Cross-Site Scripting in Calendar WordPress Plugin

2016-11-08 Thread Summer of Pwnage
Cross-Site Scripting in Calendar WordPress Plugin Remco Vermeulen, July 2016

Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin

2016-11-08 Thread Summer of Pwnage
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Burak Kelebek, October 2016

Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin

2016-11-08 Thread Summer of Pwnage
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin Yorick Koster, July 2016

Cross Site Scripting Vulnerability In Verint Impact 360

2016-11-08 Thread sanehsingh
Overview * Title : Cross Site Scripting Vulnerability In Verint Impact 360 * Author: Sanehdeep Singh * Plugin Homepage: http://www.verint.com * Severity: Medium * Version Affected: 11.1 * Version patched: Patches available. Contact Vendor Description === About the Product

[SECURITY] [DSA 3707-1] openjdk-7 security update

2016-11-08 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3707-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2016

[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow

2016-11-08 Thread Pedro Ribeiro
tl;dr A stack bof in several Dlink routers, which can be exploited by an unauthenticated attacker in the LAN. There is no patch as Dlink did not respond to CERT's requests. As usual, a Metasploit module is in the queue (see [9] below) and should hopefully be integrated soon. The interesting

[security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution

2016-11-08 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05325836 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05325836 Version: 1 HPSBGN03643 rev.1 - HPE

Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability

2016-11-08 Thread Vulnerability Lab
Document Title: === Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1931 Release Date: = 2016-11-07 Vulnerability Laboratory ID (VL-ID):

Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability

2016-11-08 Thread Vulnerability Lab
Document Title: === Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1871 Release Date: = 2016-11-04 Vulnerability Laboratory ID (VL-ID):

Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability

2016-11-08 Thread Vulnerability Lab
Document Title: === Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1870 Release Date: = 2016-11-03 Vulnerability Laboratory ID (VL-ID):

Faraznet Cms Cross-Site Scripting Vulnerability

2016-11-08 Thread iedb . team
Cross-Site Scripting in Faraznet Cms Version 4.x ### # Faraznet Cms Cross-Site Scripting Vulnerability ### # # Iranian Exploit DataBase And Security Team - iedb.ir # Title : Faraznet Cms Cross-Site Scripting

Faraznet Cms Cross-Site Scripting Vulnerability

2016-11-08 Thread iedb . team
Cross-Site Scripting in Faraznet Cms Version 4.x ### # Faraznet Cms Cross-Site Scripting Vulnerability ### # # Iranian Exploit DataBase And Security Team - iedb.ir # Title : Faraznet Cms Cross-Site Scripting

WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow

2016-11-08 Thread apparitionsec
[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txt [+] ISR: Apparition Security Vendor: www.labf.com Product: WinaXe v7.7 FTP

Axessh 4.2.2 Denial Of Service

2016-11-08 Thread apparitionsec
[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: www.labf.com Product: = Axessh 4.2.2 Axessh is a SSH client. It is

Rapid PHP Editor CSRF Remote Command Execution

2016-11-08 Thread apparitionsec
[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt [+] ISR: Apparition Security Vendor: == www.rapidphpeditor.com Product:

[security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting

2016-11-08 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05325823 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05325823 Version: 1 HPSBGN03656 rev.1 - HPE

[security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution

2016-11-08 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05325811 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05325811 Version: 1 HPSBGN03657 rev.1 - HPE