|
|
Colapse all |
Post message
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities 2015-01-10 Pietro Oliva (pietroliva gmail com) [security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities 2015-01-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04533567 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04533567 Version: 1 HPSBOV03227 re [ more ] [ reply ] Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities 2015-01-09 dan montala com Hi, I'm from Montala - we head up ResourceSpace development. Just to add an update - we believe all issues have been fixed in the ResourceSpace Subversion repository. In fact the majority were fixed some time ago however the original submitter was checking against an older version. We aim to rele [ more ] [ reply ] [security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2015-01-06 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04468121 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04468121 Version: 3 HPSBMU03118 r [ more ] [ reply ] Brother MFC Administration Reflected Cross-Site Scripting 2015-01-07 vulns dionach com Class Cross-Site Scripting Remote Yes Disclosed 9th October 2014 Published 7th January 2015 Credit Dave Daly of Dionach (vulns (at) dionach (dot) com [email concealed]) Confirmed Vulnerable Brother MFC-J4410DW with F/W Versions J and K The printer administration web application on Brother MFC-J4410DW model printers with firmwa [ more ] [ reply ] Self-XSS in Microsoft Dynamics CRM 2013 SP1 2015-01-07 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23245 Product: Microsoft Dynamics CRM 2013 SP1 Vendor: Microsoft Corporation Vulnerable Version(s): (6.1.1.132) (DB 6.1.1.132) and probably prior Tested Version: (6.1.1.132) (DB 6.1.1.132) Advisory Publication: December 29, 2014 [without technical details] Vendor Notification: Dece [ more ] [ reply ] ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities 2015-01-06 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1392 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities 2015-01-05 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities EMC Identifier: ESA-2014-180 CVE Identifier: CVE-2014-4635, CVE-2014-4636, CVE-2014-4637, CVE-2014-4638, CVE-2014-4639 Severity Rating: See below for individual scores f [ more ] [ reply ] [SECURITY] [DSA 3119-1] libevent security update 2015-01-06 Salvatore Bonaccorso (carnil debian org) |
|
Privacy Statement |
vulnerabilities
Author: Pietro Oliva
CVE: CVE-2014-7956, CVE-2014-7957
Product: pods
Affected version: pods <= 2.4.3
Vulnerabilities fixed in version: 2.5
XSS vulnerability (CVE-2014-7956, authentication is needed):
h
[ more ] [ reply ]