Cross site scripting

Cross-site scripting XSS vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the exclmanual parameter in the xclonershow page to wpadmin/plugins.php...

Opsview <= 4.6.2 - Multiple XSS Vulnerabilities

Exploit for php platform in category web applications Exploit title: Opsview 4.6.2 - Multiple XSS Date: 07-06-2015 Vendor homepage: www.opsview.com Version: 4.6.2 CVE: CVE-2015-4420 Author: Dolev Farhi @dolevf Tested On: Kali Linux + Windows 7 Details: -------- Opsview is a monitoring system base...

CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]

Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin Privilege escalation Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE:...

WordPress dzs-zoomsounds Plugins <= 2.0 - Remote File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress dzs-zoomsounds Plugins Remote File Upload Vulnerability Vendor : http://digitalzoomstudio.net/docs/wpzoomsounds/ Author: bl4ck-dz Date: 28/05/2015 Infected File: upload.php Category: webapps Google...

SUSE SLED12 Security Update : gstreamer-0_10-plugins-bad (SUSE-SU-2015:0942-1)

gstreamer-010-plugins-bad was updated to fix a security issue, a buffer overflow in mp4 parsing bnc927559 CVE-2015-0797. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and form...

SUSE SLED11 Security Update : gstreamer-0_10-plugins-bad (SUSE-SU-2015:0921-1)

gstreamer-010-plugins-bad was updated to fix a security issue, a buffer overflow in mp4 parsing bnc927559 CVE-2015-0797. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and form...

SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:0281-1)

This strongswan update fixes the following security and non security issues. - Disallow brainpool elliptic curve groups in fips mode bnc856322. - Applied an upstream fix for a denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellma...

SUSE SLED12 / SLES12 Security Update : webkitgtk (SUSE-SU-2015:0688-1)

This update fixes the following security issues : - Fix SSL connection issues with some websites after the POODLE vulnerability fix. - Fix a crash when loading flash plugins. - Fix build on GNU Hurd - Fix build on OS X. - Fix documentation of webkitprintoperationgetpagesetup. - Security fixes:...

Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scripting (XSS)

The jQuery prettyPhoto library bundled with many plugins was found to be vulnerable to DOM Cross-Site Scripting XSS. PoC http://www.example.com/prettyPhotogallery/1,/...

Fedora 22 : NetworkManager-1.0.2-1.fc22 / NetworkManager-openconnect-1.0.2-1.fc22 / etc (2015-7767)

This is an update of NetworkManager, the VPN plugins, applet and connection editor to 1.0.2 stable release. The update includes bug fixes, feature additions, translation updates and a fix for the CVE-2015-2924 denial of service security issue with low impact. Note that Tenable Network Security ha...

WordPress Multiple XSS

According to its version number, the WordPress application running on the remote web server is either version 3.7.x prior to 3.7.8, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.6, 4.1.x prior to 4.1.5, or 4.2.x prior to 4.2.2. It is, therefore, potentially affected by multiple cross-site scripting...

WordPress Sites Backdoored, Leaking Credentials

WordPress site administrators just cannot come up for air. With a raft of WordPress vulnerabilities—most of them in plugins—to address, now comes word that a number of sites running the content management system have been compromised and are sending credentials via a backdoor to a criminal group...

FreeBSD : wordpress -- 2 XSS vulnerabilities (d86890da-f498-11e4-99aa-bcaec565249c)

Samuel Sidler reports : The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org including the Twenty Fifteen default theme have been updat...

Vulnerabilities Identified in Two WordPress Plugins

The last few months have seen a significant uptick in WordPress plugin vulnerabilities, and judging by advisories issued this week regarding another another pair of insecure plugins, the trend will likely continue for the time being. The first vulnerability, discovered by security firm High Tech...

MGASA-2015-0188 Updated gstreamer0.10-plugins-bad packages fix security vulnerabilities

Updated gstreamer0.10-plugins-bad packages fix security vulnerability: Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code CVE-2015-0797...

Updated gstreamer0.10-plugins-bad packages fix security vulnerabilities

Updated gstreamer0.10-plugins-bad packages fix security vulnerability: Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code CVE-2015-0797...

Elasticsearch vulnerability CVE-2015-3337

Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch. This vulnerability is not present in the initial installation of Elasticsearch. The vulnerability is exposed...

Web Application Security Scanner Framework: Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...

[SECURITY] Fedora 20 Update: ikiwiki-3.20150329-1.fc20

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

[SECURITY] Fedora 21 Update: ikiwiki-3.20150329-1.fc21

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...