Yooz.ir suffers from an open redirection vulnerability.
Monthly Archives: May 2015
WordPress Xloner 3.1.2 XSS / Command Execution
WordPress Xloner plugin version 3.1.2 suffers from command execution and cross site scripting vulnerabilities.
CVE-2015-1010
Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack.
CVE-2015-2948
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2949
Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3292
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-3939
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file.
Re: Safari Address Spoofing (How We Got It)
Posted by Michal Zalewski on May 31
Well… http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html
Ektron CMS 9.10 SP1 Cross Site Scripting
Ektron CMS versions 9.10 SP1 build 9.1.0.184.1.102 and below suffer from a cross site scripting vulnerability.
WebDrive 12.2 Buffer Overflow
WebDrive version 12.2 suffers from a buffer overflow vulnerability.