Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
Monthly Archives: March 2016
CVE-2015-8153
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-8154
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to “RWX Permissions.”
CVE-2016-2281
Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2016-3155
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.
Bugtraq: [slackware-security] mozilla-firefox (SSA:2016-077-01)
[slackware-security] mozilla-firefox (SSA:2016-077-01)
Bugtraq: Xoops 2.5.7.2 CSRF – Arbitrary User Deletions
Xoops 2.5.7.2 CSRF – Arbitrary User Deletions
Bugtraq: Xoops 2.5.7.2 Directory Traversal Bypass
Xoops 2.5.7.2 Directory Traversal Bypass
Bugtraq: Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished á´?á´ á´?-2016-2324 and á´?á´ á´?â??2016â??2315)
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished á´?á´ á´?-2016-2324 and á´?á´ á´?â??2016â??2315)
Pwn2Own Day Two: Safari, Edge Go Down And Winner Crowned
Tencent Security Team Sniper (KeenLab and PC Manager) takes top honors and is Master of Pwn for Pwn2Own 2016 earning $142,500.