The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link’s target, and spoof the user interface, via a crafted web site.
Monthly Archives: May 2015
Mitch McConnell Still Wants To Tap Your Phone
NSA Phone Data Collection 'Illegal', US Court Rules
Adobe Flash Player domainMemory ByteArray Use After Free
This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.
WordPress RevSlider 3.0.95 File Upload / Execute
This Metasploit module exploits an arbitrary PHP code upload vulnerability in the WordPress ThemePunch Revolution Slider ( revslider ) plugin, version 3.0.95 and prior. The vulnerability allows for arbitrary file upload and remote code execution.
WordPress Ad Buttons 2.3.1 CSRF / Cross Site Scripting
WordPress Ad Buttons plugin version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
WordPress Freshmail 1.5.8 SQL Injection
WordPress Freshmail plugin versions 1.5.8 and below suffer from multiple remote SQL injection vulnerabilities.
MDVSA-2015:231: perl-XML-LibXML
Updated perl-XML-LibXML package fixes security vulnerability:
Tilmann Haak from xing.com discovered that XML::LibXML did not respect
the expand_entities parameter to disable processing of external
entities in some circumstances. This may allow attackers to gain
read access to otherwise protected ressources, depending on how the
library is used (CVE-2015-3451).
RHBA-2015:0952-1: qemu-kvm-rhev bug fix update
Red Hat Enterprise Linux: Updated qemu-kvm-rhev packages that fix one bug are now available for Red Hat
Enterprise Linux 7.
Google App Engine Java Security Sandbox Bypasses
Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.