47153 matches found
audiofile memory corruption
Crash on audiofiles processing...
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite Cross-site Scripting Advisory ID: ERPSCAN-15-027 Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY...
[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite - Database user enumeration Advisory ID: ERPSCAN-15-025 Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/ Date published:20.10.2015 Vendors contacted: Oracle 2...
PHP security vulnerabilities
PHAR extension DoS...
Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities
====================================================================== Secunia Research now part of Flexera Software 26/10/2015 Oracle Outside In Two Buffer Overflow Vulnerabilities ====================================================================== Table of Contents Affected...
apport security vulnerabilities
Symbolic links and hadlinks vulnerability in log files, privilege escalation...
[USN-2782-1] Apport vulnerability
========================================================================== Ubuntu Security Notice USN-2782-1 October 27, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: ERPSCAN-15-029 Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
[USN-2786-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-030 Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: ERPSCAN-15-026 Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
[USN-2787-1] audiofile vulnerability
========================================================================== Ubuntu Security Notice USN-2787-1 October 28, 2015 audiofile vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-028 Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
Quarterly update closes 140 vulnerabilities in different applications...
cURL security vulnerabilitiies
Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS...
[USN-2788-1] unzip vulnerabilities
========================================================================== Ubuntu Security Notice USN-2788-1 October 29, 2015 unzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
unzip security vulneravilities
DoS, code execution...
[USN-2783-1] NTP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2783-1 October 27, 2015 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ntp multiple security vulnerabilities
Multiple memory corruptions...
LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability
Document Title: =============== LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1585 Release Date: ============= 2015-08-26 Vulnerability Laboratory ID VL-ID: ==================================== 15...
NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability
Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...
Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin
Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...
CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin
Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...
[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04863612 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863612 Version: 1 HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of...
CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins
Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N Description ================ A stored XSS vulnerability in YouTube Embed 3.3.2 and...
[SYSS-2015-039] CSRF in OpenText Secure MFT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-039 Product: Secure MFT Vendor: http://www.opentext.com Affected Versions: 2013 R3, 2014 R1/R2, 2015 R1 Tested Versions: 2014 R2 SP4 Vulnerability Type: Cross-Site Request Forgery CWE-352 Risk Level: Medium Solution Status:...
JSPMySQL Administrador CSRF & XSS Vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador https://sites.google.com/site/mfpledon/producao-de-software Product:...
CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection
Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...
[SECURITY] [DSA 3343-1] twig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3343-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 26, 2015 https://www.debian.org/security/faq...
SiteWIX - (edit_photo2.php id) SQL Injection Exploit
!/usr/bin/env python -- coding:utf-8 -- Title : SiteWIX - editphoto2.php id SQL Injection Exploit Author : ZoRLu / [email protected] Website : milw00rm.com / milw00rm.net / milw00rm.org / milw0rm.info Twitter : https://twitter.com/milw00rm or @milw00rm Test : Windows7 Ultimate Discovery : 19/10/...
[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
secunet Security Networks AG Security Advisory Advisory: Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date published: 2015-09-14 CVSSv2 Score: 3,5...
CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine
Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine CVE: CVE-2015-5076 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that the web application was vulnerable to reflective Cross-Site Scripting wher...
Zope Management Interface CSRF vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application...
[SECURITY] [DSA 3375-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
Reflected Cross-Site Scripting (XSS) in SourceBans
Advisory ID: HTB23273 Product: SourceBans Vendor: Sourcebans team Vulnerable Versions: 1.4.11 and probably prior Tested Version: 1.4.11 Advisory Publication: October 2, 2015 without technical details Vendor Notification: October 2, 2015 Public Disclosure: October 23, 2015 Vulnerability Type:...
Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting
Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Viewer" servlet itself. This is NOT the case, but...
WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability
Document Title: =============== WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1614 Release Date: ============= 2015-10-07 Vulnerability Laboratory ID VL-ID: ==================================== 1614...
HP Asset Manager information disclosure
No description provided...
Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting
Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself. This is NOT the case, but...
CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...
CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin
Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Iberia Medeiros Vulnerability Details:...
Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vtiger CRM Authenticated Remote Code Execution CVE-2015-6000 http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html 1. Summary 2. Vulnerability Details 3. Exploitation / Proof of Concept 4. Timeline 5. See Also 1. Summary Vtiger CRM...
CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin
Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 Pending CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register...
TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390
Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...
Reflected Cross-Site Scripting (XSS) in iTop
Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23, 2015...
[CVE-2015-3623] Qlikview blind XXE Security Vulnerability
Exploit Title: Qlikview blind XXE security vulnerability Product: Qlikview Vulnerable Versions: v11.20 SR11 and previous versions Tested Version: v11.20 SR4 Advisory Publication: 08/09/2015 Latest Update: 08/09/2015 Vulnerability Type: Improper Restriction of XML External Entity Reference CWE-611...
[SECURITY] [DSA 3346-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3346-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 31, 2015 https://www.debian.org/security/faq -...
Apache James Server 2.3.2 security vulnerability fixed
Severity: Important Vendor: The Apache Software Foundation Versions Affected: James Server 2.3.2 Description: Apache James Server 2.3.2 has security issue that can let a user execute arbitrary system command for servers configured with file based user repositories. Mitigation: 2.3.2 users should...
Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin
Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin CVE: CVE-2015-7667 Vendor: WordPress web-mv Product: ResAds Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...
[security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04863562 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863562 Version: 1 HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of...