XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.
56dc964beea76e30a2f054812239297f424ec6166d368f20527609342894cfc9
XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing "..././" instead of "../".
8e0c7e604227b0d036e3789cef8b9827cdedcbebab054b865cd01c359cf31f18
A certain remote message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.
390aaf7607e85e8afb085d15df6d452b7949bc6e25747b8967ebc5477a0bd05b
XOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.
5671c965146caf650a197ba8bd998b42a8f8678ee755c3c18fe39b0d594be1f2
This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.
5f37e8e3412f1440fa6c6a360ed379f128cc4ea278c023e5f3855760b77ba3a5
The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app's Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package
c530b1e4af62da81fc070ef71c1611d62d2872d39d07e2b965fb3fe3445fd447
Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.
e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73
Ubuntu Security Notice 2935-3 - USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. Various other issues were also addressed.
3e9933c3392df31758f731285c88184afdd9639579d77bb96ea3bdb624d50473
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
485b9171a90d97d3535702a0ede0b959ebbd40967e2461c3bd36d33eeda6ebd6
Debian Linux Security Advisory 3519-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.
83c773cd1a9d89c83c1cadc236dc7ddc69687ff0afc1fa763fc23b17d53cd00c
BigTree version 4.2.8 suffers from object injection and improper filename sanitization.
bb5b9719d7bfbf7cf86fcf58ff69f590fc08931de25d8fc421b05176a6b0c2a3
PivotX version 2.3.11 suffers from a remote shell upload vulnerability.
1fde09f58b26d38b03398935d6085dab67680b1fec165dc098830588ea42a109
PivotX version 2.3.11 suffers from a directory traversal vulnerability.
3dbedc633207c9beff4d14771b22c0d37f76842088d440fe37e3544851054b5e
PivotX version 2.3.11 suffers from a reflective cross site scripting vulnerability.
31d15c80f7f7e46d28b9c663b0fa5fb798008c4de2b256a1cc1dca6b3ec3b485
Zenphoto version 1.4.11 suffers from a remote file inclusion vulnerability.
64bd4c4defecd30504823144287f0037c179633ccaf922731536d159006d337a
OWASP is currently soliciting papers for the OWASP AppSec USA 2016 conference that will take place at the Renaissance in Washington, D.C. October 11th through the 14th, 2016.
ca028335421923ddd06f460662acd29726fc4ad07b6195f52fa8ee3b60b5cbcc