|
|
Colapse all |
Post message
Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting 2016-05-03 Julien Ahrens (info rcesecurity com) LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability 2016-05-03 LSE-Advisories (advisories lsexperts de) === LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type: p [ more ] [ reply ] NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-03 bhadresh patel helpag com Title: ==== NetCommWireless HSPA 3G10WVE Wireless Router ? Multiple vulnerabilities Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-6023, CVE-2016-6024 Date: ==== 03-05-2016 (dd/mm/yyyy) Vendor: ====== NetComm Wireless is a leading [ more ] [ reply ] CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection 2016-05-03 Timo Juhani Lindfors (timo lindfors iki fi) CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not [ more ] [ reply ] [slackware-security] mercurial (SSA:2016-123-01) 2016-05-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mercurial (SSA:2016-123-01) New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +---------------------- [ more ] [ reply ] ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities 2016-05-02 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities EMC Identifier: ESA-2016-041 CVE Identifier: CVE-2016-0892, CVE-2016-0893, CVE-2016-0894, CVE-2016-0895 Severity Rating: CVSSv3 Base Score : Please view details below for individ [ more ] [ reply ] [SECURITY] [DSA 3564-1] chromium-browser security update 2016-05-02 Michael Gilbert (mgilbert debian org) Exploit-DB Captcha Bypass 2016-05-01 Rahul Pratap Singh (techno rps gmail com) ## FULL DISCLOSURE #Exploit Author : Rahul Pratap Singh #Home page Link : https://www.exploit-db.com/ #Website : https://0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 1/5/2016 ---------------------------------------- Description: ----------------------- [ more ] [ reply ] [slackware-security] subversion (SSA:2016-121-01) 2016-04-30 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] subversion (SSA:2016-121-01) New subversion packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] [slackware-security] php (SSA:2016-120-02) 2016-04-29 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-120-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.2 [ more ] [ reply ] [slackware-security] ntp (SSA:2016-120-01) 2016-04-29 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2016-120-01) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [security bulletin] HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution 2016-04-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04989404 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04989404 Version: 3 HPSBGN03547 r [ more ] [ reply ] [SECURITY] [DSA 3561-1] subversion security update 2016-04-29 Salvatore Bonaccorso (carnil debian org) SQL Injection in GLPI 2016-04-29 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23301 Product: GLPI Vendor: INDEPNET Vulnerable Version(s): 0.90.2 and probably prior Tested Version: 0.90.2 Advisory Publication: April 8, 2016 [without technical details] Vendor Notification: April 8, 2016 Vendor Patch: April 11, 2016 Public Disclosure: April 29, 2016 Vulnera [ more ] [ reply ] Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability 2016-04-29 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1839 Release Date: ============= 2016-04-29 Vulnerability Laboratory ID (VL-ID): ========== [ more ] [ reply ] Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream 2016-04-28 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll despite better knowledge and MULTIPLE bug/vulnerability reports (see <https://bugzilla.mozilla.org/show_bug.cgi?id=811557>, <https://bugzilla.mozilla.org/show_bug.cgi?id=809373>, <https://bugzilla.mozilla.org/show_bug.cgi?id=579593>, ...) Mozilla continues to ship Firefox and Thunderbird fo [ more ] [ reply ] [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) 2016-04-28 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05087821 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05087821 Version: 1 HPSBUX03583 S [ more ] [ reply ] CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* 2016-04-28 Hans Jerry Illikainen (hji dyntopia com) Details ======= An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. php-7.0.5/ext/zip/php_zip.c ,---- | 2679 static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int ty [ more ] [ reply ] CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27 Tony Homer (tony-- apache org) CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Severity: High Vendor: The Apache Software Foundation Versions Affected: cordova-ios 3.9.1 and below Description: Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the whitelist. An attacker [ more ] [ reply ] CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27 Tony Homer (ajh158 gmail com) CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Severity: High Vendor: The Apache Software Foundation Versions Affected: cordova-ios 3.9.1 and below Description: Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the whitelist. An attacker [ more ] [ reply ] CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS 2016-04-27 Tony Homer (tony-- apache org) CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS Severity: High Vendor: The Apache Software Foundation Versions Affected: cordova-ios 3.9.1 and below Description: An arbitrary plugin can be executed when a user clicks on a link. Upgrade path: Developers who are concerned a [ more ] [ reply ] EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection 2016-04-27 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection ------------------------------------------------------------------------ Han Sahin, November 2014 ---------------------------------------------------------------- [ more ] [ reply ] Oracle Discoverer Viewer BI - Open Redirect Vulnerability 2016-04-27 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Oracle Discoverer Viewer BI - Open Redirect Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1667 Oracle ID: S0666670 Release Date: ============= 2016-04-26 Vulnerability Laboratory ID (VL-ID): ======== [ more ] [ reply ] |
|
Privacy Statement |
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Swagger Editor
Vendor URL: https://github.com/swagger-api/swagger-editor
Type: Cross-Site Scriptin
[ more ] [ reply ]