Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.
Monthly Archives: September 2014
NDBLOG 0.1 Cross Site Scripting / SQL Injection
NDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
Get Simple CMS 3.3.3 Information Disclosure / XSS
Get Simple CMS version 3.3.3 suffers from information disclosure, upload, and cross site scripting vulnerabilities.
PayPal Community Web Portal Cross Site Scripting
PayPal Community Web Portal suffered from cross site scripting vulnerabilities.
PayPal Mail Encoding Script Insertion
Malicious script code could be inserted into PayPal’s mail encoding functionality.
POSNIC 1.02 Directory Listing / File Upload
POSNIC version 1.02 suffers from directory listing and file upload exposure vulnerabilities.
DSA-3038 libvirt – security update
Several vulnerabilities were discovered in Libvirt, a virtualisation
abstraction library. The Common Vulnerabilities and Exposures project
identifies the following problems:
Oracle Security Alert for CVE-2014-7169 – 26 September 2014
Apple: OS X Safe By Default Against Bash Vulnerability
Apple said it is working on a patch for OS X to counter the Bash vulnerability, but in the meantime is telling users the OS is safe by default.