|
|
Colapse all |
Post message
ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability 2015-06-16 Security Alert (Security_Alert emc com) BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability 2015-06-16 d4rkr0id gmail com # Exploit Title: BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability # Date: 2015/06/16 # Vendor Homepage: http://blackcat-cms.org/ # Software Link: http://blackcat-cms.org/temp/packetyzer/blackcatcms_2fo3PXdKj1.zip # Version: v1.1.1 # Tested on: Centos 6.5,PHP 5.4.41 # Category: webapps * D [ more ] [ reply ] [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager 2015-06-15 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: SQL Injection in TYPO3 Extension Akronymmanager An SQL injection vulnerability in the TYPO3 extension "Akronymmanager" allows authenticated attackers to inject SQL statements and thereby read data from the TYPO3 database. Details ======= Product: sb_akronymmanager Affected Versions: <= [ more ] [ reply ] Buffer Overflow in My Wifi Router Software 2015-06-13 sudson08 gmail com Hi there, I have seen a buffer overflow in My Wifi Router software version 1.0 The link of the software is available :- http://mywifirouter.software.informer.com/1.0/ Exploit :- After running the software you will see two places to enter details i.e "Hotspot Name" and "Password". To exploit thi [ more ] [ reply ] [SECURITY] [DSA 3285-1] qemu-kvm security update 2015-06-12 Salvatore Bonaccorso (carnil debian org) [slackware-security] openssl (SSA:2015-162-01) 2015-06-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2015-162-01) New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:10.openssl 2015-06-12 FreeBSD Security Advisories (security-advisories freebsd org) [SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting 2015-06-12 ludwig stage syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-020 Product(s): ZENWorks Mobile Management Vendor: Novell Affected Version(s): 3.1.0 Tested Version(s): 3.1.0 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Open Vendor Notification: 2015-0 [ more ] [ reply ] ZCMS SQL Injection & Persistent XSS 2015-06-12 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt Vendor: ============================================= http://zencherry.com/ http://sourceforge.net/projects/zencherrycms Product: =============== [ more ] [ reply ] [slackware-security] php (SSA:2015-162-02) 2015-06-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2015-162-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.4 [ more ] [ reply ] Nakid-CMS CSRF, Persistent XSS & LFI 2015-06-11 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NAKIDCMS0611.txt Vendor: ================================ http://kilrizzy.github.io/Nakid-CMS/ Product: ================================ kilrizzy-Nakid-CMS-f2 [ more ] [ reply ] [KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability 2015-06-11 Egidio Romano (research karmainsecurity com) ----------------------------------------------------------- Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability ----------------------------------------------------------- [-] Software Link: https://www.concrete5.org/ [-] Affected Versions: Version 5.7.3.1, 5.7.4, and probably other ve [ more ] [ reply ] [KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities 2015-06-11 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ ---- Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities ------------------------------------------------------------------------ ---- [-] Software Link: https://www.concrete5.org/ [-] Affected Versi [ more ] [ reply ] [KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability 2015-06-11 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------- Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability ------------------------------------------------------------------- [-] Software Link: https://www.concrete5.org/ [-] Affected Versions: Version 5.7.3.1 and p [ more ] [ reply ] Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin 2015-06-10 Larry W. Cashdollar (larry0 me com) Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-for ms Vendor: Waters Edge Web Design and Nether [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability 2015-06-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20150611-iosxr Revision 1.0 For Public Release 2015 June 11 16:00 UTC (GMT) +-------------------------------------------------- [ more ] [ reply ] D-Link DSP-W110 - multiple vulnerabilities 2015-06-11 Peter Adkins (peter adkins kernelpicnic net) >> D-Link DSP-W110 - multiple vulnerabilities ---- Discovered by: ---- Peter Adkins <peter.adkins (at) kernelpicnic (dot) net [email concealed]> ---- Access: ---- Local network; unauthenticated access. ---- Tracking and identifiers: ---- CVE - None allocated. ---- Platforms / Firmware confirmed affected: ---- D-Link DSP-W11 [ more ] [ reply ] [security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04686230 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04686230 Version: 1 HPSBUX03337 SS [ more ] [ reply ] Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 2015-06-10 Larry W. Cashdollar (larry0 me com) Title: Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-06 Advisory: http://www.vapid.dhs.org/advisory.php?v=124 Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/ Vendor: https://profiles.w [ more ] [ reply ] XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) 2015-06-11 stasvolfus gmail com Advisory: Adobe Connect Reflected XSS Author: Stas Volfus (Bugsec Information Security LTD) Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect (Central) version: 9.3 is vulnerable to Reflec [ more ] [ reply ] Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability 2015-06-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1323 Video: http://www.vulnerability-lab.com/get_content.php?id=1336 Vulnerability Magazine: http://maga [ more ] [ reply ] Use-After-Free in PHP 2015-06-10 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23262 Product: PHP Vendor: PHP Group Vulnerable Version(s): 5.6.9 and probably prior Tested Version: 5.6.9 Advisory Publication: May 20, 2015 [without technical details] Vendor Notification: May 20, 2015 Vendor Patch: June 2, 2015 Public Disclosure: June 10, 2015 Vulnerability [ more ] [ reply ] Multiple Vulnerabilities in ISPConfig 2015-06-10 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Version(s): 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 [without technical details] Vendor Notification: May 20, 2015 Vendor Patch: June 4, 2015 Public Disclosure: [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability
EMC Identifier: ESA-2015-106
CVE Identifier: CVE-2015-0546
Severity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Affe
[ more ] [ reply ]