|
|
Colapse all |
Post message
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege 2015-12-07 Stefan Kanthak (stefan kanthak nexgo de) Command Injection in cool-video-gallery v1.9 Wordpress plugin 2015-12-07 Larry Cashdollar (larry0 me com) Title: Command Injection in cool-video-gallery v1.9 Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-11-29 Download Site: https://wordpress.org/plugins/cool-video-gallery/ Vendor: https://profiles.wordpress.org/praveen-rajan/ Vendor Notified: 2015-11-30 Vendor Contact: https://word [ more ] [ reply ] [SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79) 2015-12-07 disclosure syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-047 Product: sysPass Vendor: http://cygnux.org/ Affected Version(s): 1.1.2.23 and below Tested Version(s): 1.1.2.23 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Fixed Vendor Notification: [ more ] [ reply ] Edimax BR-6478AC & Others Multiple Vulnerabilites 2015-12-07 mwinstead3790 gmail com * Exploit Title: Edimax BR-6478AC & Others Mutiple root-level execution vulnerabilities * Discovery Date: 2015/06 * Public Disclosure Date: 2015/12/06 * Vulnerability Author: Michael Winstead * Vendor Homepage: http://www.edimax.com/edimax/global/ * Category: embedded routers Description ========== [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:26.openssl 2015-12-05 FreeBSD Security Advisories (security-advisories freebsd org) KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass 2015-12-04 KoreLogic Disclosures (disclosures korelogic com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass Title: Linksys EA6100 Wireless Router Authentication Bypass Advisory ID: KL-001-2015-006 Publication Date: 2015.12.04 Publication URL: https://www.korelogic.com/Resources/Advisori [ more ] [ reply ] [security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution 2015-12-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04907374 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04907374 Version: 1 HPSBGN03525 r [ more ] [ reply ] ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability 2015-12-03 Security Alert (Security_Alert emc com) [slackware-security] mozilla-thunderbird (SSA:2015-337-02) 2015-12-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2015-337-02) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] [slackware-security] libpng (SSA:2015-337-01) 2015-12-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2015-337-01) New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] Ellucian Banner Student Vulnerability Disclosure 2015-12-02 sean dillon risksense com Previous CVEs for Banner Student were filed under vendor SunGard. All vulnerabilities are fixed in patch pcr-000134142_bws8070102, in latest version of the product (8.7.1.2) as of November 26, 2015. ----- Product: Banner Student Vendor: Ellucian Company L.P. Vulnerable Version: 8.5.1.2 - 8.7 Teste [ more ] [ reply ] WordPress Users Ultra Plugin [Persistence XSS] 2015-12-02 pan vagenas gmail com * Exploit Title: WordPress Users Ultra Plugin [Persistence XSS] * Discovery Date: 2015/10/20 * Public Disclosure Date: 2015/12/01 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: http://usersultra.com * Software Link: https://wordpress.org/plugins/use [ more ] [ reply ] WordPress Users Ultra Plugin [Blind SQL injection] 2015-12-02 pan vagenas gmail com * Exploit Title: WordPress Users Ultra Plugin [Blind SQL injection] * Discovery Date: 2015/10/19 * Public Disclosure Date: 2015/12/01 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: http://usersultra.com * Software Link: https://wordpress.org/plugins [ more ] [ reply ] Gnome Nautilus [Denial of Service] 2015-12-02 pan vagenas gmail com * Exploit Title: Gnome Nautilus [Denial of Service] * Discovery Date: 2015/10/27 * Public Disclosure Date: 2015/12/01 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: https://www.gnome.org/ * Software Link: https://wiki.gnome.org/Apps/Nautilus * Versi [ more ] [ reply ] Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin 2015-12-02 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23274 Product: Calls to Action WordPress plugin Vendor: InboundNow Vulnerable Version(s): 2.4.3 and probably prior Tested Version: 2.4.3 Advisory Publication: October 7, 2015 [without technical details] Vendor Notification: October 7, 2015 Vendor Patch: October 27, 2015 Public Di [ more ] [ reply ] Reflected XSS in Ultimate Member WordPress Plugin 2015-12-02 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23277 Product: Ultimate Member WordPress plugin Vendor: Ultimate Member Vulnerable Version(s): 1.3.28 and probably prior Tested Version: 1.3.28 Advisory Publication: October 29, 2015 [without technical details] Vendor Notification: October 29, 2015 Vendor Patch: October 31, 2015 [ more ] [ reply ] Remote File Inclusion in Gwolle Guestbook WordPress Plugin 2015-12-02 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23275 Product: Gwolle Guestbook WordPress Plugin Vendor: Marcel Pol Vulnerable Version(s): 1.5.3 and probably prior Tested Version: 1.5.3 Advisory Publication: October 14, 2015 [without technical details] Vendor Notification: October 14, 2015 Vendor Patch: October 16, 2015 Public [ more ] [ reply ] Reflected XSS in Role Scoper WordPress Plugin 2015-12-02 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23276 Product: Role Scoper WordPress plugin Vendor: Kevin Behrens Vulnerable Version(s): 1.3.66 and probably prior Tested Version: 1.3.66 Advisory Publication: October 29, 2015 [without technical details] Vendor Notification: October 29, 2015 Vendor Patch: October 29, 2015 Pub [ more ] [ reply ] Reflected Cross-Site Scripting (XSS) in SourceBans 2015-12-02 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23273 Product: SourceBans Vendor: Sourcebans team Vulnerable Version(s): 1.4.11 and probably prior Tested Version: 1.4.11 Advisory Publication: October 2, 2015 [without technical details] Vendor Notification: October 2, 2015 Public Disclosure: October 22, 2015 Vulnerability Type: [ more ] [ reply ] Zenphoto 1.4.10 Local File Inclusion 2015-12-02 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ZEN-PHOTO-1.4.10-LFI.txt Vendor: ==================== www.zenphoto.org Product: =================== Zenphoto 1.4.10 Vulnerability Type: ======================== Local File [ more ] [ reply ] Zenphoto 1.4.10 XSS Vulnerability 2015-12-01 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ZEN-PHOTO-1.4.10-XSS.txt Vendor: ==================== www.zenphoto.org Product: =================== Zenphoto 1.4.10 Vulnerability Type: ========================== Cross si [ more ] [ reply ] [SECURITY] [DSA 3408-1] gnutls26 security update 2015-12-01 Salvatore Bonaccorso (carnil debian org) Huawei Wimax routers vulnerable to multiple threats 2015-11-30 Pierre Kim (pierre kim sec gmail com) Hello, Please find a text-only version below sent to security mailing-lists. The html version on analysing the vulnerabilities in Huawei Wimax routers is posted here: https://pierrekim.github.io/blog/2015-12-01-Huawei-Wimax-routers-vulnera ble-to-multiple-threats.html === text-version of the [ more ] [ reply ] |
|
Privacy Statement |
the executable installers [°] of all versions of SumatraPDF (see
<http://www.sumatrapdfreader.org/free-pdf-reader-de.html>) are
vulnerable:
1. On Windows Embedded POSReady 2009 (alias Windows XP SP3) the
installer of the current version 3.1.1 loads and executes a
rogue/bogus/maliciou
[ more ] [ reply ]