The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. Date published : 2015-09-18 http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or...
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. Date published : 2015-09-17 http://cgit.drupalcode.org/osf/commit/?id=35c6e61...
Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create...
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML...
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response...
The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node. Date published : 2015-09-17 https://www.drupal.org/node/2484229 https://www.drupal.org/node/2553971
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging...
The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors. Date published...
The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit...
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via...
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. Date published : 2015-09-17 https://www.exploit-db.com/exploits/38213/ http://packetstormsecurity.com/files/133610/Farol-SQL-Injection.html
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote...
Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown...