Feed aggregator

Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability

BugTraq Latest Security Advisories - April 25, 2016 - 8:18am

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1769

Release Date:
=============
2016-04-08

Vulnerability Laboratory ID (VL-ID):
====================================
1769

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...
Categories:

C & C++ for OS - Filter Bypass & Persistent Vulnerability

BugTraq Latest Security Advisories - April 25, 2016 - 8:09am

Posted by Vulnerability Lab on Apr 25

Document Title:
===============
C & C++ for OS - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1825

Release Date:
=============
2016-04-14

Vulnerability Laboratory ID (VL-ID):
====================================
1825

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...
Categories:

Telisca IPS Lock 2 Vulnerability

BugTraq Latest Security Advisories - April 25, 2016 - 7:59am

Posted by karim reda Fakhir on Apr 25

a vulnerability in IPS LOCK , below is the description :

# Exploit Title: TELISCA IPS LOCK ABUSE
# Date: 13/01/2016
# Software Link: http://www.telisca.com/products/ip-phone-apps/ipslock/
# Exploit Author: Fakhir Karim Reda
# Contact: karim.fakhir () gmail com
# Metasploit module :
https://www.rapid7.com/db/modules/auxiliary/voip/telisca_ips_lock_control
# Publicly disclosed via Metaploit PR 'URL',
'...
Categories:

Bugtraq: [SECURITY] [DSA 3556-1] libgd2 security update

Security Focus Latest Security Advisories - April 25, 2016 - 7:00am
[SECURITY] [DSA 3556-1] libgd2 security update
Categories:

Bugtraq: [SECURITY] [DSA 3555-1] imlib2 security update

Security Focus Latest Security Advisories - April 25, 2016 - 7:00am
[SECURITY] [DSA 3555-1] imlib2 security update
Categories:

Bugtraq: Unlimited Pop-Ups WordPress Plugin XSS Vulnerability

Security Focus Latest Security Advisories - April 25, 2016 - 7:00am
Unlimited Pop-Ups WordPress Plugin XSS Vulnerability
Categories:

Bugtraq: CM-AD-Changer XSS Vulnerability

Security Focus Latest Security Advisories - April 25, 2016 - 7:00am
CM-AD-Changer XSS Vulnerability
Categories:

4.6-rc5: mainline

Linux Kernel Updates - April 24, 2016 - 6:17pm
Version:4.6-rc5 (mainline) Released:2016-04-24 Source:linux-4.6-rc5.tar.xz PGP Signature:linux-4.6-rc5.tar.sign Patch:patch-4.6-rc5.xz

Bugtraq: Easy Social Share Buttons for WordPress XSS Vulnerability

Security Focus Latest Security Advisories - April 24, 2016 - 11:00am
Easy Social Share Buttons for WordPress XSS Vulnerability
Categories:

[SECURITY] [DSA 3556-1] libgd2 security update

BugTraq Latest Security Advisories - April 24, 2016 - 10:08am

Posted by Salvatore Bonaccorso on Apr 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3556-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libgd2
CVE ID : CVE-2016-3074
Debian Bug :...
Categories:

[SECURITY] [DSA 3555-1] imlib2 security update

BugTraq Latest Security Advisories - April 24, 2016 - 10:01am

Posted by Alessandro Ghedini on Apr 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3555-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
April 23, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imlib2
CVE ID : CVE-2011-5326 CVE-2014-9771...
Categories:

Unlimited Pop-Ups WordPress Plugin XSS Vulnerability

BugTraq Latest Security Advisories - April 24, 2016 - 9:53am

Posted by Rahul Pratap Singh on Apr 24

## FULL DISCLOSURE

#Product : Unlimited Pop-Ups WordPress Plugin
#Exploit Author : Rahul Pratap Singh
#Version : 1.4.3
#Home page Link :
http://codecanyon.net/item/unlimited-popups-wordpress-plugin/8575498
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
"callback,...
Categories:

CM-AD-Changer XSS Vulnerability

BugTraq Latest Security Advisories - April 24, 2016 - 9:43am

Posted by Rahul Pratap Singh on Apr 24

## FULL DISCLOSURE

#Product : cm-ad-changer
#Exploit Author : Rahul Pratap Singh
#Version :1.7.2
#Home page Link : https://wordpress.org/plugins/cm-ad-changer/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
Following parameters are not sanitized that leads to XSS...
Categories:

Easy Social Share Buttons for WordPress XSS Vulnerability

BugTraq Latest Security Advisories - April 24, 2016 - 9:33am

Posted by Rahul Pratap Singh on Apr 24

## FULL DISCLOSURE

#Product :Easy Social Share Buttons for WordPress
#Exploit Author : Rahul Pratap Singh
#Version :3.2.5
#Home page Link :
http://codecanyon.net/item/easy-social-share-buttons-for-wordpress/6394476
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------...
Categories:

Google SEO Pressor Snippet Plugin XSS Vulnerability

BugTraq Latest Security Advisories - April 24, 2016 - 9:24am

Posted by Rahul Pratap Singh on Apr 24

## FULL DISCLOSURE

#Product : Google SEO Pressor Snippet Plugin
#Exploit Author : Rahul Pratap Singh
#Version :1.2.6
#Home page Link : https://wordpress.org/plugins/google-seo-author-snippets/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
Following parameters are...
Categories:

Echosign Plugin for WordPress XSS Vulnerability

BugTraq Latest Security Advisories - April 24, 2016 - 9:14am

Posted by Rahul Pratap Singh on Apr 24

## FULL DISCLOSURE

#Product : Echosign Plugin
#Exploit Author : Rahul Pratap Singh
#Version :1.1
#Home page Link : https://wordpress.org/plugins/echosign/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
"Page" and "id" parameters are not sanitized...
Categories:

Tweet-wheel XSS Vulnerability

BugTraq Latest Security Advisories - April 24, 2016 - 9:05am

Posted by Rahul Pratap Singh on Apr 24

## FULL DISCLOSURE

#Product :Tweet-wheel
#Exploit Author : Rahul Pratap Singh
#Version :1.0.3.2
#Home page Link : https://wordpress.org/plugins/tweet-wheel/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
Following parameters are not sanitized that leads to XSS...
Categories:

Persian-woocommerce-sms XSS Vulnerability

BugTraq Latest Security Advisories - April 24, 2016 - 8:55am

Posted by Rahul Pratap Singh on Apr 24

## FULL DISCLOSURE

#Product :Persian-woocommerce-sms
#Exploit Author : Rahul Pratap Singh
#Version :3.3.2
#Home page Link : https://wordpress.org/plugins/persian-woocommerce-sms/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
"ps_sms_numbers" parameter is...
Categories:

Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)

BugTraq Latest Security Advisories - April 24, 2016 - 8:45am

Posted by david . vieira-kurz on Apr 24

CREDITS
========
This issue has been identified by David Vieira-Kurz of Immobilien Scout GmbH.

CVE
====
CVE-2016-3109

AFFECTED PRODUCT
==================
Shopware < 5.1.5 : https://en.shopware.com/

IMPACT
=======
This issue has been triaged with the highest severity (CRITICAL) by the Shopware maintainer because it allows
unauthenticated remote code execution by any attacker! This means that an attacker is able to read ANY files on the...
Categories:

3.18.32: longterm

Linux Kernel Updates - April 23, 2016 - 3:48pm
Version:3.18.32 (longterm) Released:2016-04-23 Source:linux-3.18.32.tar.xz PGP Signature:linux-3.18.32.tar.sign Patch:patch-3.18.32.xz (Incremental) ChangeLog:ChangeLog-3.18.32