|
|
Colapse all |
Post message
Cross-Site Request Forgery in Atahualpa WordPress Theme 2017-03-01 Summer of Pwnage (lists securify nl) Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery ------------------------------------------------------------------------ Radjnies Bhansingh, July 2016 ---------------------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery in WordPress Download Manager Plugin 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery in WordPress Download Manager Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ---------------------------------------------------------------- [ more ] [ reply ] Persistent Cross-Site Scripting in the WordPress NewStatPress plugin 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Persistent Cross-Site Scripting in the WordPress NewStatPress plugin ------------------------------------------------------------------------ Han Sahin, July 2016 --------------------------------------------------------------- [ more ] [ reply ] Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin ------------------------------------------------------------------------ Radjnies Bhansingh, July 2016 --------------------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery in Global Content Blocks WordPress Plugin 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery in Global Content Blocks WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ----------------------------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery in File Manager WordPress plugin 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery in File Manager WordPress plugin ------------------------------------------------------------------------ David Vaartjes, July 2016 ------------------------------------------------------------------- [ more ] [ reply ] Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------ [ more ] [ reply ] Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field ------------------------------------------------------------------------ Burak Kelebek, July 2016 ----------------------------- [ more ] [ reply ] Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability 2017-03-01 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2016 ------------------------- [ more ] [ reply ] Multiple persistent Cross-Site Scripting vulnerabilities in osTicket 2017-02-28 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Multiple persistent Cross-Site Scripting vulnerabilities in osTicket ------------------------------------------------------------------------ Han Sahin, July 2016 --------------------------------------------------------------- [ more ] [ reply ] Advisory X41-2017-001: Multiple Vulnerabilities in X.org 2017-02-28 X41 D-Sec GmbH Advisories (advisories x41-dsec de) X41 D-Sec GmbH Security Advisory: X41-2017-001 Multiple Vulnerabilities in X.org ================================= Overview -------- Vendor: X.org/Freedesktop.org Vendor URL: https://www.x.org/wiki/ Credit: X41 D-Sec GmbH, Eric Sesterhenn Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2 [ more ] [ reply ] [SECURITY] [DSA 3788-2] tomcat8 regression update 2017-02-22 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information 2017-02-21 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053983 22 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05398322 Version: 1 HPESBHF03709 rev.1 [ more ] [ reply ] APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 2017-02-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Logic Pro X 10.3.1 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 or later (64 bit) Impact: Opening a maliciously crafted GarageBand Project file may lead to arbit [ more ] [ reply ] PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability 2017-02-20 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2029 Release Date: ============= 2017-01-30 Vulnerability Laboratory ID (VL-ID): ==================== [ more ] [ reply ] [SYSS-2017-004] Simplessus Files: Path Traversal 2017-02-16 adrian vollmer syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-004 Product: Simplessus Files Manufacturer: Simplessus Affected Version(s): 3.7.7 Tested Version(s): 3.7.7 Vulnerability Type: Path Traversal (CWE-22) Risk Level: High Solution Status: Fixed Manufacturer Notification: January 2 [ more ] [ reply ] [SYSS-2017-001] Simplessus Files: SQL Injection 2017-02-16 adrian vollmer syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-001 Product: Simplessus Files Manufacturer: Simplessus Affected Version(s): 3.7.7 Tested Version(s): 3.7.7 Vulnerability Type: SQL Injection (CWE-89) Risk Level: High Solution Status: Open Manufacturer Notification: January 25, [ more ] [ reply ] KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability 2017-02-16 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability Title: Trendmicro InterScan Remote Root Access Vulnerability Advisory ID: KL-001-2017-003 Publication Date: 2017.02.15 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-003.txt 1. Vulnerability Detai [ more ] [ reply ] KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write 2017-02-16 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write Title: Trendmicro InterScan Arbitrary File Write Advisory ID: KL-001-2017-001 Publication Date: 2017.02.15 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-001.txt 1. Vulnerability Details Affected Vendor [ more ] [ reply ] Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability 2017-02-15 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability Advisory ID: cisco-sa-20170215-ucs Revision 1.0 For Public Release 2017 February 15 16:00 UTC (GMT) +-------------------------------------------------------------------- [ more ] [ reply ] CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only) 2017-02-15 Andrey B. Panfilov (andrew panfilov tel) CVE Identifier: CVE-2017-5585 Vendor: OpenText Affected products: OpenText Documentum Content Server 7.3 (PostgreSQL builds only) Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Fix: not available Description: Previously announced fix [ more ] [ reply ] Advisory X41-2017-002: Multiple Vulnerabilities in ytnef 2017-02-15 X41 D-Sec GmbH Advisories (advisories x41-dsec de) X41 D-Sec GmbH Security Advisory: X41-2017-002 Multiple Vulnerabilities in ytnef ================================= Overview -------- Severity Rating: High Confirmed Affected Versions: 1.9 and earlier Confirmed Patched Versions: 1.9.1 Vendor: Yerase Vendor URL: https://github.com/Yeraze/ytnef Vect [ more ] [ reply ] CVE-2017-5586: Remote code execution in OpenText Documentum D2 2017-02-15 Andrey B. Panfilov (andrew panfilov tel) CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4.x Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description: Document D2 contains vulnerable BeanShell (bsh) and Apache Commons libraries and acc [ more ] [ reply ] [security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information 2017-02-14 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053908 93 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05390893 Version: 1 HPESBHF03703 rev.1 [ more ] [ reply ] Cisco Security Response: Cisco Smart Install Protocol Misuse 2017-02-14 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Response: Cisco Smart Install Protocol Misuse Response ID: cisco-sr-20170214-smi Revision 1.0 For Public Release 2017 February 14 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= [ more ] [ reply ] [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information 2017-02-14 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053908 49 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05390849 Version: 1 HPESBGN03697 rev.1 [ more ] [ reply ] [security bulletin] HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities 2017-02-14 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053907 22 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05390722 Version: 1 HPSBMU03691 rev.1 [ more ] [ reply ] |
|
Privacy Statement |
Cross-Site Request Forgery in Atahualpa WordPress Theme
------------------------------------------------------------------------
Spyros Gasteratos, July 2016
--------------------------------------------------------------------
[ more ] [ reply ]