BugTraq Mode:
(Page 11 of 1621)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability 2015-06-05
alex_haynes outlook com
Exploit Title: Wing FTP Server Remote Code Execution vulnerability
Product: Wing FTP Server
Vulnerable Versions: 4.4.6 and all previous versions
Tested Version: 4.4.6
Advisory Publication: 05/06/2015
Latest Update: 05/06/2015
Vulnerability Type: Improper Control of Generation of Code [CWE-94]
CVE Re

[ more ]  [ reply ]
IBM Watson (Cognea) - XSS and Redirect Vulnerabilities 2015-06-04
jerold v00d00sec com
# Vulnerability type: Cross-site Scripting & Redirect
# Vendor: www.ibm.com
# Product: IBM Watson Cloud Computing SaaS (Cognea)
# Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/
# Credit: Jerold Hoong

The logout.jsp page function of the IBM Watson (Cognea) SaaS application is
vuln

[ more ]  [ reply ]
[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) 2015-06-03
Pedro Ribeiro (pedrib gmail com)
Hi,

tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE.
SysAid have informed me they all have been fixed in 15.2, but no
re-test was performed.

Full advisory below, and a copy can be obtained at [1].
5 Metasploit modules have been released and currently awaiting merge
in the moderat

[ more ]  [ reply ]
[SECURITY] [DSA 3278-1] libapache-mod-jk security update 2015-06-03
Markus Koschany (apo gambaru de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3278-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Markus Koschany
June 03, 2015

[ more ]  [ reply ]
ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability 2015-06-03
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability

EMC Identifier: ESA-2015-091

CVE Identifier: CVE-2015-0541

Severity Rating: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

· RSA Web Threa

[ more ]  [ reply ]
Local PHP File Inclusion in ResourceSpace 2015-06-03
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23258
Product: ResourceSpace
Vendor: Montala Limited
Vulnerable Version(s): 7.1.6513 and probably prior
Tested Version: 7.1.6513
Advisory Publication: May 6, 2015 [without technical details]
Vendor Notification: May 6, 2015
Vendor Patch: June 1, 2015
Public Disclosure: June 3, 20

[ more ]  [ reply ]
Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability 2015-06-03
banana88 inbox com

Document Title:
===============
Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1503

Release Date:
=============
2015-06-03

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Safari Address Spoofing - Impact, Code, How It Works, History 2015-06-03
David Leo (david leo deusen co uk)
Impact:
"It works on fully patched versions of iOS and OS X"
Reference:
http://arstechnica.com/security/2015/05/safari-address-spoofing-bug-coul
d-be-used-in-phishing-malware-attacks/

Code(JavaScript):
function f()
{
location="http://www.dailymail.co.uk/home/index.html?random="+Math.rando
m();
}
set

[ more ]  [ reply ]
[SECURITY] [DSA 3249-2] jqueryui security update 2015-06-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3249-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
June 02, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3277-1] wireshark security update 2015-06-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3277-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 02, 2015

[ more ]  [ reply ]
WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability 2015-06-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1500

Release Date:
=============
2015-06-01

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
vfront-0.99.2 CSRF & Persistent XSS 2015-06-02
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt

Vendor:
==============
www.vfront.org

Product:
========================================================================
===========
vfront-0.99.

[ more ]  [ reply ]
Enhanced SQL Portal 5.0.7961 XSS Vulnerability 2015-06-02
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt

Vendor:
www.eliacom.com
www.eliacom.com/mysql-gui-download.php

Product:
Enhanced SQL Portal 5.0.7961 web based MySQL administration appli

[ more ]  [ reply ]
Freebox OS Web interface 3.0.2 XSS, CSRF 2015-06-01
huyngocbk gmail com
Hello list,

Here are two CVEs I reported to Freebox, a french ISP:
- CVE-2014-9382 - CSRF in VPN user account creation
- CVE-2014-9405 - XSS

Vulnerable product: Freebox OS Web interface 3.0.2.

CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation
===========

[ more ]  [ reply ]
t2'15: Call for Papers 2015 (Helsinki / Finland) 2015-06-01
Tomi Tuominen (tomi tuominen t2 fi)
#
# t2'15 - Call For Papers (Helsinki, Finland) - October 29 - 30, 2015
#

Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without

[ more ]  [ reply ]
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] 2015-06-01
pan vagenas gmail com
# Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://wpmembership.e-plugins.com/
# Software Link: http://codecanyon.net/item/wp-membership/10066554
# Version: 1.2.3
# Tested on: WordPress 4.2.2
# CVE: CVE-201

[ more ]  [ reply ]
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] 2015-06-01
pan vagenas gmail com
# Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://wpmembership.e-plugins.com/
# Software Link: http://codecanyon.net/item/wp-membership/10066554
# Version: 1.2.3
# Tested on: WordPress 4.2.2
# CV

[ more ]  [ reply ]
WebDrive Buffer OverFlow PoC 2015-06-01
banana88 inbox com
#!/usr/bin/python
#Exploit Title:WebDrive Buffer OverFlow PoC
#Author: metacom
#Vendor Homepage: http://www.webdrive.com/products/webdrive/
#Software Link: https://www.webdrive.com/products/webdrive/download/
#Version: 12.2 (build # 4172) 32 bit
#Date found: 31.05.2015
#Date published: 31.05.201

[ more ]  [ reply ]
Ektron CMS 9.10 SP1 - XSS Vulnerability 2015-05-31
jerold v00d00sec com
# Vulnerability type: Cross-site Scripting
# Vendor: http://www.ektron.com/
# Product: Ektron Content Management System
# Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.102)
# Patched version: 9.10 SP1 (Build 9.1.0.184.1.114)
# Credit: Jerold Hoong

# PROOF OF CONCEPT (XSS)

Cross-site scripting

[ more ]  [ reply ]
Ektron CMS 9.10 SP1 - CSRF Vulnerability 2015-05-31
jerold v00d00sec com
# Vulnerability type: Cross-site Request Forgery
# Vendor: http://www.ektron.com/
# Product: Ektron Content Management System
# Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.114)
# Patched version: 9.10 SP1 (Build 9.1.0.184.1.120)
# CVE ID: CVE-2015-3624
# Credit: Jerold Hoong

# PROOF OF CONCEP

[ more ]  [ reply ]
[SECURITY] [DSA 3276-1] symfony security update 2015-05-31
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3276-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ David Prevot
May 31, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3269-2] postgresql-9.1 regression update 2015-05-31
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3269-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 31, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3275-1] fusionforge security update 2015-05-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3275-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2015

[ more ]  [ reply ]
[security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04521018

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04521018
Version: 1

HPSBMU03223 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04571454

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04571454
Version: 2

HPSBMU03261 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04576624

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04576624
Version: 2

HPSBMU03267 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574073

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574073
Version: 3

HPSBMU03263 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04676133

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04676133
Version: 1

HPSBGN03332 r

[ more ]  [ reply ]
JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities 2015-05-29
apparitionsec gmail com
Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org

Source:
http://hyp3rlinx.altervista.org/advisories/AS-JSPMYADMIN0529.txt

Vendor:
code.google.com/p/jsp-myadmin

Product:
JSPAdmin 1.1 is a Java web based MySQL database management system.

Advisory Information:
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3274-1] virtualbox security update 2015-05-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3274-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 28, 2015

[ more ]  [ reply ]
(Page 11 of 1621)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus