Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.
Monthly Archives: October 2015
PHP Server Monitor 3.1.1 Privilege Escalation
PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.
PHP Server Monitor 3.1.1 Cross Site Request Forgery
PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.
eBay Magento XXE Injection
eBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.
Pligg CMS 2.0.2 SQL Injection
Pligg CMS version 2.0.2 suffers from multiple remote SQL injection vulnerabilities.
Pligg CMS 2.0.2 Directory Traversal
Pligg CMS version 2.0.2 suffers from a directory traversal vulnerability.
Pligg CMS 2.0.2 CSRF / Code Execution
Pligg CMS version 2.0.2 suffers from code execution and cross site request forgery vulnerabilities.
Slackware Security Advisory – curl Updates
Slackware Security Advisory – New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Slackware Security Advisory – jasper Updates
Slackware Security Advisory – New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Debian Security Advisory 3332-2
Debian Linux Security Advisory 3332-2 – The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem.