[SECURITY] [DSA 3291-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...

BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability

Exploit Title: BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability Date: 2015/06/16 Vendor Homepage: http://blackcat-cms.org/ Software Link: http://blackcat-cms.org/temp/packetyzer/blackcatcms2fo3PXdKj1.zip Version: v1.1.1 Tested on: Centos 6.5,PHP 5.4.41 Category: webapps Description...

[SECURITY] [DSA 3289-1] p7zip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3289-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 15, 2015 https://www.debian.org/security/faq -...

ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning UIM/P Authentication Bypass Vulnerability EMC Identifier: ESA-2015-106 CVE Identifier: CVE-2015-0546 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: ...

libav / ffmpeg security vulnerabilities

Memory corruptions in multiple demuxers...

My Wifi Router buffer overflow

Buffer overflow on user authentication...

[SECURITY] [DSA 3292-1] cinder security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3292-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 19, 2015 https://www.debian.org/security/faq -...

OpenStack cinder privilege escalation

Authorized user can access any files...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...

Symphony CMS XSS Vulnerability [Corrected Post]

Correction of Vendor Info for Symphony CMS XSS Vulnerability POST on Jun 08 ============================================= + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt Vendor:...

[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities

---------------------------------------------------------------------------- Concrete5 = 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities ---------------------------------------------------------------------------- - Software Link: https://www.concrete5.org/ - Affected Versions:...

[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate...

Microsoft Exchange multiple security vulnerabilities

XSS, CSRF, HTML injection...

Logstash vulnerability CVE-2015-4152

Summary: Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the server running Logstash. This vulnerability is not present in the initial installation of Logstash. The vulnerability is exposed when the file output plugin...

Elasticsearch files access

snapshot API files access...

[SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-020 Products: ZENWorks Mobile Management Vendor: Novell Affected Versions: 3.1.0 Tested Versions: 3.1.0 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Open Vendor Notification: 2015-04-21...

Alcatel-Lucent OmniSwitch security vulnerabilities

Crossite scripting, session hijack...

SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13...

Microsoft Office multiple security vulnerabilities

Multiple memory corruptions...

Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0

Title: Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-06 Advisory: http://www.vapid.dhs.org/advisory.php?v=124 Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/ Vendor:...

Kibana vulnerability CVE-2015-4093

Summary: Kibana versions 4.0.0, 4.0.1 and 4.0.2 are vulnerable to a cross-site scripting XSS attack. The attack allows execution of arbitrary JavaScript in the context of the user’s browser. We have been assigned CVE-2015-4093 for this issue. Fixed versions: Versions 4.0.3 and 4.1.0 have addresse...

Cisco IOS XR

Crash on IPv6 packet processing...

[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability

----------------------------------------------------------- Concrete5 = 5.7.4 Access.php SQL Injection Vulnerability ----------------------------------------------------------- - Software Link: https://www.concrete5.org/ - Affected Versions: Version 5.7.3.1, 5.7.4, and probably other versions. -...

[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability

------------------------------------------------------------------- Concrete5 = 5.7.3.1 sendmail Remote Code Execution Vulnerability ------------------------------------------------------------------- - Software Link: https://www.concrete5.org/ - Affected Versions: Version 5.7.3.1 and probably...

XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )

Advisory: Adobe Connect Reflected XSS Author: Stas Volfus Bugsec Information Security LTD Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect Central version: 9.3 is vulnerable to Reflected XSS Cro...

Nakid-CMS CSRF, Persistent XSS & LFI

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NAKIDCMS0611.txt Vendor: ================================ http://kilrizzy.github.io/Nakid-CMS/ Product: ================================ kilrizzy-Nakid-CMS-f274624 Nakid CMS is...

SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13...

CUPS security vulnerabilities

Code execution, crossite scripting...

[USN-2629-1] CUPS vulnerabilities

========================================================================== Ubuntu Security Notice USN-2629-1 June 10, 2015 cups vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2015-0004 Synopsis: VMware Workstation, Fusion and Horizon View Client updates address critical security issues Issue Date: 2015-06-0...

Arbitrary File Disclosure and Open Redirect in Bonita BPM

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...

Elasticsearch vulnerability CVE-2015-4165

Summary: Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to...

VMWare applications multiple security vulnereabilities

Multiple memory corruptions, DoS...

Microsoft Active Directory Federation Services crossite scripting

Crossite scipring in web interface...

Multiple Vulnerabilities in ISPConfig

Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 4, 2015 Public Disclosure: June 1...

ZCMS SQL Injection & Persistent XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt Vendor: ============================================= http://zencherry.com/ http://sourceforge.net/projects/zencherrycms Product:...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

PHP multiple security vulnerabilities

NULL character injection, DoS, integer overflow, memory corruption...

[USN-2639-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2639-1 June 11, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

OpenSSL multiple security vulnerabilities

Multiple DoS conditions...

[USN-2630-1] QEMU vulnerabilities

========================================================================== Ubuntu Security Notice USN-2630-1 June 10, 2015 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

Microsoft Windows multiple security vulnerabilities

Multiple Internet Explorer vulnerabilities, Media Player code executions, system libraries code execution, privilege escalation...

Use-After-Free in PHP

Advisory ID: HTB23262 Product: PHP Vendor: PHP Group Vulnerable Versions: 5.6.9 and probably prior Tested Version: 5.6.9 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 2, 2015 Public Disclosure: June 10, 2015 Vulnerability Type: U...

[USN-2631-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2631-1 June 10, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

[USN-2634-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2634-1 June 10, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

dbusmock code execution

No description provided...

Apache mod_jk information disclosure

No description provided...

t1utils memory corruption

Memory corruption on fonts manipulation...