DNN (DotNetNuke) < 8.0.1 Multiple Vulnerabilities

The version of DNN Platform formerly DotNetNuke running on the remote host is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to improper validation of input to the 'returnurl' query string parameter before returning it to users. A remote attacker can...

D-Link DIR-615 Buffer Overflow Vulnerability

D-Link DIR-615 suffers from multiple buffer overflow vulnerabilities. Title: Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality Vendors contacted: William Brown , Patrick Cline email protected CVE: None Note: All these security issues have been discussed with the...

D-Link DIR-615 Buffer Overflow

Advisory Information Title: Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they...

D-Link DIR-615 - Multiple Buffer Overflow Vulnerabilities

D-Link DIR-615 - Multiple Buffer Overflow Vulnerabilities Advisory Information Title: Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been...

D-Link DIR-615 - Multiple Buffer Overflow Vulnerabilities

Advisory Information Title: Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they...

thunderbird: multiple issues

CVE-2015-0801 same-origin bypass: Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

CentOS 5 / 6 / 7 : firefox / xulrunner (CESA-2015:0046)

Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability

No description provided by source. Source: http://securityreason.com/securityalert/8026 CakePHP = 1.3.5 / 1.2.8 unserialize Vulnerability felix |at| malloc.im =========================================================================== ==== Overview: CakePHP is a rapid development framework for PH...

UploadAttachmentsAction XSRF

The UploadAttachmentsAction action is declared to use a validatingStack interceptor chain, but does not use the RequiresSecurityToken element, leaving it open to an XSRF attack. If this were exploited, an attacker could force a user’s browser to upload files into a space they have write permissio...

UploadAttachmentsAction XSRF

The UploadAttachmentsAction action is declared to use a validatingStack interceptor chain, but does not use the RequiresSecurityToken element, leaving it open to an XSRF attack. If this were exploited, an attacker could force a user’s browser to upload files into a space they have write permissio...

Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin &#40;SOP&#41; Policy Bypass

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Oracle JRE - java.net.URLConnection class – Same-of-Origin SOP Policy Bypass PDF: http://www.security-assessment.com/files/advisories/OracleJREjavaneturlconnectionSOPBypass.pdf CVE...

Oracle JRE - java.net.URLConnection class Same-of-Origin SOP Policy Bypass

Oracle JRE - java.net.URLConnection class Same-of-Origin SOP Policy Bypass Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when...

Unsafe usage of unserialize function.

PMASA-2010-3 Announcement-ID: PMASA-2010-3 Date: 2010-01-15 Updated: 2010-01-27 Summary Unsafe usage of unserialize function. Description phpMyAdmin used the unserialize PHP function on potentially unsafe data in setup script, what could be potentially used for XSRF attack, which can lead to code...

phpMyAdmin 3.1.0 XSRF / SQL Injection

Written by Michael Brooks Special Thanks to str0ke and rGod Intro: phpMyAdmin is by far the most popular PHP project. Between phpmyadmin and the xampp project there are more than 34+ million downloads from sourceforge.net . This exploit was released along side XSRF attacks against XAMPP and Simpl...

phpMyAdmin 3.1.0 - Cross-Site Request Forgery / SQL Injection

Written by Michael Brooks Special Thanks to str0ke and rGod Intro: phpMyAdmin is by far the most popular PHP project. Between phpmyadmin and the xampp project there are more than 34+ million downloads from sourceforge.net . This exploit was released along side XSRF attacks against XAMPP and Simpl...

XAMPP 1.6.8 - Cross-Site Request Forgery (Change Administrative Password)

XAMPP change administrative password: -------------------------------------------------------------------------------- Written by Michael Brooks special thanks to str0ke Affects XAMPP 1.6.8. homepage: http://www.apachefriends.org/ XAMPP has 17+ million downloads from sourceforge.net...

vbulletin-xssxsrf.txt

/ ----------------------------- Author = Mx Title = vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm Software = vBulletin Addon = Visitor Messages Version = 3.7.3 Attack = XSS/XSRF - Description = A critical vulnerability exists in the new vBulletin 3.7.3 software which comes included + with the...