WordPress Calculated Fields Form 1.0.x Session Hijacking
WordPress Calculated Fields Form plugin versions 1.0.x and below suffer from Http_only bypass and session hijacking vulnerabilities.
View ArticleOpenAM Open Redirect
Compass Security discovered a web application security flaw in the OpenAM application which allows an attacker to launch phishing attacks against users by redirecting them to a malicious website. An...
View ArticleRozBlog Weblog Service Cross Site Request Forgery / Cross Site Scripting
RozBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.
View ArticleWordPress Import Woocommerce 1.0.1 Cross Site Scripting
WordPress Import Woocommerce plugin version 1.0.1 suffers from a cross site scripting vulnerability.
View ArticleWordPress WP Ultimate Exporter 1.0 Cross Site Scripting
WordPress WP Ultimate Exporter plugin version 1.0 suffers from a cross site scripting vulnerability.
View ArticleXSSer Penetration Testing Tool 1.7b
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass...
View ArticleAdobe Experience Manager 6.1.0 Cross Site Scripting
Adobe Experience Manager version 6.1.0 suffers from a cross site scripting vulnerability.
View ArticleWordPress Extra User Details 0.4.2 Privilege Escalation
WordPress Extra User Details plugin version 0.4.2 suffers from a privilege escalation vulnerability.
View ArticleWordPress WP Advanced Importer 2.1.1 Cross Site Scripting
WordPress WP Advanced Importer plugin version 2.1.1 suffers from a cross site scripting vulnerability.
View ArticleOpenAM 9 / 10 Cross Site Scripting
OpenAM versions 9 through 9.5.5 and 10.0.0 through 10.0.2 suffer from a cross site scripting vulnerability.
View ArticleWordPress CSV Import 1.0 Cross Site Scripting
WordPress CSV Import plugin version 1.0 suffers from a cross site scripting vulnerability.
View ArticleIPSet Bash Completion 2.9.1
ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set...
View ArticleIPTables Bash Completion 1.6
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the...
View ArticleIPSet List 3.3
ipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the output can be colorized.
View ArticleDebian Security Advisory 3488-1
Debian Linux Security Advisory 3488-1 - Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and...
View ArticleDebian Security Advisory 3489-1
Debian Linux Security Advisory 3489-1 - lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default.
View ArticleRed Hat Security Advisory 2016-0296-01
Red Hat Security Advisory 2016-0296-01 - The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following...
View ArticleSlackware Security Advisory - bind Updates
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
View ArticleSlackware Security Advisory - glibc Updates
Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.
View Article