WordPress Make A Statement Cross Site Request Forgery Vulnerability

WordPress Make A Statement theme suffers from a cross site request forgery vulnerability. Title : Wordpress Make A Statement Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Version : 1.x.x Vendor :...

PYSEC-2013-13

Salt aka SaltStack before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe...

Attachmate Verastream Host Integrator (VHI) allows arbitrary file upload and execution

Overview The Attachmate Verastream Host Integrator VHI is vulnerable to arbitrary file uploads and execution. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-3626The Attachmate VHI Session Server, on all platforms, allows unauthenticated...

Threat Outbreak Alert: Fake Account Statement Document Email Messages on October 29, 2013

Medium Alert ID: 31527 First Published: 2013 October 29 15:20 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account statement attachment for the recipient. The text in the email message attempts to convince the...

Threat Outbreak Alert: Fake Financial Account Statement Email Messages on October 23, 2013

Medium Alert ID: 31481 First Published: 2013 October 24 17:04 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account statement for the recipient. The text in the email message attempts to convince the recipient to op...

Threat Outbreak Alert: Fake Financial Account Statement Email Messages on October 16, 2013

Medium Alert ID: 31325 First Published: 2013 October 17 15:15 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a financial statement for the recipient. The text in the email message attempts to convince the recipient to...

Google Malaysia Site Hijacked

The Google domain for Malaysia was hijacked on Thursday night, redirecting visitors to a page that said a group called Madleets from Pakistan had performed the attack. The domain has been restored now, but the name servers for the domain had been changed to a pair controlled by the attackers...

Threat Outbreak Alert: Fake Traffic Incident Information Email Messages on September 23, 2013

Medium Alert ID: 30945 First Published: 2013 September 23 20:01 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a traffic fine statement for the recipient. The message attempts to persuade the recipient to open the...

Threat Outbreak Alert: Fake Bank Account Statement Email Messages on June 18, 2014

Medium Alert ID: 30861 First Published: 2013 September 18 16:04 GMT Last Updated: 2014 June 19 12:33 GMT Version: 16 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a bank statement notification for the recipient. The text in the messa...

IBM Db2 DML Statement Execution Remote Privilege Escalation Vulnerability - Linux

IBM DB2 is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2"; ifdescription...

IBM Db2 DML Statement Execution Remote Privilege Escalation Vulnerability

IBM Db2 is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2"; ifdescription...

Threat Outbreak Alert: Fake Bank Statement Email Messages on September 4, 2013

Medium Alert ID: 30647 First Published: 2013 September 4 14:32 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a bank account statement for the recipient. The text in the email message attempts to convince the recipient ...

Alpaca the CMS injection and getwebshell code audit study-vulnerability warning-the black bar safety net

Recently in the study of code audit,will go to chinaz looking for a personal gas of a relatively high cms,this fit I just start dropping people Ue batch checked the source code of the entire system are in the injection the injection Well,single quotes Ah,also need to bypass,open the gpc will...

joomsport pro and std

joomsport, pro 3.1.1 and std 2.0 , Directory Traversal developers release statement Security notes put in product description and put release notes on our site for both products http://joomsport.com/downloads/components.html?lang=en - Here is the link for standard updated release...

Threat Outbreak Alert: Fake Invoice Statement Attachment Email Messages on August 15, 2013

Medium Alert ID: 30439 First Published: 2013 August 16 18:32 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an invoice statement for the recipient. The text in the email message attempts to convince the recipient to ope...

Two Vulnerabilities in NetworkMiner : DLL Hijacking + Directory Traversal

Security Advisory ID: NETRESEC-1386968 http://netresec.com/?b=1386968 NetworkMiner version 1.4.1 and older is vulnerable to DLL hijacking and contains a directory traversal vulnerability. ==Description== NetworkMiner is a tool designed for network forensics and network security monitoring. It is...

Threat Outbreak Alert: Fake Bank Statement Notification Email Messages on August 1, 2013

Medium Alert ID: 30275 First Published: 2013 August 1 14:49 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a bank statement notification for the recipient. The text in the email message attempts to convince the recipien...

Apple’s Developer Center Offline for 32 Hours; Compromised ?

It’s been over a day now since Apple’s online Dev Center went offline, and latest message can be seen in the screenshot, which explains that the current maintenance has took a lot longer than they expected. "We apologize that maintenance is taking longer than expected. If your program membership...

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddav: Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault. modsessiondbd: Make sure that dirty flag is respected when...

Cross site scripting

Cross-site scripting XSS vulnerability in viewcreate.php aka the Create View page in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message...