Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. The vulnerability allows a malicious person to execute arbitrary code in the context of the browser if it manages to get the user to visit a rogue page to visit a vulnerable Drupal site. Drupal has released updates to fix the vulnerability. For more...

Rockstar Games: stored XSS (angular injection) in support.rockstargames.com using zendesk register form via name parameter

In this report, the researcher discovered that registering for our Support site using the Zendesk Registration Form allowed for entering an AngularJS Template Injection payload as the Username. This could have allowed an attacker to perform Stored XSS attacks or similar. We deployed a fix for thi...

CloudBees Jenkins CI and Jenkins LTS Denial of Service Vulnerabilities

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

nph-maillist 3.0/3.5 Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the subscription form,...

phpcms v9. 1. 1 5 sql and XSS exploits-vulnerability warning-the black bar safety net

phpcms v9. 1. 1 5 The official demo site has been updated to 9.1.16: the http://v9.demo.phpcms.cn/ XSS public function publicgetsuggestkeyword $url = $GET'url'.'& q='.$ GET'q'; echo $url; $res = @filegetcontents$url; ifCHARSET != 'gbk' $res = iconv'gbk', CHARSET, $res; echo $res; Use method:...