apport security vulnerabilities

Symbolic links and hadlinks vulnerability in log files, privilege escalation...

audiofile memory corruption

Crash on audiofiles processing...

PHP security vulnerabilities

PHAR extension DoS...

[USN-2786-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-028 Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities

====================================================================== Secunia Research now part of Flexera Software 26/10/2015 Oracle Outside In Two Buffer Overflow Vulnerabilities ====================================================================== Table of Contents Affected...

[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite Cross-site Scripting Advisory ID: ERPSCAN-15-027 Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY...

[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite - Database user enumeration Advisory ID: ERPSCAN-15-025 Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/ Date published:20.10.2015 Vendors contacted: Oracle 2...

[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: ERPSCAN-15-029 Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

[USN-2782-1] Apport vulnerability

========================================================================== Ubuntu Security Notice USN-2782-1 October 27, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2787-1] audiofile vulnerability

========================================================================== Ubuntu Security Notice USN-2787-1 October 28, 2015 audiofile vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-030 Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: ERPSCAN-15-026 Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

Quarterly update closes 140 vulnerabilities in different applications...

ntp multiple security vulnerabilities

Multiple memory corruptions...

unzip security vulneravilities

DoS, code execution...

cURL security vulnerabilitiies

Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS...

[USN-2783-1] NTP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2783-1 October 27, 2015 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2788-1] unzip vulnerabilities

========================================================================== Ubuntu Security Notice USN-2788-1 October 29, 2015 unzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

HP Asset Manager information disclosure

No description provided...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

HP ArcSight Logger security vulnerabilities

Authentication bypass, information disclosure...

TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391

Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status :...

[security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04863562 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863562 Version: 1 HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of...

Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vtiger CRM Authenticated Remote Code Execution CVE-2015-6000 http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html 1. Summary 2. Vulnerability Details 3. Exploitation / Proof of Concept 4. Timeline 5. See Also 1. Summary Vtiger CRM...

CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 Pending CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register...

Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...

CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine

Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine CVE: CVE-2015-5076 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that the web application was vulnerable to reflective Cross-Site Scripting wher...

[SECURITY] [DSA 3369-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3369-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 06, 2015 https://www.debian.org/security/faq -...

Jenkins 1.626 - Cross Site Request Forgery / Code Execution

Title: Jenkins 1.626 - Cross Site Request Forgery / Code Execution Date: 27.08.15 Affected versions: = 1.626 current Vendor: jenkins-ci.org Contact: smash at devilteam.pl Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of users for mo...

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

[SECURITY] [DSA 3343-1] twig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3343-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 26, 2015 https://www.debian.org/security/faq...

Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected ema...

CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 Pending CVSS: 3.5 Low; AV:N/AC:M/Au:S/C:P/I:N/A:N CWE: CWE-89 Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 allow...

CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Iberia Medeiros Vulnerability Details:...

Boolean-based SQL injection Vulnerability in K2 Platforms

Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 About the Product: K2 smartforms ca...

[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin

Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin CVE: CVE-2015-7670 Vendor: Tim Dahlmanns Product: Support Ticket System Affected version: 1.2 Fixed version: 1.2.1 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...

Reflected Cross-Site Scripting (XSS) in iTop

Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23, 2015...

CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7319 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibйria Medeiros Vulnerability Details: ===================== It...

Openfire 3.10.2 CSRF Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

Reflected Cross-Site Scripting (XSS) in SourceBans

Advisory ID: HTB23273 Product: SourceBans Vendor: Sourcebans team Vulnerable Versions: 1.4.11 and probably prior Tested Version: 1.4.11 Advisory Publication: October 2, 2015 without technical details Vendor Notification: October 2, 2015 Public Disclosure: October 23, 2015 Vulnerability Type:...

CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...

Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting

Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself. This is NOT the case, but...

A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7668 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no protection...

Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin

Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin CVE: CVE-2015-7667 Vendor: WordPress web-mv Product: ResAds Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...

SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory 20151022-0 ======================================================================= title: Multiple critical vulnerabilities product: Lime Survey vulnerable version: 2.05 up to 2.06+ Build 151014 fixed version: 2.06+ Build 151016 CVE number: impact:...

[ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution

Hi, Yet another RCE bug in ManageEngine ServiceDesk. This was disclosed by ZDI under ID ZDI-15-396 on August 20th, and fixed in version 9103 1. Details below, full advisory can be obtained from my repo at E2. A Metasploit module that exploits this vulnerability has been submitted upstream in E3...

Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected ema...

[SECURITY] [DSA 3346-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3346-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 31, 2015 https://www.debian.org/security/faq -...

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

------------------------------------------------------------------------------- Magento = 1.9.2 catalogProductCreate Autoloaded File Inclusion Vulnerability ------------------------------------------------------------------------------- - Software Link: http://magento.com/ - Affected Versions:...