|
|
Colapse all |
Post message
WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking 2016-04-09 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt Vendor: =========== wpn-xm.org Product: ============================================== WPN-XM Serverstack for Windows - Version 0.8.6 WPN-XM is a free and op [ more ] [ reply ] CSRF - MySQL / PHP.INI Hijacking 2016-04-09 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt Vendor: =========== wpn-xm.org Product: ============================================== WPN-XM Serverstack for Windows - Version 0.8.6 WPN-XM is a free and op [ more ] [ reply ] WPN-XM Serverstack v0.8.6 XSS 2016-04-09 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-XSS.txt Vendor: =========== wpn-xm.org Product: ======== WPN-XM Serverstack for Windows - Version 0.8.6 WPN-XM is a free and open-source web server solution stack for [ more ] [ reply ] CVE-2016-2170: Apache OFBiz information disclosure vulnerability 2016-04-08 jleroux (at) apache (dot) org [email concealed] (jleroux apache org) ========================================== CVE-2016-2170: Apache OFBiz information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 13.07.02 and 13.07.01 Apache OFBiz 12.04.05 and earlier releases in the series (12.04.*) The unsup [ more ] [ reply ] CVE-2015-3268: Apache OFBiz information disclosure vulnerability 2016-04-08 jleroux (at) apache (dot) org [email concealed] (jleroux apache org) CVE-2015-3268: Apache OFBiz information disclosure vulnerability ========================================== Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 13.07.02 and 13.07.01 Apache OFBiz 12.04.05 and earlier releases in the series (12.04.*) The unsupp [ more ] [ reply ] JAWS Weak Service Permissions leads to Privilege Escalation 2016-04-08 Heimbuecher003 connect wcsu edu JAWS Weak Service Permissions leads to Privilege Escalation Vendor Website : http://www.freedomscientific.com/Products/Blindness/JAWS INDEX =============================================== 1. Background 2. Description 3. CVSS 3.0 Base Metrics 4. Affected Products 5. Vulnerability 6. Solution 7. Cr [ more ] [ reply ] AccelSite Content Manager v1.0 - SQL Injection Vulnerability 2016-04-08 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== AccelSite Content Manager v1.0 - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1817 Release Date: ============= 2016-04-07 Vulnerability Laboratory ID (VL-ID): ======================== [ more ] [ reply ] [SECURITY] [DSA 3544-1] python-django security update 2016-04-07 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection 2016-04-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05073504 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05073504 Version: 1 HPSBGN03570 r [ more ] [ reply ] Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability 2016-04-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1813 Release Date: ============= 2016-04-05 Vulnerability Laboratory ID (VL-ID): ============================ [ more ] [ reply ] Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability 2016-04-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1811 Release Date: ============= 2016-04-05 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities 2016-04-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1816 Release Date: ============= 2016-04-06 Vulnerability Laboratory ID (VL-ID): === [ more ] [ reply ] Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability 2016-04-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1812 Release Date: ============= 2016-04-06 Vulnerability Laboratory ID (VL-ID): ================= [ more ] [ reply ] Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability 2016-04-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1810 Release Date: ============= 2016-04-04 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) 2016-04-06 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05073670 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05073670 Version: 1 HPSBST03568 r [ more ] [ reply ] [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information 2016-04-06 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05068681 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05068681 Version: 2 HPSBGN03569 r [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability 2016-04-06 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability Advisory ID: cisco-sa-20160406-remcode Revision 1.0 For Public Release 2016 April 6 16:00 UTC (GMT) +-------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability 2016-04-06 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability Advisory ID: cisco-sa-20160406-privauth Revision 1.0 For Public Release 2016 April 6 16:00 UTC (GMT) +---------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability 2016-04-06 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability Advisory ID: cisco-sa-20160406-cts2 Revision 1.0 For Public Release 2016 April 6 16:00 UTC (GMT) +-------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability 2016-04-06 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability Advisory ID: cisco-sa-20160406-ucs Revision 1.0 For Public Release 2016 April 06 16:00 GMT (UTC) +--------------------------------------------------------------------- Summ [ more ] [ reply ] Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability 2016-04-06 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability Advisory ID: cisco-sa-20160406-cts1 Revision 1.0 For Public Release 2016 April 6 16:00 UTC (GMT) +--------------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability 2016-04-06 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability Advisory ID: cisco-sa-20160406-cts Revision 1.0 For Public Release 2016 April 6 16:00 UTC (GMT) +-------------------------------------------------------------- [ more ] [ reply ] CVE-2016-3672 - Unlimiting the stack not longer disables ASLR 2016-04-06 Hector Marco-Gisbert (hecmargi upv es) Hi everyone, We have fixed an old and very known weakness in the Linux ASLR implementation. The weakness allowed any user able to running 32-bit applications in a x86 machine disable the ASLR by setting the RLIMIT_STACK resource to unlimited. This is a very old trick to disable ASLR, but unfortun [ more ] [ reply ] SQL Injection in SocialEngine 2016-04-06 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23286 Product: SocialEngine Vendor: Webligo Vulnerable Version(s): 4.8.9 and probably prior Tested Version: 4.8.9 Advisory Publication: December 21, 2015 [without technical details] Vendor Notification: December 21, 2015 Public Disclosure: April 6, 2016 Vulnerability Type: SQL In [ more ] [ reply ] [slackware-security] subversion (SSA:2016-097-01) 2016-04-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] subversion (SSA:2016-097-01) New subversion packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] |
|
Privacy Statement |
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt
Vendor:
===========
wpn-xm.org
Product:
==============================================
WPN-XM Serverstack for Windows - Version 0.8.6
WPN-XM is a free and op
[ more ] [ reply ]