The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. Date published : 2015-06-03 http://www.securityfocus.com/bid/74766 http://www.securityfocus.com/archive/1/535587/100/0/threaded
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String...
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an...
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users’ sessions via a large number of requests. Date published :...
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header. Date published...
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. Date published...
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. Date published...
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. Date published : 2015-06-02 http://www.securityfocus.com/bid/74798 http://seclists.org/fulldisclosure/2015/May/96
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. Date published : 2015-06-02 http://www.securityfocus.com/bid/74802 http://seclists.org/fulldisclosure/2015/May/96
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. Date published : 2015-06-02 http://www.securityfocus.com/bid/74799 http://seclists.org/fulldisclosure/2015/May/96
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. Date published : 2015-06-02 http://www.securityfocus.com/bid/74805 http://seclists.org/fulldisclosure/2015/May/96
GNU Parallel before 20150522 (Nepal), when using (1) –cat or (2) –fifo with –sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. Date published : 2015-06-02...
GNU Parallel before 20150422, when using (1) –pipe, (2) –tmux, (3) –cat, (4) –fifo, or (5) –compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. Date...
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate....