BugTraq Mode:
(Page 8 of 1675)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability 2016-04-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

Advisory ID: cisco-sa-20160413-ucs

Revision 1.0

Published: 2016 April 13 16:00 GMT
+------------------------------------------------

[ more ]  [ reply ]
Mybb Cms (create forum and edit) Cross-Site Script Vulnerability 2016-04-13
iedb team gmail com
xss vulnerability in mybb All version
test on 1.6.18 and 1.8.7
pic of bug : http://kkli.ir/tZa6l

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
#

[ more ]  [ reply ]
Webline CMS (2016Q2) - SQL Injection Vulnerability 2016-04-13
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Webline CMS (2016Q2) - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1823

Release Date:
=============
2016-04-13

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
Vbulletin Cms (Sendmessage.php Page) 0Day Exploit 2016-04-13
iedb team gmail com
Csrf & Dos Vulnerability in Vbulletin 4.* Version
tested on 4.2 Vbulletin Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ]  [ reply ]
[SE-2012-01] Yet another broken security fix in IBM Java 7/8 2016-04-12
Security Explorations (contact security-explorations com)

Hello All,

We discovered that yet another fix for a security vulnerability in IBM
Java (Issue 70 [1] assigned CVE-2013-5456) we reported to the company
in 2013 hasn't been fixed properly.

Again, the actual root cause of the issue hasn't been addressed at all.
There were no security checks introdu

[ more ]  [ reply ]
CAM UnZip v5.1 Archive Directory Traversal 2016-04-12
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/CAMUNZIP-ARCHIVE-PATH-TRAVERS
AL.txt

Vendor:
=================
www.camunzip.com

Product:
==============
CAM UnZip v5.1

Vulnerability Type:
======================
Archive Pa

[ more ]  [ reply ]
.NET Framework 4.6 allows side loading of Windows API Set DLL 2016-04-12
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

.NET Framework 4.6 allows side loading of Windows API Set DLL
------------------------------------------------------------------------

Yorick Koster, February 2016

--------------------------------------------------------------

[ more ]  [ reply ]
Open redirect on Google.com 2016-04-12
research nightwatchcybersecurity com
Overview
An open redirect is operating at www.google.com

Details
Google?s main website provides a subsite for displaying mobile-optimized pages published using a special subset of HTML called AMP. While this works for mobile devices, for non-mobile devices, this redirects to the original site, thus

[ more ]  [ reply ]
Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability 2016-04-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1822

Release Date:
=============
2016-04-12

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
[SECURITY] [DSA 3485-2] didiwiki security update 2016-04-12
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3485-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
April 12, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3547-1] imagemagick security update 2016-04-11
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3547-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
April 11, 2016

[ more ]  [ reply ]
ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability 2016-04-11
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability

EMC Identifier: ESA-2016-013

CVE Identifier: CVE-2016-0887

Severity Rating: CVSS v3 Base Score: 5.9 (AV:N/AC:H/P

[ more ]  [ reply ]
Blind SQL injections in CivicRM 2016-04-11
Simon Waters \(Surevine\) (simon waters surevine com)
CivicRM extends common CMS platforms (WordPress, Drupal) with a module to manage Civic campaigns, tracking donors, amounts, and campaign CRM type activity.

I tested the WordPress integration of CivicRM 4.7b3 which was found to have blind SQL Injections that allow authenticated users to download arb

[ more ]  [ reply ]
[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 2016-04-10
Pedro Ribeiro (pedrib gmail com)
Hi,

Novell Service Desk (now rebranded as Micro Focus Service Desk) 7.1.0
and below has a number of critical vulnerabilities that allow remote
code execution, information disclosure, etc, by authenticated users.
Check the full advisory below for details. Novell / Micro Focus have
documented these v

[ more ]  [ reply ]
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability 2016-04-10
iedb team gmail com
Xss Vulnerability In Directadmin ControlPanel 1.50.0 and Old Version 1.4*

Pic : http://kkli.ir/VPFl5

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@

[ more ]  [ reply ]
OpenCart json_decode function Remote PHP Code Execution 2016-04-09
r3s34rch3r yahoo com
##
# OpenCart json_decode function Remote PHP Code Execution
#
# Author: Naser Farhadi
# Twitter: @naserfarhadi
#
# Date: 9 April 2016 # Version: 2.1.0.2 to 2.2.0.0 (Latest version)
# Vendor Homepage: http://www.opencart.com/
#
# Vulnerability:
# ------------
# /upload/system/helper/json.php
# $matc

[ more ]  [ reply ]
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability 2016-04-09
iedb team gmail com
Xss Vulnerability in Directadmin ControlPanel 1.50.0 And All Versions

Pic for example : http://kkli.ir/VPFl5

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@

[ more ]  [ reply ]
WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt

Vendor:
===========
wpn-xm.org

Product:
==============================================
WPN-XM Serverstack for Windows - Version 0.8.6

WPN-XM is a free and op

[ more ]  [ reply ]
WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt

Vendor:
===========
wpn-xm.org

Product:
==============================================
WPN-XM Serverstack for Windows - Version 0.8.6

WPN-XM is a free and op

[ more ]  [ reply ]
CSRF - MySQL / PHP.INI Hijacking 2016-04-09
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt

Vendor:
===========
wpn-xm.org

Product:
==============================================
WPN-XM Serverstack for Windows - Version 0.8.6

WPN-XM is a free and op

[ more ]  [ reply ]
WPN-XM Serverstack v0.8.6 XSS 2016-04-09
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-XSS.txt

Vendor:
===========
wpn-xm.org

Product:
========
WPN-XM Serverstack for Windows - Version 0.8.6

WPN-XM is a free and open-source web server solution stack for

[ more ]  [ reply ]
Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability 2016-04-10
iedb team gmail com
Xss Vulnerability in Directadmin cp ( Delete User ) on 1.50.0 And Old Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ]  [ reply ]
CVE-2016-2170: Apache OFBiz information disclosure vulnerability 2016-04-08
jleroux (at) apache (dot) org [email concealed] (jleroux apache org)
==========================================
CVE-2016-2170: Apache OFBiz information disclosure vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache OFBiz 13.07.02 and 13.07.01
Apache OFBiz 12.04.05 and earlier releases in the series (12.04.*)
The unsup

[ more ]  [ reply ]
CVE-2015-3268: Apache OFBiz information disclosure vulnerability 2016-04-08
jleroux (at) apache (dot) org [email concealed] (jleroux apache org)
CVE-2015-3268: Apache OFBiz information disclosure vulnerability

==========================================
Severity: Moderate

Vendor:
The Apache Software Foundation

Versions Affected:
Apache OFBiz 13.07.02 and 13.07.01
Apache OFBiz 12.04.05 and earlier releases in the series (12.04.*)
The unsupp

[ more ]  [ reply ]
JAWS Weak Service Permissions leads to Privilege Escalation 2016-04-08
Heimbuecher003 connect wcsu edu
JAWS Weak Service Permissions leads to Privilege Escalation

Vendor Website : http://www.freedomscientific.com/Products/Blindness/JAWS

INDEX
===============================================
1. Background
2. Description
3. CVSS 3.0 Base Metrics
4. Affected Products
5. Vulnerability
6. Solution
7. Cr

[ more ]  [ reply ]
AccelSite Content Manager v1.0 - SQL Injection Vulnerability 2016-04-08
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
AccelSite Content Manager v1.0 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1817

Release Date:
=============
2016-04-07

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
[SECURITY] [DSA 3546-1] optipng security update 2016-04-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3546-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3545-1] cgit security update 2016-04-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3545-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 07, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3544-1] python-django security update 2016-04-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3544-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 07, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection 2016-04-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05073504

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05073504
Version: 1

HPSBGN03570 r

[ more ]  [ reply ]
(Page 8 of 1675)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus