Monthly Archive: March 2017

citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). Date published : 2017-03-31 http://www.securityfocus.com/bid/98082 https://github.com/citymont/symetrie/issues/3

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4,...

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. Date published : 2017-03-31 http://www.securityfocus.com/bid/97259 http://rungga.blogspot.co.id/2017/03/multiple-xss-vulnerability-on-pixie-104.html

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. Date published : 2017-03-31 http://www.securityfocus.com/bid/97268 http://rungga.blogspot.co.id/2017/03/multiple-xss-vulnerability-on-pixie-104.html

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. Date published : 2017-03-31 http://www.securityfocus.com/bid/97274 http://rungga.blogspot.co.id/2017/03/multiple-xss-vulnerability-on-pixie-104.html

Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. Date published : 2017-03-31 http://www.securityfocus.com/bid/97264 http://rungga.blogspot.co.id/2017/03/multiple-xss-vulnerability-on-pixie-104.html

Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. Date published : 2017-03-31 http://www.securityfocus.com/bid/97270 http://www.securityfocus.com/bid/97274

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted ‘config_option’ parameter. This is fixed in 1.3.9,...

A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted ‘type’ parameter, if Content Security Protection (CSP) settings...

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted ‘action’ parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2. Date published...

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution. Date published :...

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure. Date published : 2017-03-31...

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user...

The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for...