Monthly Archives: November 2015

NVD

CVE-2015-7830

The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.

Full Disclosure

Open Source Social Network 3.5: XSS

Posted by Curesec Research Team (CRT) on Nov 14

Security Advisory – Curesec Research Team

1. Introduction

Affected Open Source Social Network 3.5
Product:
Fixed in: 3.6
Fixed Version https://www.opensource-socialnetwork.org/downloads/
Link: ossn-v3.6-1443545762.zip
Vendor Contact: https://www.opensource-socialnetwork.org/contact
Vulnerability XSS
Type:
Remote Yes
Exploitable:
Reported to 09/29/2015
vendor:
Disclosed to 11/13/2015
public:…

Full Disclosure

dotclear 2.8.1: Code Execution

Posted by Curesec Research Team (CRT) on Nov 14

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: dotclear 2.8.1
Fixed in: 2.8.2
Fixed Version Link: http://download.dotclear.org/latest.zip
Vendor Website: http://dotclear.org/
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Disclosed to public: 11/13/2015
Release mode: Coordinated release
CVE: n/a
Credits Tim Coen of…

Full Disclosure

dotclear 2.8.1: XSS

Posted by Curesec Research Team (CRT) on Nov 14

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: dotclear 2.8.1
Fixed in: 2.8.2
Fixed Version Link: http://download.dotclear.org/latest.zip
Vendor Website: http://dotclear.org/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Disclosed to public: 11/13/2015
Release mode: Coordinated release
CVE: n/a
Credits Tim Coen of Curesec…