47153 matches found
Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878
UPDATED CORRECTION + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0724.txt Vulnerability Type: =================== CSRF CVE Reference: ============== CVE-2015-2878 Vendor: =================== www.hexiscyber.com...
ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability
Document Title: =============== ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1555 Release Date: ============= 2015-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 1555...
Novell GroupWise 2014 WebAccess vulnerable to XSS attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-021 Product: GroupWise Vendor: Novell Affected Versions: 2014 Tested Versions: 2014 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Fixed Vendor Notification: 2015-05-04 Solution Date:...
SQL Injection in Count Per Day WordPress Plugin
Advisory ID: HTB23267 Product: Count Per Day WordPress plugin Vendor: Tom Braider Vulnerable Versions: 3.4 and probably prior Tested Version: 3.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: July 1, 2015 Public Disclosure: July 22,...
Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt Vendor: ================================ www.openwebanalytics.com Product: ================================ Open-Web-Analytics-1.5.7 Advisory...
[SECURITY] [DSA 3314-1] typo3-src end of life
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3314-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 23, 2015 https://www.debian.org/security/faq -...
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability
Document Title: =============== FoxyCart Bug Bounty 1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1451 098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0 Release Date: ============= 2015-07-15...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser
Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and our exploit attached. Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary...
XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5
Vulnerability: XSS, Code Execution, DOS, Password Leak, Weak Authentication Affected Software: GetSimpleCMS http://get-simple.info/ Affected Version: 3.3.5 probably also prior versions Patched Version: 3.3.6 partial fix Risk: Medium-High Vendor Contacted: 2015-06-14 Vendor Partial Fix: 2015-07-14...
libuser / userhelper security vulnerabilities
Unsafe files handling, insufficient characters filtering...
Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02]
See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02 ---------------------------------------------------------------------...
[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect
tl;dr Two vulns in Kaseya Virtual System Administrator - an authenticated arbitrary file download and two lame open redirects. Full advisory text below and at 1. Thanks to CERT for helping me to disclose these vulnerabilities 2. Multiple vulnerabilities in Kaseya Virtual System Administrator...
Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin
Advisory ID: HTB23264 Product: Paid Memberships Pro WordPress plugin Vendor: Stranger Studios Vulnerable Versions: 1.8.4.2 and probably prior Tested Version: 1.8.4.2 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: July 8, 2015 Public...
[SECURITY] [DSA 3315-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...
Google Chrome / Chromium multiple security vulnerabilities
Restrictions bypass, multiple memory corruptions, crossite scripting...
ESA-2015-118: EMC Avamar Directory Traversal Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability EMC Identifier: ESA-2015-118 CVE Identifier: CVE-2015-4527 Severity Rating: CVSS v2 Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N Affected products: • EMC Avamar Server all versions from 7.0 to...
Cisco Application Policy Infrastructure Controller privilege escalation
It's possible to obtain root access...
Cisco IOS DoS
DoS in TFTP server...
[SECURITY] [DSA 3313-1] linux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq -...
FreeBSD Security Advisory FreeBSD-SA-15:13.tcp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:13.tcp Security Advisory The FreeBSD Project Topic: Resource exhaustion due to sessions stuck in LASTACK state Category: core Module: inet Announced:...
[USN-2685-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2685-1 July 24, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
EMC Avamar directory traversal
No description provided...
FreeBSD DoS
Resources exhaustion via LASTACK state connections...
Cisco Unified MeetingPlace password reset
It's possible to change password without entering previous one and session validation...
Elasticsearch CVE-2015-5377
Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled. We have...
15 TOTOLINK router models vulnerable to multiple RCEs
Hash: SHA512 Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnerable-to-multiple-RCEs.html Date published:...
Apache security vulnerabilities
DoS, few potential vulnerabilities...
[slackware-security] httpd (SSA:2015-198-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security httpd SSA:2015-198-01 New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
[SECURITY] [DSA 3309-1] tidy security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3309-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 18, 2015 https://www.debian.org/security/faq -...
TOTOLINK routers multiple security vulnerabilities
Code execution, backdoor account, CSRF, XSS...
4 TOTOLINK router models vulnerable to CSRF and XSS attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt Blog URL:...
freexl library DoS
DoS on Excel document parsing...
ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability EMC Identifier: ESA-2015-122 CVE Identifier: CVE-2015-4528 Severity Rating: CVSS v2 Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Affected products: • EMC Documentum CenterStage...
Elasticsearch CVE-2015-5531
Summary: Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process. We have been assigned CVE-2015-5531 for this issue. Fixed versions: Versions 1.6.1 and 1.7.0 address the...
Backdoor credentials found in 4 TOTOLINK router models
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Backdoor credentials found in 4 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt Blog URL:...
ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability ESA Identifier: ESA-2015-123 CVE Identifier: CVE-2015-4529 Severity Rating: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Affected products: • EMC Documentum WebTop versions 6.8 and...
Oracle E-Business Suite Servlet URL Redirection Vulnerability
Oracle E-Business Suite Servlet URL Redirection vulnerability CVE-2015-2630 Versions Affected: 11.5.10.2, 12.0.6, 12.1.3 Discussion: Oracle E-Business Suite is prone to a remote URL-redirection vulnerability. This vulnerability may allow a malicious user to perform a phishing attack by sending a...
Elasticsearch security vulnerabilities
Code execution, directory traversal...
[SECURITY] [DSA 3310-1] freexl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3310-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 19, 2015 https://www.debian.org/security/faq -...
Backdoor and RCE found in 8 TOTOLINK router models
Hello, Please find a text-only version below sent to security mailing-lists. The complete version on analysing the backdoor in TOTOLINK products is posted here: https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html === text-version of the advisory without...
tidy security vulnerabilities
Buffer overflow and integer overflow on HTML parsing...
[SECURITY] [DSA 3311-1] mariadb-10.0 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2015 https://www.debian.org/security/faq -...
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
Quarterly CPU fixed over 170 different vulnerabilities...
Microsoft Windows multiple security vulnerabilities
Internet Explorer and VBScript multiple security vulnerabilities, RDP code execution, Hyper-V code execution, multiple privilege escalations...
Adobe Reader / Acrobat multiple security vulnerabilities
Buffer overflows, memory corruptions, information disclosure...
Microsoft Office multiple security vulnerabilities
Memory corruptions, DLL planting, restrictions bypass...
Adobe Shockwave Player security vulnerabilities
Memory corruptions...
Adobe Flash Player multiple security vulnerabilities
Multiple memory corruptions, buffer overflows, information disclosure...
Android backup content spoofing
Malware application can spoof content of the adb backup...