BugTraq Mode:
(Page 3 of 1691)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: array("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions:

[ more ]  [ reply ]
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions: v2.0

[ more ]  [ reply ]
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions: v2.0

[ more ]  [ reply ]
WSO2-CARBON v4.4.5 CSRF / DOS 2016-08-13
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.t
xt

[+] ISR: ApparitionSec

Vendor:
============
www.wso2.com

Product:
==================
Ws02Carbon v4.4.5

WSO2 Carbon is the core p

[ more ]  [ reply ]
WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT 2016-08-13
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT
-XSS-COOKIE-THEFT.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.wso2.com

Product:
==================
Ws02Carbon v4.4.5

WSO2

[ more ]  [ reply ]
WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION 2016-08-13
apparitionsec gmail com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE
-INCLUSION.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.wso2.com

Product:
====================
Ws02Carbon v4.4.5

WSO2 Car

[ more ]  [ reply ]
WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity 2016-08-13
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-X
ML-External-Entity.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.wso2.com

Product:
============================
Wso2 Identity

[ more ]  [ reply ]
[SECURITY] [DSA 3648-1] wireshark security update 2016-08-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3648-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-08-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05206507

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05206507
Version: 2

HPSBGN03630 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) 2016-08-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05232730

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05232730
Version: 1

HPSBHF03440 r

[ more ]  [ reply ]
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel 2016-08-12
Maxim Solodovnik (solomax666 gmail com)
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: The value of the URL's "swf" query parameter is
interpolated into the JavaScript tag without being escaped, leading to
the reflected XSS.

All users are recommended to upgrade to Ap

[ more ]  [ reply ]
[SECURITY] [DSA 3647-1] icedove security update 2016-08-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3647-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2016

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% 2016-08-11
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

several of Microsoft's Sysinternals utilities extract executables
to %TEMP% and run them from there; the extracted executables are
vulnerable to DLL hijacking, allowing arbitrary code execution in
every user account and escalation of privilege in "protected
administrator" accounts [*].

* C

[ more ]  [ reply ]
[SECURITY] [DSA 3646-1] postgresql-9.4 security update 2016-08-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3646-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 11, 2016

[ more ]  [ reply ]
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) 2016-08-11
Rv3Lab.org (research rv3lab org)
###################################################

01. ### Advisory Information ###

Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime
Edition (Build 8)
Date published: n/a
Date of last update: n/a
Vendors contacted: ColoradoFTP author Sergei Abramov
Discovered by: Rv3Laboratory

[ more ]  [ reply ]
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1895

Release Date:
=============
2016-08-11

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Microsoft Education - Stored Cross Site Web Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Education - Stored Cross Site Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1897

Release Date:
=============
2016-08-10

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities 2016-08-10
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: SAP CAR Multiple Vulnerabilities
Advisory ID: CORE-2016-0006
Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
Date published: 2016-08-09
Date of last update: 2016-08-09
Vendors contacted: SAP
Release mode: Coordinated release

2. V

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2016-08-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160810-iosxr

Revision 1.0

For Public Release 2016 August 10 16:00 GMT

+------

[ more ]  [ reply ]
Internet Explorer iframe sandbox local file name disclosure vulnerability 2016-08-09
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Internet Explorer iframe sandbox local file name disclosure
vulnerability
------------------------------------------------------------------------

Yorick Koster, March 2016

-----------------------------------------------------

[ more ]  [ reply ]
Nagios NA v2.2.1 XSS 2016-08-09
hyp3rlinx lycos com
[+] Credits: John Page -HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-XSS.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.nagios.com

Product:
==============================
Nagios Network Analyzer v2.2.1

Net

[ more ]  [ reply ]
Notepad++6.9.2 DLL Hijacking Vulnerability 2016-08-08
mehta himanshu21 gmail com
Aloha,

Notepad++ contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to some DLL file is loaded by ?npp.6.9.2.Installer.exe? improperly. And it allows an attacker to load this DLL

[ more ]  [ reply ]
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1894

Release Date:
=============
2016-08-09

Vulnerability Laboratory ID (VL-ID):
====

[ more ]  [ reply ]
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1842

Fortinet PSIRT ID: 1737213

Release Notes: http://docs.fortinet.com/uploaded/files/3081/fortiVo

[ more ]  [ reply ]
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1896

Release Date:
=============
2016-08-08

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
AirSnort v0.2.7 Stack Corruption DOS 2016-08-09
hyp3rlinx lycos com
[+] Credits: Hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AIRSNORT-STACK-CORRUPTION-DOS
.txt

[+] ISR: ApparitionSec

Vendor:
==================================
sourceforge.net/projects/airsnort/

Product:
===============
AirSnort v0.2.

[ more ]  [ reply ]
Any Video Converter DLL Hijack 2016-08-09
hyp3rlinx lycos com
[+] Credits: HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ANY-VIDEO-CONVERTER-DLL-HIJAC
K.txt

[+] ISR: ApparitionSec

Vendor:
===========================
www.any-video-converter.com

Product:
====================================
AVCS

[ more ]  [ reply ]
Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin 2016-08-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery vulnerability in Add From Server WordPress
Plugin
------------------------------------------------------------------------

Edwin Molenaar, July 2016

--------------------------------------------------

[ more ]  [ reply ]
Nagios Network Analyzer v2.2.1 Multiple CSRF 2016-08-09
hyp3rlinx lycos com
[+] Credits: John Page -hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-MULTIPLE-CSR
F.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.nagios.com

Product:
==============================
Nagios Network Analyzer v

[ more ]  [ reply ]
[SECURITY] [DSA 3645-1] chromium-browser security update 2016-08-09
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3645-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
August 09, 2016

[ more ]  [ reply ]
(Page 3 of 1691)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus