XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
Monthly Archives: April 2015
Avast for Business adds 75,000 new customers in just two months
Luke Walling, GM of Avast for Business, had confidence in the Avast for Business product all along. But the explosion of new customers has surprised and delighted even him.
Avast for Business is the industry’s first free, easy to use, cloud-managed security offering that protects small-to-medium-sized business (SMB) from cyber attacks and data breaches.
The new product has been available for two months, and already more than 75,000 SMB owners have enthusiastically selected Avast for Business to protect their companies.
The new, cloud-managed solution has specifically been adopted by IT consulting, education, and non-profit sectors. Early results also show a strong uptake in managed service providers, who make up 12 percent of Avast for Business’ total installed device count and 2.5 percent of its new users.
A reason for it’s booming success is because most start-ups, small businesses, schools, and nonprofit organizations lack the IT infrastructure to install costly and complex on-premise security solutions. Avast for Business provides the ideal solution. It’s easily scalable and managed from anywhere. Additionally, Avast for Business starts at a price everyone can afford: free, making it a natural fit for small-to-medium-sized businesses and organizations worldwide.
Avast for Business is free for as long as you want it and for an unlimited number of admins and devices. Protect your company with Avast for Business.
Avast for Business replaces expensive, complicated security solutions for SMBs.
The dirty secrets of webcam-hacking peeping toms and sextortionists
Virtually every computer sold today comes with a dirty little secret. It can spy on you. Learn more, and how to protect yourself.
The post The dirty secrets of webcam-hacking peeping toms and sextortionists appeared first on We Live Security.
CVE-2014-9718
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function’s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
CVE-2015-0135
IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.
CVE-2015-3342
Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter.
CVE-2015-3343
Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a mapping via unknown vectors.
CVE-2015-3344
Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
CVE-2015-3345
SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the “phpList database.”
CVE-2015-3346
SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.