The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.
Monthly Archives: February 2015
CVE-2015-1585
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.
CVE-2015-1587
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
CVE-2015-1592
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.
CVE-2015-1603
Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php.
CVE-2015-1604
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/.
CVE-2015-1614
Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page.
CVE-2015-1879
Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php.
Jamie Oliver website serves up a side of malware
Jamie Oliver’s website was affected by a malware issue, a spokesperson for the British celebrity chef has told the BBC.
The post Jamie Oliver website serves up a side of malware appeared first on We Live Security.
Five permissions to check when installing Android apps
Apps are what make our smartphones truly useful. They help us stay in touch with family and friends, guide us, educate us and sometimes simply entertain us. With the average person having nearly 30 apps on their device, it’s clear that we’re no strangers to downloading and installing apps.
However a word of caution. You should always check the permissions that an app requests while installing.
In this video I have outlined five permissions that you should be aware of and give careful consideration when granting it to an app.
Five permissions to check when installing Android apps
1. Access to Internet: be careful that the permission being asked for is appropriate to the app
2. Access to phone and call information: apps will be able to view your call history, send text messages and incur additional costs without you knowing.
3. GPS & precise location: does the app really need your precise location or even access to your GPS?
4.Access to photos/media/files: ensure you only give access to trustworthy apps, with this permissions they have the ability to access a lot of data on your phone.
5. Camera & Microphone access: Apps can access them at anytime and take photos or record audio without you knowing. Make sure you provide access to apps you trust.
If you’re unsure about why the app is asking for you to provide a particular permissions, you can always contact the developer and ask them to clarify.