Hi @ll,
Mozilla's (executable) full setup packages for Windows allow arbitrary
code execution resp. escalation of privilege: their SETUP.EXE loads
SHFOLDER.DLL ['] from a temporary (sub)directory "%TEMP%\7zS.tmp\"
created during self-extraction of the full setup packages.
This vulnerability is we
Xen XSA-148(http://xenbits.xen.org/xsa/advisory-148.html) is the real VM
Escape Vulnerability
XSA-148 is public just now and it's a memory management logic vulnerability
obviously.
The bulletin means that a micious PV DomU could enable PS/RW flag of its
PDE to read/write the 2M page.
So, if a atta
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-030]
Advisory URL:
http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
Cl
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite - XXE injection
Advisory ID: [ERPSCAN-15-029]
Advisory URL:
http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 21.10.2015
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
1. ADVISORY INFORMATION
Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-028]
Advisory URL:
http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
Cl
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Pligg CMS 2.0.2
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://pligg.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed to pu
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Pligg CMS 2.0.2
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://pligg.com/
Vulnerability Type: Directory Traversal
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Pligg CMS 2.0.2
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://pligg.com/
Vulnerability Type: Code Execution & CSRF
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclos
(, ) (,
. '.' ) ('.',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( <_> ) Y Y \
/__ /\___|__ / \___ >/|__|_| /
\/ \/.-.\/ \/:wq
eBay Magento CE <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM
eBay Magento EE <= 1.14.2.1
Details at:
http://legalhackers.com/advisories/eBay-Magento-XXE-Injection-Vulnerability.txt
Regards,
Dawid Golunski
http://legalhackers.com
___
S
10 matches
Mail list logo
