Red Hat Enterprise Linux: Updated redhat-virtualization-host packages are now available.
Monthly Archives: November 2016
Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
Posted by Elar Lang on Nov 01
Title: Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
Credit: Elar Lang / https://security.elarlang.eu
Vendor/Product: dotCMS (http://dotcms.com/)
Vulnerability: SQL injection
Vulnerable version: before 3.5; 3.3.1 and 3.3.2 (depends on CVE)
CVE: CVE-2016-8902, CVE-2016-8903, CVE-2016-8904, CVE-2016-8905,
CVE-2016-8906, CVE-2016-8907, CVE-2016-8908, CVE-2016-4040
# Multiple SQL injections in dotCMS framework.
## CVE-2016-8902 -…
Vulnerabilities in D-Link DIR-300
Posted by MustLive on Nov 01
Hello list!
There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery
vulnerabilities in D-Link DIR-300.
————————-
Affected products:
————————-
Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All
previous versions also must be vulnerable.
———-
Details:
———-
Abuse of Functionality (WASC-42):
Admin’s login is persistent: admin. Which simplify BF and CSRF…