Posted by James Hodgkinson on Mar 07
Maybe the major change is that they’re including the Ask toolbar in all releases now, not just the windows one? 🙂
The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In
my tests on a Mac running that latest release of OS X, the installer added an app to the current browser, Chrome
version 41 …
James
My reading of the first WWW page is that only Java SE 7 u75/76 contains…
Posted by paul . szabo on Mar 07
Alan Coopersmith <alan.coopersmith () oracle com> wrote (and he should
know!):
My observation in the past was that Java updates came with the rest
of the “quarterly CPU” cycle. Was that wrong, has something changed?
Thanks, Paul
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Posted by Alan Coopersmith on Mar 07
Java 8u40 is a feature release that’s been planned for almost a year, not
a special out of band bug fix release.
http://openjdk.java.net/projects/jdk8u/releases/8u40.html
https://blogs.oracle.com/thejavatutorials/entry/jdk_8u40_released
Posted by Alexander Burke on Mar 07
Java 8u40 includes adware on OS X for the first time ever:
http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/
Sorry for the poor quality of the link; I don’t have time to find a better one.
— Alex
El 06/03/2015, a les 21:02, paul.szabo () sydney edu au va escriure:
Posted by Jing Wang on Mar 07
*Webshop hun v1.062S Information Leakage (Full Path Disclosure – FPD)
Security Vulnerabilities*
Exploit Title: Webshop hun v1.062S /index.php termid parameter Information
Leakage Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: March 07, 2015
Latest Update: March 07, 2015
Vulnerability Type: Information Exposure [CWE-200]
CVE Reference: *
Impact CVSS…
Posted by MustLive on Mar 07
Hello list!
There are Cross-Site Scripting and Cross-Site Request Forgery
vulnerabilities in ASUS Wireless Router RT-G32.
————————-
Affected products:
————————-
Vulnerable is the next model: ASUS RT-G32 with different versions of
firmware. I checked in ASUS RT-G32 with firmware versions 2.0.2.6 and
2.0.3.2.
———-
Details:
———-
Cross-Site Scripting (WASC-08):…
Posted by Jing Wang on Mar 07
*WordPress Daily Edition Theme v1.6.2 SQL Injection Security
Vulnerabilities*
Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id
Parameters SQL Injection Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.2
Tested Version: v1.6.2
Advisory Publication: Mar 07, 2015
Latest Update: Mar 07, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an…
Posted by Jing Wang on Mar 07
*WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security
Vulnerabilities*
Exploit Title: WordPress Daily Edition Theme v1.6.2 /thumb.php src
Parameter Unrestricted Upload of File Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.2
Tested Version: v1.6.2
Advisory Publication: Mar 07, 2015
Latest Update: Mar 07, 2015
Vulnerability Type: Unrestricted Upload of File with…
Posted by Jing Wang on Mar 07
*NetCat CMS Multiple HTTP Response Splitting (CRLF) Security
Vulnerabilities*
Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 3.12
Advisory Publication: Mar 07, 2015
Latest Update: Mar 07, 2015
Vulnerability Type: Improper Neutralization of CRLF Sequences (‘CRLF…
Posted by Jing Wang on Mar 07
*NetCat CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities*
Exploit Title: NetCat CMS Multiple XSS Security Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 3.12
Advisory Publication: March 07, 2015
Latest Update: March 07, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS…