Feed aggregator

Persian-woocommerce-sms XSS Vulnerability

BugTraq Latest Security Advisories - April 24, 2016 - 8:55am

Posted by Rahul Pratap Singh on Apr 24

## FULL DISCLOSURE

#Product :Persian-woocommerce-sms
#Exploit Author : Rahul Pratap Singh
#Version :3.3.2
#Home page Link : https://wordpress.org/plugins/persian-woocommerce-sms/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
"ps_sms_numbers" parameter is...
Categories:

Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)

BugTraq Latest Security Advisories - April 24, 2016 - 8:45am

Posted by david . vieira-kurz on Apr 24

CREDITS
========
This issue has been identified by David Vieira-Kurz of Immobilien Scout GmbH.

CVE
====
CVE-2016-3109

AFFECTED PRODUCT
==================
Shopware < 5.1.5 : https://en.shopware.com/

IMPACT
=======
This issue has been triaged with the highest severity (CRITICAL) by the Shopware maintainer because it allows
unauthenticated remote code execution by any attacker! This means that an attacker is able to read ANY files on the...
Categories:

Bugtraq: [security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information

Security Focus Latest Security Advisories - April 24, 2016 - 7:00am
[security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information
Categories:

Bugtraq: [security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information

Security Focus Latest Security Advisories - April 24, 2016 - 7:00am
[security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information
Categories:

Bugtraq: SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator

Security Focus Latest Security Advisories - April 24, 2016 - 7:00am
SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator
Categories:

Bugtraq: SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app

Security Focus Latest Security Advisories - April 24, 2016 - 7:00am
SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app
Categories:

3.18.32: longterm

Linux Kernel Updates - April 23, 2016 - 3:48pm
Version:3.18.32 (longterm) Released:2016-04-23 Source:linux-3.18.32.tar.xz PGP Signature:linux-3.18.32.tar.sign Patch:patch-3.18.32.xz (Incremental) ChangeLog:ChangeLog-3.18.32