PARSADEV CMS Cross-Site Scripting Vulnerability

PARSADEV CMS All version suffers from a Cross-Site Scripting Vulnerability @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@...

Apple iOS multiple security vulnerabilities

Unauthorized bluetooth access, insufficient encryption, insufficient certificate check, information leakage, SSL poodle attack...

Multiple vulnerabilities in EspoCRM

Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...

File Manager v4.2.10 iOS - Code Execution Vulnerability

Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ==================================== 13...

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

Document Title: =============== Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1341 Release Date: ============= 2014-10-14 Vulnerability Laboratory ID VL-ID: ====================================...

iFileExplorer v6.51 iOS - File Include Web Vulnerability

Document Title: =============== iFileExplorer v6.51 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1345 Release Date: ============= 2014-10-22 Vulnerability Laboratory ID VL-ID: ====================================...

Ubuntu systemd-shim DoS

Debugging is enabled by default...

quassel information leakage

Memory content leakage, DoS...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

phpfusion (Search Page) Denial of Service Vulnerability

phpfusion All version suffers from a denial of service vulnerability. !/usr/bin/perl @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@...

[USN-2391-1] php5 vulnerabilities

========================================================================== Ubuntu Security Notice USN-2391-1 October 30, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SECURITY] [DSA 3063-1] quassel security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3063-1 [email protected] http://www.debian.org/security/ Luciano Bello November 02, 2014 http://www.debian.org/security/faq -...

[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness

---------------------------------------------------------------- TestLink = 1.9.12 database.class.php Path Disclosure Weakness ---------------------------------------------------------------- - Software Link: http://testlink.org/ - Affected Versions: Version 1.9.12 and prior versions. - Weakness...

[security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04483249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04483249 Version: 1 HPSBPI03147 rev....

CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare

Nuevolabs Nuevoplayer for clipshare SQL Injection ======================================================================= :: ADVISORY SUMMARY :: Title: Nuevolabs Nuevoplayer for clipshare Sql Injection Vendor: NUEVOLABS www.nuevolabs.com Product: NUEVOPLAYER for clipshare Credits: Cory Marsh -...

LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183

Information ----------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in LiteCart Affected Software : LiteCart Affected Versions: 1.1.2.1 and possibly below Vendor Homepage : http://www.litecart.net Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID: CVE-2014-7183...

[SECURITY] [DSA 3060-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3060-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 31, 2014 http://www.debian.org/security/faq -...

vulnerabilities in libbfd (CVE-2014-beats-me)

Yo, Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable...

WebDisk+ v2.1 iOS - Code Execution Vulnerability

Document Title: =============== WebDisk+ v2.1 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1349 Release Date: ============= 2014-10-23 Vulnerability Laboratory ID VL-ID: ==================================== 1349 Comm...

torque privilege escalation

It's possible to kill the process of any user...

Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability

Document Title: =============== Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1324 Video: http://www.vulnerability-lab.com/getcontent.php?id=1333 Article:...

[USN-2392-1] systemd-shim vulnerability

========================================================================== Ubuntu Security Notice USN-2392-1 October 30, 2014 systemd-shim vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

[USN-2390-1] Pidgin vulnerabilities

========================================================================== Ubuntu Security Notice USN-2390-1 October 28, 2014 pidgin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU

Hello All, We've been recently informed by a 3rd party that Oracle planned to release fixes for the vulnerabilities covered by our SE-2014-01 1 project in Nov 2014. We initially thought that someone mistakenly took Oct for Nov Oracle CPU was released on Oct 14, 2014, but the credibility of the...

Dell SonicWall GMS XSS

XSS in web management interface...

[SECURITY] [DSA 3058-1] torque security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3058-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 27, 2014 http://www.debian.org/security/faq -...

[security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04491186 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04491186 Version: 2 HPSBUX03159...

[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability

-------------------------------------------------------------------------- TestLink = 1.9.12 execSetResults.php PHP Object Injection Vulnerability -------------------------------------------------------------------------- - Software Link: http://testlink.org/ - Affected Versions: Version 1.9.12 a...

Aircrack-ng multiple security vulnerabilities

DoS conditions, buffer overflow, integer overflow...

[ MDVSA-2014:200 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:200 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Updated bugzilla packages fix security vulnerabilities: If a new...

SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access

SEC Consult Vulnerability Lab Security Advisory 20141031-0 ======================================================================= title: XML External Entity Injection XXE and Reflected XSS product: Scalix Web Access vulnerable version: 11.4.6.12377 and 12.2.0.14697 fixed version: - impact:...

HP-UX DoS

No description provided...

SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme

SEC Consult Vulnerability Lab Security Advisory 20141029-1 ======================================================================= title: Persistent cross site scripting product: Confluence RefinedWiki Original Theme vulnerable version: 3.x - 4.0.x fixed version: 4.0.12 impact: high homepage:...

libbfd memory corruptions

Memory corruptions on ELF parsing...

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities Description: -------------------------------- Four vulnerabilities exist on aircrack-ng = 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified: ...

PHP memory corruption

exifthumbnail memory corruption on JPEG parsing. XMLRPC buffer overflow. objectcustom function integer overflow...

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

Quarterly update covers 138 different vulnerabilities...

FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

Document Title: =============== FileBug v1.5.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1342 Release Date: ============= 2014-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1342...

wget symbolic links vulnerability

Symbolic links vulnerability in FTP mirror mode...

Folder Plus v2.5.1 iOS - Persistent Item Vulnerability

Document Title: =============== Folder Plus v2.5.1 iOS - Persistent Item Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1348 Release Date: ============= 2014-10-24 Vulnerability Laboratory ID VL-ID: ==================================== 134...

[ MDVSA-2014:212 ] wget

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:212 http://www.mandriva.com/en/support/security/ Package : wget Date : October 29, 2014 Affected: Business Server 1.0 Problem Description: Updated wget package fixes security vulnerability: Wget was...

Incredible PBX remote command execution exploit

!/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a Flash Vendor url:...

HP Color LaserJet security vulnerabilities

Unauthorized data access, DoS...

ejabberd protection bypass

Server does not enforces encryption...

[ MDVSA-2014:197 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:197 http://www.mandriva.com/en/support/security/ Package : python Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Updated python packages fix security vulnerability: Python before...

Apple Quicktime multiple security vulnerabilities

Memory corruptions on video decoding, MIDI and m4a...

[slackware-security] pidgin (SSA:2014-296-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security pidgin SSA:2014-296-02 New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-087: EMC NetWorker Module for MEDITECH NMMEDI Information Disclosure Vulnerability EMC Identifier: ESA-2014-087 CVE Identifier: CVE-2014-4620 Severity Rating: CVSS v2 Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Affected products: • EMC NetWork...

Apple TV security vulnerabilities

Unauthorized bluetooth pairing, SSL poodle attack...

OpenBSD DoS

System crash on ELF parsing...