Posted by Henri Salo on Nov 19
This seems to be the same vulnerability as CVE-2014-7183[1] found by
Netsparker[2]. CVE-2014-7183 was fixed in version 1.2 according to the
changelog.
1: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7183
2: https://www.netsparker.com/xss-vulnerabilities-in-litecart/
Posted by Rohit Dua on Nov 19
LinkedIn social network affected by Persistent Cross-Site Scripting
vulnerability(XSS)
(patched in less than 3 hours)
=========================
I. VULNERABILITY
————————-
LinkedIn social network is affected by Persistent Cross-Site Scripting
(stored XSS)
vulnerability.
II. BACKGROUND
————————-
LinkedIn is a social networking service and website operates the world’s
largest professional network on the…
Original release date: November 19, 2015
VMware has released security updates to address a vulnerability in vCenter, vCloud Director, and Horizon View. Exploitation of this vulnerability may allow an attacker to obtain sensitive information.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0008 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in “Guard PGP Settings.”
The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets.
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access and device restart) via unknown vectors.
Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct flooding attacks via a crafted MPLS forwarding packet, aka a “VPN routing and forwarding (VRF) hopping vulnerability.”