47153 matches found
[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite - Database user enumeration Advisory ID: ERPSCAN-15-025 Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/ Date published:20.10.2015 Vendors contacted: Oracle 2...
audiofile memory corruption
Crash on audiofiles processing...
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite Cross-site Scripting Advisory ID: ERPSCAN-15-027 Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY...
PHP security vulnerabilities
PHAR extension DoS...
Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities
====================================================================== Secunia Research now part of Flexera Software 26/10/2015 Oracle Outside In Two Buffer Overflow Vulnerabilities ====================================================================== Table of Contents Affected...
apport security vulnerabilities
Symbolic links and hadlinks vulnerability in log files, privilege escalation...
[USN-2782-1] Apport vulnerability
========================================================================== Ubuntu Security Notice USN-2782-1 October 27, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: ERPSCAN-15-029 Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
[USN-2786-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-030 Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: ERPSCAN-15-026 Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
[USN-2787-1] audiofile vulnerability
========================================================================== Ubuntu Security Notice USN-2787-1 October 28, 2015 audiofile vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-028 Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
Quarterly update closes 140 vulnerabilities in different applications...
[USN-2788-1] unzip vulnerabilities
========================================================================== Ubuntu Security Notice USN-2788-1 October 29, 2015 unzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
cURL security vulnerabilitiies
Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS...
unzip security vulneravilities
DoS, code execution...
[USN-2783-1] NTP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2783-1 October 27, 2015 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ntp multiple security vulnerabilities
Multiple memory corruptions...
NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability
Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...
Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin
Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...
CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin
Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...
[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04863612 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863612 Version: 1 HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of...
CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins
Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N Description ================ A stored XSS vulnerability in YouTube Embed 3.3.2 and...
CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution
Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/Hw7RLg . CVE ID: CVE-2015-6576 Product: Bamboo. Affected Bamboo product versions: 2.2 = version 5.8.5 5.9.0 = version 5.9.7 Summary: This advisory discloses a critical severity security vulnerability tha...
[SECURITY] [DSA 3369-1] zendframework security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3369-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 06, 2015 https://www.debian.org/security/faq -...
JSPMySQL Administrador CSRF & XSS Vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador https://sites.google.com/site/mfpledon/producao-de-software Product:...
CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection
Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...
CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine
Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...
CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...
Apache James Server 2.3.2 security vulnerability fixed
Severity: Important Vendor: The Apache Software Foundation Versions Affected: James Server 2.3.2 Description: Apache James Server 2.3.2 has security issue that can let a user execute arbitrary system command for servers configured with file based user repositories. Mitigation: 2.3.2 users should...
[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
secunet Security Networks AG Security Advisory Advisory: Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date published: 2015-09-14 CVSSv2 Score: 3,5...
CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine
Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine CVE: CVE-2015-5076 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that the web application was vulnerable to reflective Cross-Site Scripting wher...
Zope Management Interface CSRF vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application...
[SECURITY] [DSA 3375-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting
Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Viewer" servlet itself. This is NOT the case, but...
WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability
Document Title: =============== WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1614 Release Date: ============= 2015-10-07 Vulnerability Laboratory ID VL-ID: ==================================== 1614...
HP Asset Manager information disclosure
No description provided...
CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin
Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Iberia Medeiros Vulnerability Details:...
Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vtiger CRM Authenticated Remote Code Execution CVE-2015-6000 http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html 1. Summary 2. Vulnerability Details 3. Exploitation / Proof of Concept 4. Timeline 5. See Also 1. Summary Vtiger CRM...
[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin
Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin CVE: CVE-2015-7670 Vendor: Tim Dahlmanns Product: Support Ticket System Affected version: 1.2 Fixed version: 1.2.1 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...
CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin
Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 Pending CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register...
TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390
Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...
Reflected Cross-Site Scripting (XSS) in iTop
Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23, 2015...
[CVE-2015-3623] Qlikview blind XXE Security Vulnerability
Exploit Title: Qlikview blind XXE security vulnerability Product: Qlikview Vulnerable Versions: v11.20 SR11 and previous versions Tested Version: v11.20 SR4 Advisory Publication: 08/09/2015 Latest Update: 08/09/2015 Vulnerability Type: Improper Restriction of XML External Entity Reference CWE-611...
[SECURITY] [DSA 3346-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3346-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 31, 2015 https://www.debian.org/security/faq -...
Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin
Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin CVE: CVE-2015-7667 Vendor: WordPress web-mv Product: ResAds Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...
[security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04863562 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863562 Version: 1 HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of...
[ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution
Hi, Yet another RCE bug in ManageEngine ServiceDesk. This was disclosed by ZDI under ID ZDI-15-396 on August 20th, and fixed in version 9103 1. Details below, full advisory can be obtained from my repo at E2. A Metasploit module that exploits this vulnerability has been submitted upstream in E3...
HP ArcSight Logger security vulnerabilities
Authentication bypass, information disclosure...