jspa code The javascript persists and executes on page load. This was tested on Jira...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160712)

Security Fix : - A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the the splice system call. A local unprivileged user on a...

OLX: XSS on Home page olx.com.ar via auto save search text

Hi guys, I found XSS vulnerability on Home page olx.com.ar via auto save search text 1. Copy full link and go to the URL in browser: https://www.olx.com.ar/nf/search/xss%22-'%20%22%3E%3Ciframe/src%20////onload%20=%20alertdocument.cookie%20onerror=alertdocument.cookie 2. Click logo button go back ...

Fedora 22 : xen (2016-4edd58a3b5)

cleaner way to set kernel module load list Unrestricted qemu logging XSA-180, CVE-2014-3672 1339125 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in espregwrite CVE-2016-4439 1337502 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in getcmd CVE-2016-4441 1337505 Qemu: scsi: megasa...

Fedora 24 : xen (2016-cfea37952b)

cleaner way to set kernel module load list Unrestricted qemu logging XSA-180, CVE-2014-3672 1339125 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in espregwrite CVE-2016-4439 1337502 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in getcmd CVE-2016-4441 1337505 Qemu: scsi: megasa...

RHEL 6 : kernel (RHSA-2016:1406)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1406 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of...

CentOS Update for kernel CESA-2016:1406 centos6

Check the version of kernel SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882518";...

CentOS 6 : kernel (CESA-2016:1406)

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

RedHat Update for kernel RHSA-2016:1406-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2016:1406 Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS ba...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

Vulnerabilities in the Google Chrome browser, which allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in Google Chrome allow attackers to cause service failures or exert other types of influence on the system. This vulnerability is related to the loadtruetypeglyph function in the truetype/ttgload.c file of FreeType, as well as other functions and components...

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

The vulnerability exists in the file due to an incorrect limitation on the number of data items that can be viewed during regular expression searches. Exploiting this vulnerability allows malicious actors operating remotely to cause a service failure excessive CPU usage by using a specially craft...

The vulnerability of the Firefox ESR browser allows a malicious attacker to execute arbitrary code.

Mozilla Firefox ESR’s software contains a vulnerability in the nsDocShell::InternalLoad function. Exploiting this vulnerability allows an attacker to execute arbitrary code by performing “cross-site scripting” attacks using specially crafted network requests...

CVE-2016-1606

Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via 1 the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, 2 the CPName property value to...

Selfrando Technique Mitigates Attacks Unmasking Tor Users

The FBI’s apparent capability to unmask users of the Tor Network has caused hand-wringing among those concerned with privacy and civil liberties, many of whom are busy trying to win legal battles to get law enforcement to confess as to how they’re doing it. A team of academics and researchers,...

Microsoft Windows - Custom Font Disable Policy Bypass

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=779 Windows: Custom Font Disable Policy Bypass Platform: Windows 10 Only Class: Security Feature Bypass Summary: It’s possible to bypass the ProcessFontDisablePolicy check in win32...

USN-3011-1: HAProxy vulnerability

Falco Schmutz discovered that HAProxy incorrectly handled the reqdeny filter. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service...

The vulnerability of Google Chrome allows a perpetrator to load arbitrary modules or obtain confidential information.

The vulnerability of the createCustomType function in the extensions/renderer/resources/binding.js module of Google Chrome’s bindings extension is related to the lack of type checking for the modules. Exploiting this vulnerability could allow a malicious actor to load any modules remotely or obta...