|
|
Colapse all |
Post message
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability 2014-12-17 Vulnerability Lab (research vulnerability-lab com) Cross-Site Scripting (XSS) in Revive Adserver 2014-12-17 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Version(s): 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 [without technical details] Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 [ more ] [ reply ] secuvera-SA-2014-01: Reflected XSS in W3 Total Cache 2014-12-17 Tobias Glemser (tglemser secuvera de) FreeBSD Security Advisory FreeBSD-SA-14:30.unbound 2014-12-17 FreeBSD Security Advisories (security-advisories freebsd org) [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities 2014-12-17 Matteo Beccati (php beccati com) [security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution 2014-12-16 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04512907 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04512907 Version: 1 HPSBMU03217 re [ more ] [ reply ] [security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities 2014-12-16 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04530690 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04530690 Version: 1 HPSBOV03226 re [ more ] [ reply ] [security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) 2014-12-16 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04530570 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04530570 Version: 1 HPSBOV03225 re [ more ] [ reply ] [security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information 2014-12-16 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04518605 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04518605 Version: 1 HPSBMU03221 re [ more ] [ reply ] RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability 2014-12-16 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1320 Video: http://www.vulnerability-lab.com/get_content.php?id=1332 Release Date: ============= 2014-12-02 Vu [ more ] [ reply ] Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability 2014-12-16 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability References (Source): ==================== http://vulnerability-lab.com/get_content.php?id=1362 Release Date: ============= 2014-12-04 Vulnerability Laboratory ID (VL-ID): =================================== [ more ] [ reply ] Elefant CMS v1.3.9 - Persistent Name Update Vulnerability 2014-12-16 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Elefant CMS v1.3.9 - Persistent Name Update Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1365 Release Date: ============= 2014-12-03 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability 2014-12-16 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability References (Source): ==================== http://vulnerability-lab.com/get_content.php?id=1357 Release Date: ============= 2014-12-02 Vulnerability Laboratory ID (VL-ID): =================================== [ more ] [ reply ] iWifi for Chat v1.1 iOS - Denial of Service Vulnerability 2014-12-16 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== iWifi for Chat v1.1 iOS - Denial of Service Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1375 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface 2014-12-16 Mazin Ahmed (mazen150 hotmail com) #### # Title: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface # Author: Mazin Ahmed ## # Date of Discovering: October 6th, 2014 # Date of Reporting to the Vendor: October 7th, 2014 # Date of Releasing a Patch: December 9th, 2014 ## # Vulnerability Type: Cross-Site Re [ more ] [ reply ] [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA 2014-12-16 Onapsis Research Labs (research onapsis com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2014-034: SAP Business Objects Search Token Privilege Escalation via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote and potentially unauthenticated attacker would be able [ more ] [ reply ] "Ettercap 8.0 - 8.1" multiple vulnerabilities 2014-12-16 Nick Sampanis (n sampanis obrela com) "Ettercap 8.0 - 8.1" multiple vulnerabilities Description ------------------------------------------------------------ Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: [ more ] [ reply ] [SE-2014-02] Google App Engine Java security sandbox bypasses (status update) 2014-12-16 Security Explorations (contact security-explorations com) Hello All, We would like to provide a status update to the initial announcement [1] made a week ago regarding our SE-2014-02 security research project targeting Google App Engine for Java. Information regarding vulnerabilities and associated PoC codes (Issues 1-22 / unconfirmed Issues 23-35) was [ more ] [ reply ] CA20141215-01: Security Notice for CA LISA Release Automation 2014-12-15 Williams, Ken (Ken Williams ca com) -----BEGIN PGP SIGNED MESSAGE----- CA20141215-01: Security Notice for CA LISA Release Automation Issued: December 15, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities in CA Release Automation (formerly CA LISA Release Automation, change effective 2014-09- [ more ] [ reply ] Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701 2014-12-15 steffen roesemann1986 gmail com Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description: ============= [ more ] [ reply ] Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01] 2014-12-15 modzero (security modzero ch) Merry Christmas. --------------------------------------------------------------------- http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt --------------------------------------------------------------------- modzero Security Advisory: Vulnerabilities in Ekahau Real-Time Location Syste [ more ] [ reply ] [SECURITY] [DSA 3103-1] libyaml-libyaml-perl security update 2014-12-13 Salvatore Bonaccorso (carnil debian org) Defense in depth -- the Microsoft way (part 23): two quotes or not to quote... 2014-12-13 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, some Windows commands/programs fail when (one of) their command line argument(s) is/are enclosed in quotes; for example: %SystemRoot%\System32\FontView.Exe "<pathname>.TTF" %SystemRoot%\System32\FONTVIEW.Exe /P "<filename>.TTF" %SystemRoot%\System32\RunDLL32.Exe %SystemRoot%\System32\Setup [ more ] [ reply ] |
|
Privacy Statement |
===============
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1372
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9334
CVE-ID:
=======
CVE-2014-9334
Release Date:
=
[ more ] [ reply ]