Avisos Tecnicos INTECO (España)

Syndicate content
Avisos y alertas de INCIBE es
Updated: 13 min 7 sec ago

CVE-2015-4135

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-4134

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-4133

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-4132

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-4127

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-4084

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-3165

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-1551

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-1550

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-1392

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2015-1389

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action. 2015-05-27T22:00:00Z
Categories: Alertas

CVE-2014-6628

Wed, 05/27/2015 - 20:00
*** Pendiente de traducción *** Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors. 2015-05-27T22:00:00Z
Categories: Alertas

el plugin GigPress para WordPress (CVE-2015-4066)

Tue, 05/26/2015 - 20:00
Múltiples vulnerabilidades de inyección SQL en admin/handlers.php en el plugin GigPress anterior a 2.3.9 para WordPress permiten a usuarios remotos autenticados ejecutar comandos SSQL arbitrarios a través del parámetro (1) show_artist_id o (2) show_venue_id en una acción de añadir en la página gigpress.php en wp-admin/admin.php. 2015-05-26T22:00:00Z
Categories: Alertas

el plugin Landing Pages para WordPress (CVE-2015-4065)

Tue, 05/26/2015 - 20:00
Vulnerabilidad de XSS en shared/shortcodes/inbound-shortcodes.php en el plugin Landing Pages anterior a 1.8.5 para WordPress permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro post en wp-admin/post-new.php. 2015-05-26T22:00:00Z
Categories: Alertas

el plugin Landing Pages para WordPress (CVE-2015-4064)

Tue, 05/26/2015 - 20:00
Vulnerabilidad de inyección SQL en modules/module.ab-testing.php en el plugin Landing Pages anterior a 1.8.5 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro post en una acción de variación de eliminación de edición en wp-admin/post.php. 2015-05-26T22:00:00Z
Categories: Alertas

CVE-2015-4063

Tue, 05/26/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. 2015-05-26T22:00:00Z
Categories: Alertas

CVE-2015-4062

Tue, 05/26/2015 - 20:00
*** Pendiente de traducción *** SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. 2015-05-26T22:00:00Z
Categories: Alertas

CVE-2015-3922

Tue, 05/26/2015 - 20:00
*** Pendiente de traducción *** Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter. 2015-05-26T22:00:00Z
Categories: Alertas

CVE-2015-3921

Tue, 05/26/2015 - 20:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. 2015-05-26T22:00:00Z
Categories: Alertas

CVE-2015-3339

Tue, 05/26/2015 - 20:00
*** Pendiente de traducción *** Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. 2015-05-26T22:00:00Z
Categories: Alertas