Monthly Archives: January 2015

Full Disclosure

PhotoSync 1.1.3 Android – Command Inject Vulnerability

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
PhotoSync 1.1.3 Android – Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1410

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
====================================
1410

Common Vulnerability Scoring System:
====================================
5.2

Product & Service Introduction:…

Full Disclosure

Program-O v2.4.6 – Multiple Web Vulnerabilities

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
Program-O v2.4.6 – Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1414

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
====================================
1414

Common Vulnerability Scoring System:
====================================
6.3

Product & Service Introduction:
===============================…

Security

JasPer 1.900.1 Off-By-One / Heap Overflow

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. Versions 1.900.1 and below are affected.

Security

Adobe Patches One Zero Day in Flash, Will Patch a Second Flaw Next Week

UPDATE–Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is […]