CIS Manager Content Management System 2015Q4 suffers from a remote SQL injection vulnerability.
Monthly Archives: November 2015
Google Translate Cross Site Scripting
Google’s translate functionality suffers from a cross site scripting vulnerability.
DSA-3407 dpkg – security update
Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb
component of dpkg, the Debian package management system. This flaw could
potentially lead to arbitrary code execution if a user or an automated
system were tricked into processing a specially crafted Debian binary
package (.deb) in the old style Debian binary package format.
Bugtraq: [security bulletin] HPSBGN03523 rev.1 – HP Loadrunner Virtual Table Server, Remote Code Execution
[security bulletin] HPSBGN03523 rev.1 – HP Loadrunner Virtual Table Server, Remote Code Execution
Bugtraq: [security bulletin] HPSBGN03523 rev.1 – HP Loadrunner Virtual Table Server, Remote Code Execution
[security bulletin] HPSBGN03523 rev.1 – HP Loadrunner Virtual Table Server, Remote Code Execution
Bugtraq: CIS Manager Content Management System 2015Q4 – SQL Injection Vulnerability
CIS Manager Content Management System 2015Q4 – SQL Injection Vulnerability
Bugtraq: [SECURITY] [DSA 3404-1] python-django security update
[SECURITY] [DSA 3404-1] python-django security update
CVE-2014-3665
CloudBees Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
CVE-2015-5242
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
CVE-2015-5306
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.