|
|
Colapse all |
Post message
Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability 2016-11-07 Vulnerability Lab (research vulnerability-lab com) Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability 2016-11-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1870 Release Date: ============= 2016-11-03 Vulnerability Laboratory ID (VL-ID): ====================== [ more ] [ reply ] Faraznet Cms Cross-Site Scripting Vulnerability 2016-11-07 iedb team gmail com Cross-Site Scripting in Faraznet Cms Version 4.x ########################### # Faraznet Cms Cross-Site Scripting Vulnerability ########################### ##################################### # Iranian Exploit DataBase And Security Team - iedb.ir # Title : Faraznet Cms Cross-Site Scripting V [ more ] [ reply ] Faraznet Cms Cross-Site Scripting Vulnerability 2016-11-07 iedb team gmail com Cross-Site Scripting in Faraznet Cms Version 4.x ########################### # Faraznet Cms Cross-Site Scripting Vulnerability ########################### ##################################### # Iranian Exploit DataBase And Security Team - iedb.ir # Title : Faraznet Cms Cross-Site Scripting V [ more ] [ reply ] WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow 2016-11-05 apparitionsec gmail com/hyp3rlinx [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFF ER-OVERFLOW.txt [+] ISR: Apparition Security Vendor: ============ www.labf.com Product: ================ WinaXe v7.7 FTP The X W [ more ] [ reply ] Axessh 4.2.2 Denial Of Service 2016-11-05 apparitionsec gmail com/hyp3rlinx [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: ============ www.labf.com Product: ============= Axessh 4.2.2 Axessh is a SSH client. It is a supe [ more ] [ reply ] Rapid PHP Editor CSRF Remote Command Execution 2016-11-05 apparitionsec gmail com/hyp3rlinx [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-E XEC.txt [+] ISR: Apparition Security Vendor: ====================== www.rapidphpeditor.com Product: ============================== [ more ] [ reply ] [security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting 2016-11-04 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053258 23 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05325823 Version: 1 HPSBGN03656 rev.1 [ more ] [ reply ] [security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution 2016-11-04 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053258 11 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05325811 Version: 1 HPSBGN03657 rev.1 [ more ] [ reply ] KL-001-2016-009 : Sophos Web Appliance Remote Code Execution 2016-11-04 KoreLogic Disclosures (disclosures korelogic com) KL-001-2016-009 : Sophos Web Appliance Remote Code Execution Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-009.txt 1. Vulnerability Details Affected Vend [ more ] [ reply ] KL-001-2016-008 : Sophos Web Appliance Privilege Escalation 2016-11-04 KoreLogic Disclosures (disclosures korelogic com) KL-001-2016-008 : Sophos Web Appliance Privilege Escalation Title: Sophos Web Appliance Privilege Escalation Advisory ID: KL-001-2016-008 Publication Date: 2016.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-008.txt 1. Vulnerability Details Affected Vendor [ more ] [ reply ] MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) 2016-11-04 Dawid Golunski (dawid legalhackers com) CVE-2016-6664 / (Oracle)CVE-2016-5617 Vulnerability: MySQL / MariaDB / PerconaDB - Root Privilege Escalation Discovered by: Dawid Golunski @dawid_golunski https://legalhackers.com MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability whic [ more ] [ reply ] [security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection 2016-11-04 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247 59 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05324759 Version: 1 HPSBUX03665 rev.1 [ more ] [ reply ] Axessh 4.2.2 Denial Of Service 2016-11-04 apparitionsec gmail com/hyp3rlinx [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: ============ www.labf.com Product: ============= Axessh 4.2.2 Axessh is a SSH client. It is a supe [ more ] [ reply ] [security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS) 2016-11-02 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053211 07 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05321107 Version: 1 HPSBUX03664 SSRT11 [ more ] [ reply ] Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability 2016-11-02 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability Advisory ID: cisco-sa-20161102-cms Revision: 1.0 For Public Release 2016 November 2 16:00 UTC (GMT) +----------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability 2016-11-02 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability Advisory ID: cisco-sa-20161102-tl1 Revision: 1.0 For Public Release 2016 November 2 16:00 UTC (GMT) +------------------------------------------- [ more ] [ reply ] Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details 2016-11-01 Berend-Jan Wever (berendj nwever nl) Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the first entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161101001.html. There you can find a repro that triggered [ more ] [ reply ] [slackware-security] php (SSA:2016-305-04) 2016-11-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-305-04) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php [ more ] [ reply ] [slackware-security] mariadb (SSA:2016-305-03) 2016-11-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2016-305-03) New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/m [ more ] [ reply ] CfP and Special Session :: CyberSec2017 2016-11-01 Jackie Blanco (jackie sdiwc info) You are invited to participate in the following conference: THE FIFTH INTERNATIONAL CONFERENCE ON CYBER SECURITY, CYBER WELFARE AND DIGITAL FORENSIC (CyberSec2017) Venue: St. Mary's University, Addis Ababa, Ethiopia Dates: April 22-24, 2017 URL: http://sdiwc.net/conferences/6th-international-cyb [ more ] [ reply ] [slackware-security] x11 (SSA:2016-305-02) 2016-11-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] x11 (SSA:2016-305-02) New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) 2016-10-31 Ralf Spenneberg (info os-t de) OS-S Security Advisory 2016-23 Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) Date: October 31th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: Not yet assigned CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C) Severity: Critical Ease of Exploitation: Trivial Vulne [ more ] [ reply ] [HITB-Announce] HITB2017AMS CFP 2016-10-31 Hafez Kamal (aphesz hackinthebox org) The Call for Papers for the 8th annual Hack In The Box Security Conference in The Netherlands is now open! Call for Papers: https://cfp.hackinthebox.org/ Event Website: https://conference.hitb.org/hitbsecconf2017ams/ HITBSecConf has always been an attack oriented deep-knowledge research event aime [ more ] [ reply ] October 2016 - Crowd - Critical Security Advisory 2016-10-31 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/wykQMw . CVE ID: * CVE-2016-6496 - Crowd LDAP Java Object Injection Product: Crowd Affected Crowd Versions: 1.4.1 <= version < 2.8.8 2.9.0 <= version < 2. [ more ] [ reply ] [SECURITY] [DSA 3691-2] ghostscript regression update 2016-10-28 Salvatore Bonaccorso (carnil debian org) APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows 2016-10-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows iTunes 12.5.2 for Windows is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of use [ more ] [ reply ] [security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information 2016-10-27 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053201 49 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05320149 Version: 1 HPSBMU03653 rev.1 [ more ] [ reply ] [security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege 2016-10-27 HP Security Alert (hp-security-alert hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0523964 6 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05239646 Version: 1 HPSBHF3549 ThinkPwn UEFI BI [ more ] [ reply ] |
|
Privacy Statement |
===============
Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1871
Release Date:
=============
2016-11-04
Vulnerability Laboratory ID (VL-ID):
================
[ more ] [ reply ]