Monthly Archive: February 2020

CSRF vulnerability in Smoothwall Express 3. Date published : 2020-02-07 https://www.openwall.com/lists/oss-security/2011/03/03/7

A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. Date published : 2020-02-07 https://www.openwall.com/lists/oss-security/2011/03/03/7

LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. Date published : 2020-02-07 http://www.openwall.com/lists/oss-security/2012/03/19/14 https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/mintUpdate.py#L1444

LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. Date published : 2020-02-07 http://www.openwall.com/lists/oss-security/2012/03/19/14

opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities Date published : 2020-02-07 http://www.openwall.com/lists/oss-security/2013/09/11/6 http://www.securityfocus.com/bid/62287

opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities Date published : 2020-02-07 【緊急リリース】すべてのバージョンの OpenPNE 3、 opOpenSocialPlugin、 opWebAPIPlugin における XML 外部実体参照に関する脆弱性対応のお知らせ (OPSA-2013-003) http://www.openwall.com/lists/oss-security/2013/09/11/6

ProjectPier 0.8.8 does not use the Secure flag for cookies Date published : 2020-02-07 http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html

ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag Date published : 2020-02-07 http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html http://www.securityfocus.com/bid/60739

ProjectPier 0.8.8 has stored XSS Date published : 2020-02-07 http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution Date published : 2020-02-07 http://www.exploit-db.com/exploits/29322 http://www.securityfocus.com/bid/63455

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability Date published : 2020-02-07 http://www.exploit-db.com/exploits/29321 http://www.securityfocus.com/bid/63453

vTiger CRM 5.3 and 5.4: ‘files’ Upload Folder Arbitrary PHP Code Execution Vulnerability Date published : 2020-02-07 http://www.exploit-db.com/exploits/29319 http://www.securityfocus.com/bid/63454

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. Date published : 2020-02-07 http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf http://securityevaluators.com/knowledge/case_studies/routers/dlink_dir865l.php

An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." Date published : 2020-02-07 http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php