[security bulletin] HPSBGN03371 rev.1 – HP IceWall Products running OpenSSL, Remote Denial of Service (DoS)
Monthly Archives: July 2015
Bugtraq: Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
Bugtraq: [security bulletin] HPSBGN03373 rev.1 – HP Release Control running TLS, Remote Disclosure of Information
[security bulletin] HPSBGN03373 rev.1 – HP Release Control running TLS, Remote Disclosure of Information
Bugtraq: SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8
SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8
Simple Online Planning Tool 1.3.2 XSS / SQL Injection / Traversal
Simple Online Planning Tool version 1.32 suffers from code execution, cross site scripting, remote SQL injection, information disclosure, and path traversal vulnerabilities.
Fedora 22 Security Update: libunwind-1.1-10.fc22
Broken, Abandoned, and Forgotten Code, Part 10
Posted by Zach C on Jul 11
Part 10 of Broken, Abandoned, and Forgotten Code is up! In this part
we hunt for a UART connection inside the Netgear R6200 router.
When we start developing our minimized bootstrap firmware as well as
the custom, stage 2 firmware in later parts, it will take many
iterations to get it right. During that process it will be essential
to recover a bricked router from a non-functional firmware update. The
UART connection makes it possible to restore…
GLSA 201507-14: Oracle JRE/JDK: Multiple vulnerabilities
Western Digital Arkeia "ARKFS_EXEC_CMD" <= v11.0.12 Remote Code Execution
Posted by xistence on Jul 10
## Advisory Information
Title: Western Digital Arkeia “ARKFS_EXEC_CMD” <= v11.0.12 Remote Code
Execution
Submitter: xistence <xistence[at]0x90.nl>
Date published: 2015-07-10
Vendors contacted: Western Digital / Arkeia
Class: OS Command Injection [CWE-78]
Impact: Code execution
Remotely Exploitable: Yes
## Product Description
The WD Arkeia network backup suite comprises WD Arkeia software’s suite of
backup-and-restore…
Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal WordPress Plugin v1.1.5
Posted by Nitin Venkatesh on Jul 10
# Title: Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection
in CP Contact Form with Paypal WordPress Plugin v1.1.5
# Submitter: Nitin Venkatesh
# Product: CP Contact Form with Paypal WordPress Plugin
# Product URL: https://wordpress.org/plugins/cp-contact-form-with-paypal/
# Vulnerability Type: Cross-site Request Forgery [CWE-352], Cross-site
scripting[CWE-79], Improper Neutralization of Special Elements used in an
SQL Command…