|
|
Colapse all |
Post message
CVE-2015-3251: Apache CloudStack VM Credential Exposure 2016-02-05 John Kinsella (jlk thrashyour com) WordPress User Meta Manager Plugin [Blind SQLI] 2016-02-04 pan vagenas gmail com * Exploit Title: WordPress User Meta Manager Plugin [Blind SQLI] * Discovery Date: 2015/12/28 * Public Disclosure Date: 2016/02/04 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: http://jasonlau.biz/home/ * Software Link: https://wordpress.org/plugi [ more ] [ reply ] WordPress User Meta Manager Plugin [Privilege Escalation] 2016-02-04 pan vagenas gmail com * Exploit Title: WordPress User Meta Manager Plugin [Privilege Escalation] * Discovery Date: 2015/12/28 * Public Disclosure Date: 2016/02/04 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: http://jasonlau.biz/home/ * Software Link: https://wordpress [ more ] [ reply ] Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass 2016-02-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1710 Apple Follow-up ID: 631627909 Video: http://www.vulnerability-lab.com/get_content.php?id=1711 [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2016-034-01) 2016-02-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2016-034-01) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [slackware-security] openssl (SSA:2016-034-03) 2016-02-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2016-034-03) New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] [slackware-security] php (SSA:2016-034-04) 2016-02-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-034-04) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.1 [ more ] [ reply ] [slackware-security] MPlayer (SSA:2016-034-02) 2016-02-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] MPlayer (SSA:2016-034-02) New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ [ more ] [ reply ] AST-2016-002: File descriptor exhaustion in chan_sip 2016-02-04 Asterisk Security Team (security asterisk org) AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data. 2016-02-04 Asterisk Security Team (security asterisk org) AST-2016-001: BEAST vulnerability in HTTP server 2016-02-04 Asterisk Security Team (security asterisk org) [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 2016-02-04 Pedro Ribeiro (pedrib gmail com) Hi, CERT/CC has helped me disclose two vulnerabilities in NETGEAR's Pro"safe" Network Management System 300 [1]. Two classical bugs: one remote code execution via arbitrary file upload and an authenticated arbitrary file download. The full advisory can be seen in my repo at [2] and it is also past [ more ] [ reply ] Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability 2016-02-03 David Coomber (davidcoomber infosec gmail com) Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability -- http://www.info-sec.ca/advisories/Dell-SecureWorks.html Overview "Access your critical Dell SecureWorks security information on the go." "With the Dell SecureWorks Mobile App you can: * Quickly respond to security incidents [ more ] [ reply ] Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability 2016-02-03 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability Advisory ID: cisco-sa-20160203-n9knci Revision 1.0 For Public Release 2016 February 3 16:00 UTC (GMT) +--------------------------------------------------------------------- Sum [ more ] [ reply ] Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability 2016-02-03 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability Advisory ID: cisco-sa-20160203-prsm Revision: 1.0 For Public Release 2016 February 03 16:00 UTC (GMT) +---------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability 2016-02-03 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability Advisory ID: cisco-sa-20160203-apic Revision: 1.0 For Public Release 2016 February 03 16:00 UTC (GMT) +----------------------------------------- [ more ] [ reply ] Security Advisories 2016-02-03 Portcullis Advisories (advisories portcullis-security com) Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300 CVE: CVE-2014-2045 Vendor: Viprinet Product: Multichannel VPN Router 300 Affected version: 2013070830/2013080900 Fixed version: 2014013131/2014020702 Reported by: Tim Brown Details: The data su [ more ] [ reply ] Soso Transfer v1.1 iOS - Denial of Service Vulnerability 2016-02-03 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Soso Transfer v1.1 iOS - Denial of Service Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1703 Release Date: ============= 2016-02-02 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities 2016-02-03 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] SimpleView CRM - Client Side Open Redirect Vulnerability 2016-02-03 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== SimpleView CRM - Client Side Open Redirect Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1668 Release Date: ============= 2016-02-02 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability 2016-02-03 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1464 ID: #14770 Release Date: ============= 2016-02-02 Vulnerability Laboratory ID (VL-ID): ======== [ more ] [ reply ] Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability 2016-02-03 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1705 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID (VL-ID): ========== [ more ] [ reply ] Mezzanine CMS 4.1.0 XSS 2016-02-03 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-XSS.txt Vendor: =================== mezzanine.jupo.org Product: ================ Mezzanine 4.1.0 Mezzanine is an open source CMS built using the python based Dj [ more ] [ reply ] Mezzanine CMS 4.1.0 Arbitrary File Upload 2016-02-03 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-ARBITRARY-FILE- UPLOAD.txt Vendor: =================== mezzanine.jupo.org Product: ================ Mezzanine 4.1.0 Mezzanine is an open source CMS built using th [ more ] [ reply ] ASUS RT-N56U Persistent XSS 2016-02-02 graphx sigaint org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # Exploit Title: ASUS RT-N56U Persistent XSS # Date: 2/2/2016 # Exploit Author: @GraphX # Vendor Homepage: http://asus.com/ # Version: 3.0.0.4.374_239 1 Description: It is possible for an authenticated attacker to bypass input sanitation in the user [ more ] [ reply ] TimeClock - Multiple SQL Injections 2016-02-02 marcelabx gmail com ############################# Exploit Title : Multiple SQL injections Author:Marcela Benetrix Date: 02/03/2016 version: 0.995 (older version may be vulnerable too) software link:http://timeclock-software.net ############################# Timeclock software Timeclock-software.net's free software pr [ more ] [ reply ] MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS 2016-02-02 Onur Yilmaz (onur netsparker com) Information -------------------- Advisory by Netsparker Name: XSS Vulnerability in MailPoet Newsletters Affected Software : MailPoet Newsletters Affected Versions: v2.6.19 and possibly below Vendor Homepage : http://www.mailpoet.com/ Vulnerability Type : Cross-site Scripting Severity : Important CVE [ more ] [ reply ] Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-02-02 Phil Pearl (ppearl zimbra com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Following up inline... On Sat, 30 Jan 2016 12:13:46 +0100, <t.schughart () prosec-networks com> wrote: > Hi@all, > > VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior > versions with DKIM implementation are vulnerable to longterm Mail > [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
CVE-2015-3251: Apache CloudStack VM Credential Exposure
CVSS v2:
6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Vendors:
The Apache Software Foundation
Citrix, Inc.
Versions Afffected:
Apache CloudStack 4.4.4, 4.5.1
Description:
Apache CloudStack provides an AP
[ more ] [ reply ]