CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

UBUNTU-CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

CVE-2016-2157

CVE-2016-2157 is a CSRF vulnerability in Moodle affecting mod/assign/adminmanageplugins.php. It lets remote attackers hijack administrator authentication for requests that manage Assignment plugins. Affected Moodle versions include through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x b...

WiFi-Pumpkin v0.7.5 - Framework for Rogue Wi-Fi Access Point Attack

WiFi-Pumpkin is a security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 2.0.5 Python 2.7 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git cd WiFi-Pumpkin chmod +x installer.sh ./installer.sh --install refer t...

[SECURITY] Fedora 22 Update: owncloud-8.2.4-1.fc22

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

Code injection

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link...

CVE-2015-5208

Apache Cordova iOS prior to 4.0.0 contains a vulnerability that allows arbitrary plugin execution when a user accesses a specially crafted link. The issue affects Cordova iOS up to version 3.x and is remedied by upgrading Cordova to 4.0.0 or later and rebuilding the iOS application.

Apache Cordova iOS Arbitrary Plugin Execution Vulnerability

Adobe PhoneGap is a set of open source development frameworks. Apache Cordova iOS is a set of platforms for developing iOS-based mobile applications using HTML, CSS, and JavaScript, and is the core engine that drives PhoneGap. A security vulnerability exists in Apache Cordova iOS that allows remo...

CVE-2016-1205

Cross-site scripting XSS vulnerability in the shiro8 1 categoryfreearea additionplugin plugin 1.0 and 2 itemdetailfreearea additionplugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Fedora 23 : webkitgtk4-2.12.1-1.fc23 (2016-cb7a73c82e)

Highlights in 2.12.0: Enable FTL by default in JavaScriptCore for x8664. Network process is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. Switch to use overlay scrollbars like all other GTK+ widge...

openSUSE Security Update : apparmor (openSUSE-2016-491)

This update for apparmor updates some profiles. It is specifically required for the Samba security update. profile updates : - sbin.syslog-ng - usr.sbin.identd - usr.sbin.nscd allows nscd paranoia mode - usr.sbin.smbd - usr.sbin.smbldap-useradd - apache2.d/phpsysinfo updated abstractions : - aspe...

IPv6 Validation Toolkit

The IPv6 framework is a robust set of modules and plugins that allow a user to audit an IPv6 enabled network. The built-in modules support enumeration of IPv6 features such as ICMPv6 and Multicast Listener Discovery MLD. In addition, the framework also supports enumeration of Upper Layer Protocol...

DET - Data Exfiltration Toolkit

DET is provided AS IS, is a proof of concept to perform Data Exfiltration using either single or multiple channels at the same time. The idea was to create a generic toolkit to plug any kind of protocol/service. Slides DET has been presented at BSides Ljubljana on the 9th of March 2016 and the...

[SECURITY] Fedora 24 Update: pulp-puppet-2.8.2-1.fc24

Provides a collection of platform plugins, client extensions and agent handlers that provide Puppet support...

ANT+ Plugins Service - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application ANT+ Plugins Service published at the 'play' market has multiple vulnerabilities...

CVE-2016-1573

Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope...

cscmsV4 /plugins/vod/controllers/lists.php sql注入漏洞

No description provided by source...

Security Issue with multimedia playback on Mac OSX

Currently your multimedia playback method uses an older and insecure method. I had to reinstate old plugins to make it work, and I would like to be able to disable these plugins as soon as possible. Can you please update your code for this as outlined here: https://support.apple.com/en-au/HT20508...

DbDat - Db Database Assessment Tool

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...