47153 matches found
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: ERPSCAN-15-026 Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
audiofile memory corruption
Crash on audiofiles processing...
apport security vulnerabilities
Symbolic links and hadlinks vulnerability in log files, privilege escalation...
[USN-2786-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: ERPSCAN-15-029 Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities
====================================================================== Secunia Research now part of Flexera Software 26/10/2015 Oracle Outside In Two Buffer Overflow Vulnerabilities ====================================================================== Table of Contents Affected...
PHP security vulnerabilities
PHAR extension DoS...
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-028 Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite - Database user enumeration Advisory ID: ERPSCAN-15-025 Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/ Date published:20.10.2015 Vendors contacted: Oracle 2...
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite Cross-site Scripting Advisory ID: ERPSCAN-15-027 Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY...
[USN-2787-1] audiofile vulnerability
========================================================================== Ubuntu Security Notice USN-2787-1 October 28, 2015 audiofile vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-030 Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
Quarterly update closes 140 vulnerabilities in different applications...
[USN-2782-1] Apport vulnerability
========================================================================== Ubuntu Security Notice USN-2782-1 October 27, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ntp multiple security vulnerabilities
Multiple memory corruptions...
unzip security vulneravilities
DoS, code execution...
[USN-2788-1] unzip vulnerabilities
========================================================================== Ubuntu Security Notice USN-2788-1 October 29, 2015 unzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-2783-1] NTP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2783-1 October 27, 2015 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
cURL security vulnerabilitiies
Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS...
[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin
Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin CVE: CVE-2015-7670 Vendor: Tim Dahlmanns Product: Support Ticket System Affected version: 1.2 Fixed version: 1.2.1 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...
Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin
Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...
CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin
Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Iberia Medeiros Vulnerability Details:...
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...
Checkmarx CxQL Sandbox bypass (CVE-2014-8778)
Checkmarx CxQL Sandbox bypass CVE-2014-8778 Vendor: Checkmarx - www.checkmarx.com Product: CxSuite Version affected: 7.1.5 and prior Credit: Huy-Ngoc DAU @ngocdh of Deloitte Conseil, France ================================ Introduction ================================ Checkmarx is a static source...
Openfire 3.10.2 CSRF Vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...
[SYSS-2015-039] CSRF in OpenText Secure MFT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-039 Product: Secure MFT Vendor: http://www.opentext.com Affected Versions: 2013 R3, 2014 R1/R2, 2015 R1 Tested Versions: 2014 R2 SP4 Vulnerability Type: Cross-Site Request Forgery CWE-352 Risk Level: Medium Solution Status:...
Reflected Cross-Site Scripting (XSS) in SourceBans
Advisory ID: HTB23273 Product: SourceBans Vendor: Sourcebans team Vulnerable Versions: 1.4.11 and probably prior Tested Version: 1.4.11 Advisory Publication: October 2, 2015 without technical details Vendor Notification: October 2, 2015 Public Disclosure: October 23, 2015 Vulnerability Type:...
[SECURITY] [DSA 3375-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability
Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...
[SECURITY] [DSA 3346-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3346-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 31, 2015 https://www.debian.org/security/faq -...
CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection
Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...
HP ArcSight Logger security vulnerabilities
Authentication bypass, information disclosure...
WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability
Document Title: =============== WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1614 Release Date: ============= 2015-10-07 Vulnerability Laboratory ID VL-ID: ==================================== 1614...
JSPMySQL Administrador CSRF & XSS Vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador https://sites.google.com/site/mfpledon/producao-de-software Product:...
CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin
Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 Pending CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register...
CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine
Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...
Cross-Site Request Forgery in Cerb
Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14, 2015 Public Disclosure: September 2, 201...
Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected ema...
CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...
A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin
Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7668 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no protection...
Zope Management Interface CSRF vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application...
CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution
Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/Hw7RLg . CVE ID: CVE-2015-6576 Product: Bamboo. Affected Bamboo product versions: 2.2 = version 5.8.5 5.9.0 = version 5.9.7 Summary: This advisory discloses a critical severity security vulnerability tha...
Reflected Cross-Site Scripting (XSS) in iTop
Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23, 2015...
[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2015-001 ========================================================================...
CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin
Vulnerability title: SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7319 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibйria Medeiros Vulnerability Details: ===================== It...
Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin
Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin CVE: CVE-2015-7666 Vendor: WordPress DWBooster Product: Payment Form for PayPal Pro Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details:...
[CVE-2015-3623] Qlikview blind XXE Security Vulnerability
Exploit Title: Qlikview blind XXE security vulnerability Product: Qlikview Vulnerable Versions: v11.20 SR11 and previous versions Tested Version: v11.20 SR4 Advisory Publication: 08/09/2015 Latest Update: 08/09/2015 Vulnerability Type: Improper Restriction of XML External Entity Reference CWE-611...
SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory 20151022-0 ======================================================================= title: Multiple critical vulnerabilities product: Lime Survey vulnerable version: 2.05 up to 2.06+ Build 151014 fixed version: 2.06+ Build 151016 CVE number: impact:...
TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390
Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...
Dogma India dogmaindia CMS - Auth Bypass Vulnerability
Document Title: =============== Dogma India dogmaindia CMS - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1583 Release Date: ============= 2015-08-25 Vulnerability Laboratory ID VL-ID: ==================================== 158...