CVE-2015-2172

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...

Cross site request forgery (csrf)

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API...

KLA10514 Multiple vulnerabilities in PHP and plugins

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service. Below is a complete list of vulnerabilities 1. Multiple use-after-free vulnerabilities can be...

Fedora 22 : dokuwiki-0-0.24.20140929c.fc22 (2015-3079)

This update fixes CVE-2015-2172 - There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own...

Fedora 21 : dokuwiki-0-0.24.20140929c.fc21 (2015-3186)

This update fixes CVE-2015-2172 - There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own...

IT-Grundschutz M4.368: Regelmaessige Audits der Terminalserver-Umgebung

IT-Grundschutz M4.368: Regelmaessige Audits der Terminalserver-Umgebung. Stand: 14. Ergaenzungslieferung 14. EL. Hinweis: Es wird lediglich ein Meldung ausgegeben, dass mit aktuelleten Plugins getestet werden soll. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted...

Adobe CVE-2011-2461 Remains Exploitable Via Flex Four Years After Patch

UPDATE: This article has been updated to add commentary and clarification from Adobe. A four year old Adobe Flash patch did not properly resolve a vulnerable Flex application, and attackers can exploit the bug, which is said to affect some 30 percent of Alexa’s top 10 most popular sites in the...

All-in-One WP Migration <= 2.0.4 - Unauthenticated Database Export

Unauthenticated users can export a complete copy of the WordPress database, all plugins, themes, and uploaded files...

KLA10491 Multiple vulnerabilities in WordPress plugins

Multiple serious vulnerabilities have been found in WordPress plugins and themes. Malicious users can exploit these vulnerabilities to execute or inject arbitrary code, bypass security and read local files. Below is a complete list of vulnerabilities 1. Multiple XSS vulnerabilities were found in...

Vane - WordPress Vulnerability Scanner (A GPL fork of WPScan)

Vane is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan. INSTALL Prerequisites Windows not supported Ruby = 1.9 RubyGems Git Installing on Debian/Ubuntu sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git clone...

Google Chrome < 39.0.2171.65 Multiple Vulnerabilities

Binary data 8580.pasl...

WebRTC Found Leaking Local IP Addresses

A recently publicized hole in WebRTC, a protocol for web communication, is revealing the local IP addresses of users, even those who go to extra lengths to hide theirs by using a virtual private network. Daniel Roesler, a San Francisco-based researcher who’s dabbled in encryption, posted a...

Wordpress Video Gallery Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugins - Wordpress Video Gallery Arbitrary File Download Vulnerability Date: 17/01/2015 Exploit Author: X-Line Empire North From Tetouan Vendor Homepage: Dork : www.hdflvplayer.net Software Link:...

CVE-2014-9587

Multiple cross-site request forgery CSRF vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to 1 address book operations or the 2 ACL or 3 Managesieve plugins...

CVE-2014-9587

Multiple cross-site request forgery CSRF vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to 1 address book operations or the 2 ACL or 3 Managesieve plugins...

Integer overflow

Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a 1 negative or 2 large value in a Stream Format STRF chunk in an AVI file, which triggers a heap-based buffer overflo...

CVE-2014-10024

CVE-2014-10024 involves multiple integer signedness errors in DirectShowDemuxFilter, used by Divx Web Player, Divx Player, and other Divx plugins. The flaw arises when parsing the Stream Format (STRF) chunk in an AVI file, where a negative or excessively large value can trigger a heap-based buffe...

Fedora 21 : roundcubemail-1.0.4-2.fc21 (2014-17450)

This update provides Roundcube 1.0.4. This is a stable security update: the security fix is described by upstream as 'Fix possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins.' More details on the update are available at...

Fedora 20 : roundcubemail-1.0.4-2.fc20 (2014-17461)

This update provides Roundcube 1.0.4. This is a stable security update: the security fix is described by upstream as 'Fix possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins.' More details on the update are available at...

[SECURITY] Fedora 19 Update: claws-mail-plugins-3.11.1-1.fc19

Additional plugins for Claws Mail...