Hippo CMS version 10.1 suffers from a stored cross site scripting vulnerability.
Monthly Archives: January 2016
FreeBSD Security Advisory – FreeBSD-SA-16:11.openssl
FreeBSD Security Advisory – A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. An active MITM attacker may be able to force a protocol downgrade to SSLv2, which is a flawed protocol and intercept the communication between client and server.
Bugtraq: FreeBSD Security Advisory FreeBSD-SA-16:11.openssl
FreeBSD Security Advisory FreeBSD-SA-16:11.openssl
VBScan Vulnerability Scanner 0.1.4
VBScan is a black box vBulletin vulnerability scanner written in perl.
DSA-3463 prosody – security update
It was discovered that insecure handling of dialback keys may allow
a malicious XMPP server to impersonate another server.
DSA-3464 rails – security update
Multiple security issues have been discovered in the Ruby on Rails web
application development framework, which may result in denial of service,
cross-site scripting, information disclosure or bypass of input
validation.
WordPress Comment Rating 1.5.0 Cross Site Scripting
WordPress Comment Rating plugin version 1.5.0 suffers from a cross site scripting vulnerability.
CVE-2016-0867
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request.
CVE-2016-1136
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1137
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.