Posted by Jing Wang on Mar 10
*Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities*
Exploit Title: Vastal I-tech phpVID /groups.php Multiple Parameters SQL
Injection Security Vulnerabilities
Product: phpVID
Vendor: Vastal I-tech
Vulnerable Versions: 1.2.3 0.9.9
Tested Version: 1.2.3 0.9.9
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an
SQL Command (‘SQL…
Posted by Jing Wang on Mar 10
*Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security
Vulnerabilities*
Exploit Title: Vastal I-tech phpVID Multiple XSS Security Vulnerabilities
Product: phpVID
Vendor: Vastal I-tech
Vulnerable Versions: 1.2.3 0.9.9
Tested Version: 1.2.3 0.9.9
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base…
Posted by Jing Wang on Mar 10
*SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Security
Vulnerabilities*
Exploit Title: SuperWebMailer /defaultnewsletter.php” HTMLForm Parameter
XSS Security Vulnerabilities
Product: SuperWebMailer
Vendor: SuperWebMailer
Vulnerable Versions: 5.*.0.* 4.*.0.*
Tested Version: 5.*.0.* 4.*.0.*
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact…
Posted by Jing Wang on Mar 10
*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security
Vulnerabilities*
Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id
Parameters XSS Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.* v1.5.* v1.4.* v1.3.* v1.2.* v1.1.*
v.1.0.*
Tested Version: v1.6.2
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type:…
Posted by Jing Wang on Mar 10
*WordPress Daily Edition Theme v1.6.2 Information Leakage Security
Vulnerabilities*
Exploit Title: WordPress Daily Edition Theme /thumb.php src Parameters
Information Leakage Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.* v1.5.* v1.4.* v1.3.* v1.2.* v1.1.*
v.1.0.*
Tested Version: v1.6.2
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type:…
Original release date: March 10, 2015
Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. Exploitation of one of these vulnerabilities (FREAK) could allow a remote attacker to decrypt secure communications between vulnerable clients and servers.
US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-MAR and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Apple Security Advisory 2015-03-09-4 – Xcode 6.2 is now available and addresses spoofing and validation checking issues.
Apple Security Advisory 2015-03-09-3 – Security Update 2015-002 is now available and addresses buffer overflow, off-by-one, type confusion, and secure transport vulnerabilities.
Apple Security Advisory 2015-03-09-2 – AppleTV 7.1 is now available and addresses folder creation, code execution, and tls-related vulnerabilities.
Apple Security Advisory 2015-03-09-1 – iOS 8.2 is now available and addresses null pointer dereference, code execution, buffer overflows, and various other vulnerabilities.