211 matches found
CVE-2018-18864
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed...
CVE-2018-18864
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed...
Design/Logic Flaw
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed...
CVE-2018-18864
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed...
CVE-2018-18864
Loadbalancer.org Enterprise VA MAX before 8.3.3 is affected by an Unauthenticated Stored XSS in the Apache logs. The PacktStorm entry details two vulnerability paths: (1) input from Basic Auth username stored in the Apache Error Log (HTTPS only), and (2) injected JavaScript via URLs (/?) stored i...
Loadbalancer.org Enterprise VA MAX Cross Site Scripting
Title: Loadbalancer.org Enterprise VA MAX - Unauthenticated Stored XSS Author: Jakub Palaczynski Date: 24. July 2018 CVE: CVE-2018-18864 Affected product: ============= Loadbalancer.org Enterprise VA MAX before 8.3.3 Impact: ====== Remote Code Execution with root privileges. Vulnerability -...
Security Bulletin: GNU C library (glibc) vulnerability is fixed in IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance ISAM ESSO VA Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: glibc is vulnerable to a heap-based buffer overflow, caused by...
Flexense DiskBoss 9.1.16 Cross Site Scripting
Description: URL: l ocalhost/ Affected Component: /?n0ipr0csalert'XSS'n0ipr0cs=1 Vulnerability Type: Cross Site Scripting https://cwe.mitre.org/data/definitions/79.html Vendor of Product: Flexense-DiskBoss Version: v7.4.28 to v9.1.16 Attack Type: Remote Impact: This attack allows an attacker code...
Flexense DiskPulse 10.7 Cross Site Scripting
Description: URL: localhost/ Affected Component: /?n0ipr0csalert'XSS'n0ipr0cs=1 Vulnerability Type: Cross Site Scripting https://cwe.mitre.org/data/definitions/79.html Vendor of Product: Flexense DiskPulse Version: from v10.4 to v10.7. Attack Type: Remote Impact: This attack allows an attacker co...
Kernel update: new kernel 3.10.0-693.21.1.vz7.46.7, Virtuozzo 7.0 Update 7 Hotfix 2 (7.0.7-453)
The Hotfix 2 for Virtuozzo 7.0 Update 7 provides a new kernel 3.10.0-693.21.1.vz7.46.7 that introduces stability and usability bug fixes. In addition, this kernel was recompiled by the updated gcc with retpolines support. Retpolines are a technique used by the kernel to reduce overhead of...
Product update: Virtuozzo Automator 7.0 Update 2 Hotfix 5 (VA MN: 7.0.2-597, VA Agent: 7.0.2-320)
This hotfix for Virtuozzo Automator 7.0.2 provides a new feature as well as stability and usability bug fixes. Vulnerability id: PVA-35645 Systemd reported the 'va-agent/va-mn' service as started before it had been initialized. Vulnerability id: PVA-37260 Scheduled backup of a large VM could fail...
My short review of “IDC Worldwide Security and Vulnerability Management Market Shares 2016”
On February 12 IDC published new report about Security and Vulnerability Management market. You can buy it on the official website for $4500. Or you can simply download free extract on Qualys website Thanks, Qualys!. I've read it and now I want to share my impressions. I think it's better start...
pittsburgh.va.gov XSS vulnerability
Vulnerable URL: https://www.pittsburgh.va.gov/Video//player.swf?tracecall=alert%22OPENBUGBOUNTY%22 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP websi...
[SECURITY] Fedora 26 Update: gstreamer1-vaapi-1.12.0-1.fc26
A collection of GStreamer plugins to let you make use of VA API video acceleration from GStreamer applications. Includes elements for video decoding, display, encoding and post-processing using VA API subject to hardware limitations...
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86 - Disable ASLR Shellcode 80 bytes. Shellcode exploit for Linx86 platform / Linux/x86 setuid-disable-aslr.c by @abatchy17 - abatchy.com Shellcode size: 80 bytes SLAE-885 section .text global start start: ; ; setruid0,0 ; xor ecx,ecx mov ebx,ecx push 0x46 pop eax int 0x80 ; ;...
Product security update: Virtuozzo Automator 6.1 Update 2 Hotfix 3
The new packages for Virtuozzo Automator 6.1 introducing a new feature, a security fix, and usability bug fixes for VA Agent for Linux. Vulnerability id: PVA-27270 In cases when multiple containers were processed in a single task by external tools like 'vzabackup', Power Panel of any container...
Security update for Mozilla Thunderbird (important)
This update contains Mozilla Thunderbird 45.2. boo983549 It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed: - CVE-2016-2818, CVE-2016-2815: Memory safety bugs...
shirvan-va-chardavol.locopoc.com XSS vulnerability
Vulnerable URL: http://shirvan-va-chardavol.locopoc.com/q-dd524-'-alert'OPENBUGBOUNTY'-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 21106 VIP website status:| Yes Check...
openSUSE Security Update : Chromium (openSUSE-2016-109)
Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2016-1612: Bad cast in V8 boo963184 - CVE-2016-1613: Use-after-free in PDFium boo963185 - CVE-2016-1614: Information leak in Blink boo963186 - CVE-2016-1615: Origin confusion in...
Security update for Chromium (important)
Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 boo963184 - CVE-2016-1613: Use-after-free in PDFium boo963185 - CVE-2016-1614: Information leak in Blink boo963186 - CVE-2016-1615: Origin confusion in...