|
|
Colapse all |
Post message
WebCalendar v1.2.7 CSRF Protection Bypass 2016-07-04 hyp3rlinx lycos com [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTE CTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: ========================== www.k5n.us/webcalendar.php Product: ================== [ more ] [ reply ] WebCalendar v1.2.7 CSRF Protection Bypass 2016-07-04 hyp3rlinx lycos com [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTE CTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: ========================== www.k5n.us/webcalendar.php Product: ================== [ more ] [ reply ] HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation 2016-07-04 Andrey B. Panfilov (andrew panfilov tel) Vendor: EMC Product: Documentum WDK-based applications, all versions Security impact: high All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator, EPFM) contain extremely dangerous web component â?? API Tester. The â??API Testerâ? component wanâ??t designed with [ more ] [ reply ] WebCalendar v1.2.7 PHP Code Injection 2016-07-04 hyp3rlinx lycos com [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-PHP-CODE-I NJECTION.txt [+] ISR: ApparitionSec Vendor: ========================== www.k5n.us/webcalendar.php Product: ================== WebC [ more ] [ reply ] [FD]CVE ID request : SQL injection in 24Online Client 2016-07-03 rahullraz gmail com Software name: 24 online Version: 8.3.6 build 9.0 Vendor website: http://24onlinebilling.com Potentially others versions older than this are vulnerable too. Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The invoiceid GET parameter [ more ] [ reply ] [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage 2016-07-02 Robbie Gemmell (robbie apache org) [CVE-2016-4974] Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Qpid AMQP 0-x JMS client 6.0.3 and earlier Qpid JMS (AMQP 1.0) client 0.9.0 and earlier Description: When applications call g [ more ] [ reply ] [security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information 2016-07-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05193347 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05193347 Version: 1 HPSBGN03627 r [ more ] [ reply ] [security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam 2016-07-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05193083 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05193083 Version: 1 HPSBGN03626 r [ more ] [ reply ] KL-001-2016-003 : SQLite Tempdir Selection Vulnerability 2016-07-01 KoreLogic Disclosures (disclosures korelogic com) KL-001-2016-003 : SQLite Tempdir Selection Vulnerability Title: SQLite Tempdir Selection Vulnerability Advisory ID: KL-001-2016-003 Publication Date: 2016.07.01 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt 1. Vulnerability Details Affected Vendor: SQLi [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking 2016-07-01 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installer for Microsoft's Visual Studio 2015 Community Edition, available from <https://www.visualstudio.com/>, is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1 it loads the following DLLs from its "application directory" instead of Windows' "system directory" [ more ] [ reply ] Logic security flaw in TP-LINK - tplinklogin.net 2016-07-01 Info cybermoon cc TP-LINK forgot to buy the domain www.tplinklogin.net which is beings used to configure many of the hardwares they have, like routers configuration. The domain is available to buy via escort service, so potential attacker can get it, it's all about money. There is unknown holder who have the domai [ more ] [ reply ] [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c 2016-06-30 wpengfeinudt gmail com I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here. This was found in Linux kernel file Linux-4.5/drivers/s390/char/sclp_ctl.c, and crafted user space data change under race condition will lead to consequenc [ more ] [ reply ] [CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c 2016-06-30 wpengfeinudt gmail com I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here. This was found in Linux kernel file Linux-4.5/drivers/misc/mic/host/mic_virtio.c, and crafted user space data change under race condition will lead to cons [ more ] [ reply ] CA20160627-01: Security Notice for Release Automation 2016-06-30 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20160627-01: Security Notice for Release Automation Issued: June 27, 2016 Last Updated: June 27, 2016 CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow [ more ] [ reply ] [SECURITY] [DSA 3611-1] libcommons-fileupload-java security update 2016-06-30 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3610-1] xerces-c security update 2016-06-29 Salvatore Bonaccorso (carnil debian org) BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs 2016-06-29 Blue Frost Security Research Lab (research bluefrostsecurity de) ________________________________________________________________________ Vendor: Huawei, www.huawei.com Affected Product: HiSuite for Windows Affected Version: <= 4.0.3.301 CVE ID: CVE-2016-5821 OVE ID: OVE-20160624-0001 Severity: High Author: Benjamin Gnahm (@mitp0sh), Blue Frost Security GmbH Tit [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability 2016-06-29 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability Advisory ID: cisco-sa-20160629-piauthbypass Revision 1.0 For Public Release 2016 June 29 16:00 UTC (GMT) +----------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability 2016-06-29 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability Advisory ID: cisco-sa-20160629-cpcpauthbypass Revision 1.0 For Public Release 2016 June 29 16:00 UTC (GMT) +---------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability 2016-06-29 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Firepower System Software Static Credential Vulnerability Advisory ID: cisco-sa-20160629-fp Revision 1.0 For Public Release 2016 June 29 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A [ more ] [ reply ] CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD 2016-06-29 Cantor, Scott (cantor 2 osu edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Xerces-C XML Parser library versions prior to V3.1.4 Description: The Xerces-C XML parser fail [ more ] [ reply ] Symantec SEPM v12.1 Multiple Vulnerabilities 2016-06-29 hyp3rlinx lycos com [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS. txt [+] ISR: ApparitionSec Vendor: ================ www.symantec.com Product: =========== SEPM Symantec Endpoint Protection Manage [ more ] [ reply ] KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution 2016-06-28 KoreLogic Disclosures (disclosures korelogic com) KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date: 2016.06.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt 1. [ more ] [ reply ] |
|
Privacy Statement |
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTE
CTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
==========================
www.k5n.us/webcalendar.php
Product:
==================
[ more ] [ reply ]