Feed aggregator

Bugtraq: CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]

CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]
Categories:

DbNinja 3.2.6 Flash XSS Vulnerabilities

BugTraq Latest Security Advisories - May 28, 2015 - 6:25am

Posted by apparitionsec on May 28

# Exploit Title: DbNinja Flash XSS Exploit
# Google Dork: intitle: Flash XSS
# Date: May 27, 2015
# Exploit Author: John Page (hyp3rlinx)
# Website: hyp3rlinx.altervista.org
# Vendor Homepage: www.dbninja.com
# Software Link: www.dbninja.com
# Version: 3.2.6
# Tested on: Windows 7
# Category: Flash XSS
# CVE : NA

Source:
http://hyp3rlinx.altervista.org/advisories/AS-DBNINJA0527.txt

Product:
DbNinja is a web based application for MySQL database...
Categories:

DbNinja 3.2.6 Flash XSS Vulnerabilities

BugTraq Latest Security Advisories - May 28, 2015 - 6:18am

Posted by apparitionsec on May 28

# Exploit Title: DbNinja Flash XSS Exploit
# Google Dork: intitle: Flash XSS
# Date: May 27, 2015
# Exploit Author: John Page (hyp3rlinx)
# Website: hyp3rlinx.altervista.org
# Vendor Homepage: www.dbninja.com
# Software Link: www.dbninja.com
# Version: 3.2.6
# Tested on: Windows 7
# Category: Flash XSS
# CVE : NA

Source:
http://hyp3rlinx.altervista.org/advisories/AS-DBNINJA0527.txt

Product:
DbNinja is a web based application for MySQL database...
Categories:

[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement

BugTraq Latest Security Advisories - May 27, 2015 - 1:43pm

Posted by Onapsis Research Labs on May 27

Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information
Disclosure via SQL IMPORT FROM statement

1. Impact on Business
=====================

Under certain conditions some SAP HANA Database commands could be
abused by a remote authenticated attacker to access information which
is restricted.
This could be used to gain access to confidential information.

Risk Level: Medium

2. Advisory Information
=======================

- Public...
Categories:

[Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability

BugTraq Latest Security Advisories - May 27, 2015 - 1:35pm

Posted by Onapsis Research Labs on May 27

Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection
Vulnerability

1. Impact on Business
=====================

Under certain conditions the SAP HANA XS engine is vulnerable to
arbitrary log
injection, allowing remote authenticated attackers to write arbitrary
information in log files.
This could be used to corrupt log files or add fake content misleading
an administrator.

Risk Level: Medium

2. Advisory Information...
Categories:

Bugtraq: [SECURITY] [DSA 3268-2] ntfs-3g security update

[SECURITY] [DSA 3268-2] ntfs-3g security update
Categories:

Bugtraq: [SECURITY] [DSA 3273-1] tiff security update

[SECURITY] [DSA 3273-1] tiff security update
Categories:

Bugtraq: Synology Photo Station multiple Cross-Site Scripting vulnerabilities

Synology Photo Station multiple Cross-Site Scripting vulnerabilities
Categories:

Bugtraq: Reflected Cross-Site Scripting in Synology DiskStation Manager

Reflected Cross-Site Scripting in Synology DiskStation Manager
Categories:

Bugtraq: Command injection vulnerability in Synology Photo Station

Command injection vulnerability in Synology Photo Station
Categories:

Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability

BugTraq Latest Security Advisories - May 27, 2015 - 6:23am

Posted by David Coomber on May 27

Thycotic Password Manager Secret Server iOS Application - MITM SSL
Certificate Vulnerability
Categories:

[SECURITY] [DSA 3268-2] ntfs-3g security update

BugTraq Latest Security Advisories - May 27, 2015 - 6:14am

Posted by Salvatore Bonaccorso on May 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3268-2 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
May 26, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ntfs-3g
CVE ID : CVE-2015-3202
Debian Bug :...
Categories:

CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]

BugTraq Latest Security Advisories - May 27, 2015 - 6:06am

Posted by pan . vagenas on May 27

# Exploit Title: WordPress Free Counter Plugin [Stored XSS]
# Date: 2015/05/25
# Exploit Author: Panagiotis Vagenas
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://www.free-counter.org
# Software Link: https://wordpress.org/plugins/free-counter/
# Version: 1.1
# Tested on: WordPress 4.2.2
# Category: webapps
# CVE: CVE-2015-4084

1. Description

Any authenticated or non-authenticated user can perform a stored XSS attack simply...
Categories:

next-20150527: linux-next

Linux Kernel Updates - May 27, 2015 - 3:49am
Version:next-20150527 (linux-next) Released:2015-05-27

[SECURITY] [DSA 3273-1] tiff security update

BugTraq Latest Security Advisories - May 26, 2015 - 5:58am

Posted by Moritz Muehlenhoff on May 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3273-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tiff
CVE ID : CVE-2014-8127 CVE-2014-8128...
Categories:

Bugtraq: [SECURITY] [DSA 3265-2] zendframework regression update

[SECURITY] [DSA 3265-2] zendframework regression update
Categories:

next-20150526: linux-next

Linux Kernel Updates - May 26, 2015 - 3:14am
Version:next-20150526 (linux-next) Released:2015-05-26

Synology Photo Station multiple Cross-Site Scripting vulnerabilities

BugTraq Latest Security Advisories - May 25, 2015 - 10:09am

Posted by Securify B.V. on May 25

------------------------------------------------------------------------
Synology Photo Station multiple Cross-Site Scripting vulnerabilities
------------------------------------------------------------------------
Han Sahin, May 2015

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple reflected Cross-Site scripting vulnerabilities...
Categories:

Bugtraq: [SECURITY] [DSA 3272-1] ipsec-tools security update

[SECURITY] [DSA 3272-1] ipsec-tools security update
Categories:

Reflected Cross-Site Scripting in Synology DiskStation Manager

BugTraq Latest Security Advisories - May 25, 2015 - 9:59am

Posted by Securify B.V. on May 25

------------------------------------------------------------------------
Reflected Cross-Site Scripting in Synology DiskStation Manager
------------------------------------------------------------------------
Han Sahin, May 2015

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A reflected Cross-Site scripting vulnerability was found in...
Categories: