WP-Ultimate CSV Importer XSS Vulnerability

## FULL DISCLOSURE #Product : WP-Ultimate CSV Importer #Exploit Author : Rahul Pratap Singh #Version : 3.8.6 #Home page Link : https://wordpress.org/plugins/wp-ultimate-csv-importer #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 27/Jan/2016

[SECURITY] [DSA 3454-1] virtualbox security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3454-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2016

Authentication bypass in PHP File Manager 0.9.8

PHP File Manager 0.9.8 (http://phpfm.sourceforge.net/) is vulnerable to authentication bypass due to insecure implementation of register globals emulation. An attacker is able to override the blockKeys array and thus build a valid session and access all the protected functionality (including

[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities

1. Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode:

PHP LiteSpeed SAPI out of boundaries read due to missing input validation

The LiteSpeed SAPI module in PHP did not sanitize several fields of the LSAPI request correctly. In the source file sapi/litespeed/lsapilib.c, the parseRequest function calculated addresses of thesevariables in the following way: pReq->m_pScriptFile = pReq->m_pReqBuf +

[security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04944173 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04944173 Version: 1 HPSBGN03536

[security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04944172 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04944172 Version: 1 HPSBGN03537

glibc catopen() Multiple unbounded stack allocations

glibc catopen() Multiple unbounded stack allocations URL: https://cxsecurity.com/issue/WLB-2016010149 --- PoC: #include #include #include int main(){ char *buff; buff=malloc(); memset(buff,'A',1110); buff[1110]='\0'; catopen(buff,

APPLE-SA-2016-01-25-1 tvOS 9.1.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2016-01-25-1 tvOS 9.1.1 tvOS 9.1.1 is now available and addresses the following: Disk Images Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A

WP Easy Gallery v4.1.4 Stored XSS Vulnerability

#Product: WP Easy Gallery #Exploit Author : Rahul Pratap Singh #Version: 4.1.4 #Home page Link : https://wordpress.org/plugins/wp-easy-gallery #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 26/Jan/2016 XSS Vulnerability:

[SECURITY] [DSA 3453-1] mariadb-10.0 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3453-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 25, 2016

Magento 1.9.x Multiple Man-In The Middle

Magento 1.9.x Multiple Man-In The Middle https://cxsecurity.com/issue/WLB-2016010129 --- Description --- The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different