Posted by p0x2015 on Apr 04
Hello,please Add the following to the security mailing-lists.
1??Description
Exploit Title: SQL Injection Vulnerability in DotCms v3.3
Date: 3-28-2016
Vendor Homepage: http://dotcms.com/
Vendor: dotcms
Software: Content Management System
Version: v3.3
CVE:CVE-2016-3688
2??Product Summary
================
dotcms is a fully featured open source enterprise grade J2EE/Java based web content management system for
building/managing…
Posted by MustLive on Apr 04
Hello!
In October I wrote you about vulnerability in the plugin for WordPress,
which was 100% repeat of my vulnerability, which I disclosed in 2010. And
here is another case, now with theme for WordPress.
Concerning this advisory about Daily Edition at security mailing lists:
https://packetstormsecurity.com/files/130753/WordPress-Daily-Edition-Theme-1.6.2-Path-Disclosure.html
http://seclists.org/fulldisclosure/2015/Mar/57
Wang Jing disclosed…
WordPress Scoreme Theme – Client Side Cross Site Scripting Web Vulnerability
Techsoft Web Solutions CMS 2016 Q2 – SQL Injection Web Vulnerability
FortiManager & FortiAnalyzer 5.x (Appliance Application) – (filename) Persistent Web Vulnerability
ManageEngine Password Manager Pro Multiple Vulnerabilities
This Metasploit module exploits a SEH overflow in the Easy File Sharing FTP server version 7.2.
This Metasploit module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP server version 2.0.7. This requires authentication but by default anonymous credentials are enabled.
A ransomware alert has been issued by the US and Canada to ensure that individuals and organizations are aware of the threat posed by this type of malicious software.
The post US and Canada issue ransomware alert appeared first on We Live Security.
Open-Xchange versions 7.8.0 and below suffer from multiple cross site scripting vulnerabilities.