onlinewelten.com XSS vulnerability

Vulnerable URL: http://www.onlinewelten.com/user/registrierung/?do=addmember=" Details: Description| Value ---|--- Patched:| Yes, at 21.11.2017 Latest check for patch:| 21.11.2017 20:56 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 31308 Google Pagerank| 5 VIP...

AntLabs InnGate security vulnerability patch

ANTLabs today is expected to roll out patches for a vulnerability in its InnGate Internet gateways that are popular in hospitality and convention locations. The gateways provide temporary Internet access to hotel guests or conference attendees using kiosks, for example. The vulnerability...

Schneider Electric Wonderware System Platform Vulnerabilities

OVERVIEW Ivan Sanchez of WiseSecurity Team has identified a fixed search path vulnerability in Schneider Electric’s Wonderware InTouch, Application Server, Historian, and SuiteLink applications, which are part of the Wonderware System Platform suite. Schneider Electric has produced a patch that...

MGASA-2015-0086 Updated cabextract packages fix CVE-2015-2060

A directory traversal issue in cabextract allows writing to locations outside of the current working directory, when extracting a crafted cab file that encodes the filenames in a certain manner CVE-2015-2060...

bziran.com XSS vulnerability

Vulnerable URL: http://www.bziran.com/adsregister.php?AdsID=1"RootByte Details: Description| Value ---|--- Patched:| Yes, at 21.11.2017 Latest check for patch:| 21.11.2017 20:51 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 100610 Google Pagerank| 0 VIP websit...

ManageEngine OpManager Applications Manager IT360 - FailOverServlet Multiple Vulnerabilities

ManageEngine OpManager Applications Manager IT360 - FailOverServlet Multiple Vulnerabilities Multiple vulnerabilities in FailOverServlet in ManageEngine OpManager, Applications Manager and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security...

Fedora 20 : php-5.5.21-1.fc20 (2015-1101)

22 Jan 2014, PHP 5.5.21 Core : - Upgraded cryptblowfish to version 1.3. Leigh - Fixed bug 60704 unlink bug with some files path. - Fixed bug 65419 Inside trait, self::class != CLASS. Julien - Fixed bug 65576 Constructor from trait conflicts with inherited constructor. dunglas at gmail dot com -...

Elipse SCADA Denial of Service Patch

Brazilian process management software developer Elipse has patched a serious denial-of-service vulnerability in its web-based Elipse SCADA application. The software is used in a number of critical industries worldwide, including manufacturing, energy, water and wastewater plants. The vulnerabilit...

MGASA-2014-0447 Updated libreoffice packages fix security vulnerabilities

It was discovered during routine code review that LibreOffice unconditionally executed certain VBA macros on loading Microsoft Office documents, contrary to user expectations CVE-2014-0247. A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the...

MGASA-2014-0440 Updated pulseaudio package fixes RTP remote crash vulnerability

PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in Mageia 4 was a pre-release version of PulseAudio v5 and has been updated to the...

The latest Bash vulnerability patch Junior programme-vulnerability warning-the black bar safety net

Bash broke the remote parsing command execution vulnerability, CVE-2 0 1 4-6 2 7 1, the spread of major Linux distributions and MacOSX systems. Vulnerability can be directly in the Bash support the Web CGI environment remote execution of arbitrary commands. bash is injected after the public...

Updated bash packages fix CVE-2014-7169

Updated bash packages fix security vulnerability: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or...

pornhub.com XSS vulnerability

Vulnerable URL: http://www.pornhub.com/video/search?search=%22%2Fonload=alert'xssposed' Details: Description| Value ---|--- Patched:| Yes, at 23.10.2014 Latest check for patch:| 23.10.2014 16:02 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 75 Google Pagerank|...

Google Drive Vulnerability Leaks Users' Private Data

Another privacy issue has been discovered in Google Drive which could have led sensitive and personal information stored on the cloud service exposed to unauthorized parties. The security flaw has now patched by Google, but its discovery indicates that the vulnerability of cloud data when accesse...

mysql55 security update

CentOS Errata and Security Advisory CESA-2014:0537 Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System...

SOL15282 - Apache Struts vulnerability CVE-2014-0114

F5 Product Development has determined that these specific product versions, while they use a version of Apache Struts that has not been patched specifically for CVE-2014-0114, the Configuration utility inputs are appropriately sanitized to ensure these versions are not vulnerable to the issue...

MGASA-2014-0180 Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

Apache Syncope特制Commons JEXL表达式远程代码执行漏洞

CVE ID:CVE-2014-0111 Apache Syncope是用在企业环境的数字身份管理,在JEE技术的实施和Apache 2.0许可下发布的开源系统。 Apache Syncope处理特制的Apache Commons JEXL表达式存在安全漏洞，允许通过验证的远程攻击者通过运行Apache Syncope core的JEE container来执行任意代码。 0 Apache Syncope 1.0.0 Apache Syncope 1.0.8 Apache Syncope 1.1.0 Apache Syncope 1.1.6 Apache Syncope 1.0.9,...

Innominate mGuard Unauthorized Leakage of System Data

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on July 8, 2014, and is being released to the NCCIC/ICS-CERT web site. The Applied Risk Research team has identified an unauthorized download of system information from Innominate mGuard devices. Innominate has...

Patch Available for Schneider Electric Serial Modbus Driver

Schneider Electric, a leading provider of industrial control systems, recently patched a remotely exploitable vulnerability in a driver found in 11 of its products. The Industrial Control Systems Computer Emergency Response Team ICS-CERT released an advisory yesterday alerting users to the...