View online: https://drupal.org/node/2216607
* Advisory ID: DRUPAL-SA-CONTRIB-2014-031
* Project: Webform Template [1] (third-party module)
* Version: 7.x
* Date: 2014-March-12
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access Bypass
--
I. VULNERABILITY
-
Multiplus XSS in Proxmox Mail Gateway 3.1
II. BACKGROUND
-
Proxmox Mail Gateway helps you protect your business against all email
threats like spam, viruses, phishing and trojans at the moment they
emerge. The flexible archit
View online: https://drupal.org/node/2216269
* Advisory ID: DRUPAL-SA-CONTRIB-2014-030
* Project: SexyBookmarks [1] (third-party module)
* Version: 6.x
* Date: 2014-March-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2876-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
March 12, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2875-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
March 12, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2874-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
March 12, 2014
Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem
Author: Larry W. Cashdollar, @_larry0
Download Site: http://rubygems.org/gems/Arabic-Prawn
CVE: 2014-2322
Date: 12/17/2013
In Arabic-Prawn-0.0.1/lib/string_utf_support.rb, the following lines pass
unsanitized input to the shell.
4
CVE-2014-1686 -- Information disclosure: webserver source path in
Mediawiki 1.18.0
When a user create a new file (eg: image) with a name containing *, it
leads to webserver file path disclosure, after having uploaded the file,
when thumbail creation occurs.
I did not succeed in obtained remote sh
Vulnerability title: Local File Inclusion in Vtiger CRM
CVE: CVE-2014-1222
Vendor: Vtiger
Product: CRM
Affected version: Vtiger CRM 5.4.0, 6.0 RC & 6.0.0 GA
Fixed version: Vtiger CRM 6.0.0 Security patch 1
Reported by: Jerzy Kramarz
Details:
A local file inclusion vulnerability was discovered in
Vulnerability title: SQL Injection in Procentia IntelliPen
CVE: CVE-2014-2043
Vendor: Procentia
Product: IntelliPen
Affected version: 1.1.12.1520
Fixed version: 1.1.18.1658
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an
authenticated user.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-1904 XSS when using Spring MVC
Severity: Moderate
Vendor: Spring by Pivotal
Versions Affected:
- - Spring MVC 3.0.0 to 3.2.8
- - Spring MVC 4.0.0 to 4.0.1
- - Earlier unsupported versions may be affected
Description:
When a programmer does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0097 Blank password may bypass user authentication
Severity: Important
Vendor: Spring by Pivotal
Versions Affected:
- - Spring Security 3.2.0 to 3.2.1
- - Spring Security 3.1.0 to 3.1.5
Description:
The ActiveDirectoryLdapAuthenticator doe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0054 Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)
Severity: Important
Vendor: Spring by Pivotal
Versions Affected:
- - Spring MVC 3.0.0 to 3.2.8
- - Spring MVC 4.0.0 to 4.0.1
- - Earlier unsupported versions may be affected
Descr
Summary
This advisory concerns the forced disclosure of 2 vulnerabilities that were
previously disclosed to BlackBerry. Disclosure has been forced since these
vulnerabilities have been publicly disclosed (with PoC) on the exploit-db
web site.
Two local privilege escalation vulnerabilities have b
14 matches
Mail list logo
