PhotoSync 1.1.3 Android - Command Inject Vulnerability

Document Title: =============== PhotoSync 1.1.3 Android - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1410 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 141...

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

Advisory: AVM FRITZ!Box: Firmware Signature Bypass The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if t...

MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

Mogwai Security Advisory MSA-2015-01 ---------------------------------------------------------------------- Title: WP Pixarbay Images Multiple Vulnerabilities Product: Pixarbay Images Wordpress Plugin Affected versions: 2.3 Impact: high Remote: yes Product link:...

[USN-2482-1] elfutils vulnerability

========================================================================== Ubuntu Security Notice USN-2482-1 January 23, 2015 elfutils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

================================================================================ REWTERZ-20140103 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product:...

REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability

================================================================================ REWTERZ-20140101 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk SQL Injection Vulnerability Product: ServiceDesk Plus...

[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0

Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...

[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360

Hi, This is part 11 of the ManageOwnage series. For previous parts, see 1. This time we have two remote code execution via file upload and directory traversal on several ManageEngine products - Service Desk Plus, Asset Explorer, Support Center and IT360. The first vulnerability can only be...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[USN-2475-1] GTK+ update

========================================================================== Ubuntu Security Notice USN-2475-1 January 15, 2015 gtk+3.0 update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

gtk+ protection bypass

Screen lock bypass...

[SECURITY] [DSA 3131-1] xdg-utils security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3131-1 [email protected] http://www.debian.org/security/ Michael Gilbert January 18, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3124-1] otrs2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3124-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2015 http://www.debian.org/security/faq -...

[ MDVSA-2015:025 ] mpfr

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:025 http://www.mandriva.com/en/support/security/ Package : mpfr Date : January 15, 2015 Affected: Business Server 1.0 Problem Description: Updated mpfr packages fix security vulnerability: A buffer overflow...

[USN-2473-1] coreutils vulnerabilities

========================================================================== Ubuntu Security Notice USN-2473-1 January 14, 2015 coreutils vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

CatBot v0.4.2 (PHP) - SQL Injection Vulnerability

Document Title: =============== CatBot v0.4.2 PHP - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1408 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1408 Commo...

[SECURITY] [DSA 3120-1] mantis security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3120-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 06, 2015 http://www.debian.org/security/faq -...

Alienvault OSSIM/USM Command Execution Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. T...

[ MDVSA-2015:006 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:006 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: In...

Brother MFC Administration Reflected Cross-Site Scripting

Class Cross-Site Scripting Remote Yes Disclosed 9th October 2014 Published 7th January 2015 Credit Dave Daly of Dionach [email protected] Confirmed Vulnerable Brother MFC-J4410DW with F/W Versions J and K The printer administration web application on Brother MFC-J4410DW model printers with firmwa...

[USN-2451-1] cgmanager vulnerability

========================================================================== Ubuntu Security Notice USN-2451-1 January 06, 2015 cgmanager vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Brother printing devices crossite scripting

Crossite cripting in web interface...

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability

Document Title: =============== Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1356 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ==================================== 13...

cgmanager information disclosure

Invalid nested groups processing...

Two XSS vulnerabilities in Simple Security WordPress Plugin

Advisory ID: HTB23244 Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 without technical details Vendor Notification: December 17, 2014 Public Disclosure: January 14, 2015...

Sitefinity Enterprise v7.2.53 - Persistent Vulnerability

Document Title: =============== Sitefinity Enterprise v7.2.53 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1369 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ====================================...

[USN-2469-1] Django vulnerabilities

========================================================================== Ubuntu Security Notice USN-2469-1 January 13, 2015 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

Microsoft Windows multiple security vulnerabilities

Application Compatibility Cache privilege escalation, telnet service buffer overflow, User Profile Service privilege escalation, TS WebProxy directory traversal, Network Location Awareness Service restrictions bypass, Windows Error Reporting restrictions bypass, WebDAV driver privilege escalation...

GNU coreutils memory corruption

Memory corruption in date and touch on date parsing...

[ MDVSA-2015:024 ] libsndfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:024 http://www.mandriva.com/en/support/security/ Package : libsndfile Date : January 15, 2015 Affected: Business Server 1.0 Problem Description: Updated libsndfile packages fix security vulnerabilities:...

libsndfile out-of-bounds read

sd2parsersrcfork out-of band read and devision by zero...

Blitz CMS Community - SQL Injection Web Vulnerability

Document Title: =============== Blitz CMS Community - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 1402...

Adobe Flash Player multiple security vulnerabilities

typejacking, code execution, memory corruptions, buffer overflows, information disclosure...

SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower

SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...

Microsoft Network Policy Server DoS

Crash on username processing in RADIUS request...

mpfr buffer overflow

Buffer overflow in mpnsetstr...

Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities

Vulnerability title: Wordpress plugin Pods = 2.4.3 XSS and CSRF vulnerabilities vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7956, CVE-2014-7957 Product: pods Affected version: pods = 2.4.3 Vulnerabilities fixed in version: 2.5 XSS vulnerability CVE-2014-7956, authentication is needed:...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruptions, headers injection, restrictions bypass...

VeryPhoto v3.0 iOS - Command Injection Vulnerability

Document Title: =============== VeryPhoto v3.0 iOS - Command Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1401 Release Date: ============= 2015-01-13 Vulnerability Laboratory ID VL-ID: ==================================== 1401...

File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1403...

Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

libvirt / qemu DoS

Deadlocks...

[ MDVSA-2015:023 ] libvirt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:023 http://www.mandriva.com/en/support/security/ Package : libvirt Date : January 15, 2015 Affected: Business Server 1.0 Problem Description: Updated libvirt packages fix security vulnerability: The...

WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability

Document Title: =============== WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1406 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ===================================...

Linux kernel multiple security vulnerabilities

Protection bypass, privilege escalation, DoS...

[ MDVSA-2015:027 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:027 http://www.mandriva.com/en/support/security/ Package : kernel Date : January 16, 2015 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04537915 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04537915 Version: 1 HPSBMU03230 rev....

SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi

SEC Consult Vulnerability Lab Security Advisory 20150113-2 ======================================================================= title: Cross-Site Request Forgery product: Kodi/XBMC vulnerable version: XBMC/Kodi =14 fixed version: no fixed version available impact: medium homepage:...

SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones

SEC Consult Vulnerability Lab Security Advisory 20150113-0 ======================================================================= title: Multiple critical vulnerabilities product: snom IP phones vulnerable version: all firmware versions 8.7.5.15, all firmware branches of all snom desktop IP phon...

Kodi / XBMC crossite scripting

Crossite scripting in web interface...