|
|
Colapse all |
Post message
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability 2016-06-28 Egidio Romano (research karmainsecurity com) [KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities 2016-06-28 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ - Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities ------------------------------------------------------------------------ - [-] Software Link: https://www.concrete5.org/ [-] Affected Versions: Ver [ more ] [ reply ] [KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities 2016-06-28 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ -- Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities ------------------------------------------------------------------------ -- [-] Software Link: https://www.concrete5.org/ [-] Affected Versions: [ more ] [ reply ] Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities 2016-06-28 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1862 CWE-89 CWE-79 CWE-264 http://cwe.mitre.org/data/definitions/89 http://cwe.mitre.org/data/definitions/ [ more ] [ reply ] Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability 2016-06-28 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1863 Release Date: ============= 2016-06-27 Vulnerability Laboratory ID (VL-ID): =================================== [ more ] [ reply ] Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability 2016-06-28 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1858 Release Date: ============= 2016-06-21 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability 2016-06-28 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1849 Release Date: ============= 2016-06-27 Vulnerability Laboratory ID (VL-ID): ================= [ more ] [ reply ] Craft CMS affected by server side template injection 2016-06-27 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Craft CMS affected by server side template injection ------------------------------------------------------------------------ Nelson Berg & Jurgen Kloosterman, June 2016 -------------------------------------------------------- [ more ] [ reply ] BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability 2016-06-27 mehmet mehmetince net 1. ADVISORY INFORMATION ======================================== Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability Application: BigTree CMS Remotely Exploitable: Yes Versions Affected: < 4.2.11 Vendor URL: https://www.bigtreecms.org Bugs: SQL Injection Author: Mehmet Ince Dat [ more ] [ reply ] [fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection 2016-06-27 Matt Bush (matt 3xocyte net) Product: https://www.untangle.com/untangle-ng-firewall/ Description: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to execute arbitrary [ more ] [ reply ] MyLittleForum v2.3.5 PHP Command Injection 2016-06-27 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTI ON.txt [+] ISR: APPARITIONSEC Vendor: ================= mylittleforum.net Download: github.com/ilosuna/mylittleforum/releases/tag/v2.3.5 Product [ more ] [ reply ] [slackware-security] php (SSA:2016-176-01) 2016-06-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-176-01) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.2 [ more ] [ reply ] #146416 Ruby:HTTP Header injection in 'net/http' 2016-06-24 redrain root (rootredrain gmail com) TIMELINE rootredrain submitted a report to Ruby. show raw Jun 22nd Hi, I would like to report a HTTP Header injection vulnerability in 'net/http' that allows attackers to inject arbitrary headers in request even create a new evil request. PoC require 'net/http' http = Net::HTTP.new('192.168.30. [ more ] [ reply ] SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure 2016-06-24 SEC Consult Vulnerability Lab (research sec-consult com) [KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability 2016-06-23 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ ----- SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability ------------------------------------------------------------------------ ----- [-] Software Link: http://www.sugarcrm.com/ [-] Affected Vers [ more ] [ reply ] [KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities 2016-06-23 Egidio Romano (research karmainsecurity com) --------------------------------------------------------- SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities --------------------------------------------------------- [-] Software Link: http://www.sugarcrm.com/ [-] Affected Versions: Version 6.5.18 CE and prior versions. [-] Vulnerabi [ more ] [ reply ] [KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities 2016-06-23 Egidio Romano (research karmainsecurity com) -------------------------------------------------------------- SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities -------------------------------------------------------------- [-] Software Link: http://www.sugarcrm.com/ [-] Affected Versions: Version 6.5.18 CE and prior versions. [ more ] [ reply ] [KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability 2016-06-23 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ ------ SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability ------------------------------------------------------------------------ ------ [-] Software Link: http://www.sugarcrm.com/ [-] Affected V [ more ] [ reply ] ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability 2016-06-22 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability EMC Identifier: ESA-2016-069 CVE Identifier: CVE-2016-0914 Severity Rating: CVSS v3 Base Score: 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) Affected [ more ] [ reply ] Open-Xchange Security Advisory 2016-06-22 2016-06-22 Martin Heiland (martin heiland open-xchange com) Product: OX App Suite Vendor: OX Software GmbH Internal reference: 45328 (Bug ID) Vulnerability type: Information Exposure (CWE-200) Vulnerable version: 7.8.1 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev43, 7.6.3-r [ more ] [ reply ] [ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability 2016-06-21 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver AS JAVA Versions Affected: SAP Application server for Java 7.2 - 7.4 Vendor URL: http://SAP.com Bugs: denial of service Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2259547 A [ more ] [ reply ] Magic values in 32-bit processes on 64-bit OS-es and how to exploit them 2016-06-21 Berend-Jan Wever (berendjanwever gmail com) (You can read all this information in more detail on http://blog.skylined.nl) Software components such as memory managers often use magic values to mark memory as having a certain state. These magic values can be used during debugging to determine the state of the memory, and have often (but not al [ more ] [ reply ] [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability 2016-06-21 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.2 - 7.4 Vendor URL: http://SAP.com Bugs: denial of service Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2256185 Author [ more ] [ reply ] [ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities 2016-06-21 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: XSS Sent: 29.09.2015 Reported: 30.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan [ more ] [ reply ] [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability 2016-06-21 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: information disclosure Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: [ more ] [ reply ] [slackware-security] pcre (SSA:2016-172-02) 2016-06-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] pcre (SSA:2016-172-02) New pcre packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/pcre-8.39-i486 [ more ] [ reply ] [slackware-security] libarchive (SSA:2016-172-01) 2016-06-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2016-172-01) New libarchive packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/li [ more ] [ reply ] APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 2016-06-20 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available and addresses the following: AirPort Base Station Firmware Available for: AirPort Express, AirPort Extr [ more ] [ reply ] |
|
Privacy Statement |
-------
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
------------------------------------------------------------------------
-------
[-] Software Link:
https://www.concrete5.org/
[-] Affec
[ more ] [ reply ]