Feed aggregator

Mezzanine CMS 4.1.0 XSS

BugTraq Latest Security Advisories - February 3, 2016 - 4:10am

Posted by hyp3rlinx on Feb 03

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-XSS.txt

Vendor:
===================
mezzanine.jupo.org

Product:
================
Mezzanine 4.1.0

Mezzanine is an open source CMS built using the python based Django framework.

Vulnerability Type:
===================
XSS

CVE Reference:
==============
N/A

Vulnerability Details:
=====================

XSS entry...
Categories:

Mezzanine CMS 4.1.0 Arbitrary File Upload

BugTraq Latest Security Advisories - February 3, 2016 - 3:54am

Posted by hyp3rlinx on Feb 03

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-ARBITRARY-FILE-UPLOAD.txt

Vendor:
===================
mezzanine.jupo.org

Product:
================
Mezzanine 4.1.0

Mezzanine is an open source CMS built using the python based Django framework.

Vulnerability Type:
=====================
Arbitrary File Upload

CVE Reference:
==============
N/A

Vulnerability...
Categories:

ASUS RT-N56U Persistent XSS

BugTraq Latest Security Advisories - February 3, 2016 - 3:39am

Posted by graphx on Feb 03

# Exploit Title: ASUS RT-N56U Persistent XSS
# Date: 2/2/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://asus.com/
# Version: 3.0.0.4.374_239

1 Description:
It is possible for an authenticated attacker to bypass input sanitation in
the username input field of the Server Center page. An interception proxy
is not required with the use of the developer console and changing the
field value of the username after the third verification task...
Categories:

TimeClock - Multiple SQL Injections

BugTraq Latest Security Advisories - February 3, 2016 - 3:24am

Posted by marcelabx on Feb 03

#############################
Exploit Title : Multiple SQL injections
Author:Marcela Benetrix
Date: 02/03/2016
version: 0.995 (older version may be vulnerable too)
software link:http://timeclock-software.net

#############################
Timeclock software

Timeclock-software.net's free software product will be a simple solution to allow your employees to record their time
in one central location for easy access....
Categories:

[SECURITY] [DSA 3465-1] openjdk-6 security update

BugTraq Latest Security Advisories - February 3, 2016 - 3:14am

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-3465-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-6
CVE ID : CVE-2015-7575 CVE-2016-0402...
Categories:

Bugtraq: MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS

Security Focus Latest Security Advisories - February 3, 2016 - 3:00am
MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS
Categories:

Bugtraq: Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability

Security Focus Latest Security Advisories - February 3, 2016 - 3:00am
Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability
Categories:

Bugtraq: WebKitGTK+ Security Advisory WSA-2016-0001

Security Focus Latest Security Advisories - February 3, 2016 - 3:00am
WebKitGTK+ Security Advisory WSA-2016-0001
Categories:

Bugtraq: File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities

Security Focus Latest Security Advisories - February 3, 2016 - 3:00am
File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities
Categories:

next-20160203: linux-next

Linux Kernel Updates - February 3, 2016 - 12:13am
Version:next-20160203 (linux-next) Released:2016-02-03

MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS

BugTraq Latest Security Advisories - February 2, 2016 - 1:43pm

Posted by Onur Yilmaz on Feb 02

Information
--------------------
Advisory by Netsparker
Name: XSS Vulnerability in MailPoet Newsletters
Affected Software : MailPoet Newsletters
Affected Versions: v2.6.19 and possibly below
Vendor Homepage : http://www.mailpoet.com/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID : TBA
Status : Fixed
Netsparker Advisory Reference : NS-16-001

Description
--------------------
By exploiting a Cross-site scripting...
Categories:

Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability

BugTraq Latest Security Advisories - February 2, 2016 - 1:29pm

Posted by Phil Pearl on Feb 02

Following up inline...

Note: A quick search would show that Zimbra is, two parents, and more
than two years removed from VMware[1]. We're a part of Synacor[2] now.
[1] https://www.vmware.com/products/zimbra
[2] http://investor.synacor.com/releasedetail.cfm?ReleaseID=928079

It is also relevant to point out that Zimbra uses OpenDKIM with
Amavisd-new.

The issue(s) may be a bit more generic than this report seems to
indicate, or...
Categories: