Monthly Archive: January 2015

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these...

Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/. Date published : 2015-01-13 https://www.netsparker.com/critical-xss-vulnerabilities-in-storytlr/ http://secunia.com/advisories/57182

Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/. Date published : 2015-01-13 https://www.netsparker.com/xss-vulnerability-in-storytlr/ http://secunia.com/advisories/57182

Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. Date published : 2015-01-13 https://github.com/evacchi/flatpress/issues/14 https://www.netsparker.com/critical-xss-vulnerabilities-in-flatpress/

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2015-01-13 http://www.arcticdesk.com/support/announcements/arcticdesk-v1-2-5-maintenance-release-18.html

Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-01-13 http://www.arcticdesk.com/support/announcements/arcticdesk-v1-2-5-maintenance-release-18.html http://secunia.com/advisories/57299

Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors. Date published : 2015-01-13 http://www.arcticdesk.com/support/announcements/arcticdesk-v1-2-5-maintenance-release-18.html https://blog.rack911.com/security-advisories/arcticdesk-custom-module-local-file-inclusion-vulnerability-r911-0132/

Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. Date published : 2015-01-13 http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html https://exchange.xforce.ibmcloud.com/vulnerabilities/95957

Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. Date published : 2015-01-13 http://packetstormsecurity.com/files/125464 http://secunia.com/advisories/57171

Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action. Date published : 2015-01-13...

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Date published : 2015-01-13 http://packetstormsecurity.com/files/124918...

Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. Date published...

Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username. Date published : 2015-01-13 http://www.securityfocus.com/bid/64681 http://packetstormsecurity.com/files/124682

Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Date published : 2015-01-13 http://www.securityfocus.com/bid/66146 https://github.com/getusedtoit/wp-slimstat/issues/3