FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).
Monthly Archives: March 2017
CVE-2017-6478
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
CVE-2017-6483
Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6492
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.
Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13
Posted by Kyle Neideck on Mar 05
Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13
Kyle Neideck, February 2017
Product
——-
Deluge is a BitTorrent client available from http://deluge-torrent.org.
Fix
—
Fixed in the (public) source code, but not in binary releases yet. See
http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9
and…
Executable installers are defective^WEVIL (case 1): putty-0.68-installer.exe
Posted by Stefan Kanthak on Mar 05
Hi @ll,
although puTTY finally offers MSI packages as primary installers on
<http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html>,
they still provide an executable installer putty-0.68-installer.exe
(see <http://seclists.org/fulldisclosure/2016/Mar/12>), still
created with InnoSetup.
putty-0.68-installer.exe is but a DEFECTIVE “portable executable”
image (see DUMPBIN output below)!
JFTR: unfortunately…
Call for Papers for 5th Balkan Computer Congress – BalCCon2k17
Posted by Milos Krasojevic on Mar 05
Call for Papers for 5th Balkan Computer Congress – BalCCon2k17
15|16|17 September 2017, Novi Sad, Vojvodina, Serbia, Europe, Earth,
Milky Way
The BalCCon2k17 staff are now soliciting papers to be presented at our
BalCCon2k17 Congress to be held 15 – 17th September in Novi Sad, Serbia.
The CfP in open until 1st July 2017.
The Event
Balkan Computer Congress is an annual three days gathering of the
international hacker…
CVE-2017-6443: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00
Posted by Michael Benich on Mar 05
Summary: Persistent cross-site scripting (XSS) in the web interface of Epson’s TMNet WebConfig Ver 1.00 application
allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter.
————————————————————————
Vendor: EPSON
————————————————————————
Software Link:…
tor-0.2.9.10-1.fc24
Security update for integer underflow
w3m-0.5.3-30.git20170102.fc24
Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633
—-
Update to latest upstream gitrev 20170102