MATCHA SNS vulnerable to code injection

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

WordPress VideoWhisper Video Presentation Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.VideoWhisper Video Presentation is a video communication plugin. A security vulnerability in the WordPress VideoWhisper Video Presentation plugin allows remote...

LinkedIn Private Bug Bounty Program Goes Public

Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve...

Unspecified PHP Code Execution Vulnerability in Bomgar Remote Support Portal Application

Bomgar Remote Support is a secure remote desktop solution. The Bomgar Remote Support Portal application fails to properly filter input, allowing remote attackers to submit special requests to execute arbitrary PHP code...

Wordpress Stored Cross-Site Scripting Zero Day Vulnerability

WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of...

WordPress Plugin MiwoFTP CSRF Arbitrary File Creation Vulnerability

WordPress is a blogging platform developed using the PHP language, users can set up their own weblogs on servers that support PHP and MySQL databases.MiwoFTP is a smart, fast, lightweight file manager plugin. The WordPress plugin MiwoFTP has a security vulnerability. As the application allows use...

Yoast Google Analytics Stored Cross Site Scripting

OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within...

Oracle Linux 5 : squirrelmail (ELSA-2009-1066)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-1066 advisory. - fix broken patch for CVE-2009-1579 - fix broken patch for CVE-2009-1579 - fix: CVE-2009-1581 : CSS positioning vulnerability - fix: CVE-2009-1579 :...

Gallery Server Pro File Upload Filter Bypass

, , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link: http://www.galleryserverpro.com/ PDF:...

Gallery Server Pro File Upload Filter Bypass Vulnerability

Gallery Server Pro suffers from a file upload filter bypass vulnerability. , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link:...

CVE-2011-5161

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under...

CentOS Update for squirrelmail CESA-2009:1066 centos3 i386

Check for the Version of squirrelmail OpenVAS Vulnerability Test CentOS Update for squirrelmail CESA-2009:1066 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

MIT Kerberos 5 GSS-API library DoS

NULL pointer dereference in server side code...

RedHat Security Advisory RHSA-2009:1066

The remote host is missing updates announced in advisory RHSA-2009:1066. A server-side code injection flaw was found in the SquirrelMail mapypalias function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service NIS server via the mapypalias...

squirrelmail security update

1.4.8-5.0.1.el53.7 - Remove Redhat splash screen images 1.4.8-5.7 - fix broken patch for CVE-2009-1579 1.4.8-5.6 - fix broken patch for CVE-2009-1579 1.4.8-5.5 - don't ship patch backup files 1.4.8-5.4 - fix: CVE-2009-1581 : CSS positioning vulnerability - fix: CVE-2009-1579 : Server-side code...

Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:110. OpenVAS Vulnerability Test $Id: mdksa2009110.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:110 squirrelmail Authors: Thomas Reinke Copyright: Copyright c 20...

Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:110. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

openSUSE 10 Security Update : squirrelmail (squirrelmail-6242)

Multiple vulnerabilities have been fixed in SquirrelMail: an XSS and input sanitization bug both CVE-2009-1578, a server-side code execution CVE-2009-1579, a login session hijacking bug CVE-2009-1580 and another bug that allowed phishing and XSS attacks CVE-2009-1581. %NASLMINLEVEL 70300 C Tenabl...

terracotta-lfidownload.txt

Its been awhile since I've posted something, so lets get to the goods. Terracotta is a an open source CMS from http://sourceforge.net/projects/terracotta/ First up, we have Full path disclosure vulnerabilities in the GET'd variable 'File'. Specify something other than whats in the list and we get...