Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.
Monthly Archives: June 2015
CVE-2015-4660
Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.
CVE-2015-4661
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.
Major Carriers AT&T, Verizon Continue to Lag in EFF Privacy Report
Major telecoms like AT&T and Verizon continue to lag behind in the Electronic Frontier Foundation’s annual “Who Has Your Back” report.
Cyber Boot Camp: a head start for tomorrow’s cyber workforce
Every June, a select group of students from high schools and middle schools in San Diego County, California, get five days of intense education in the art of defending computer systems.
The post Cyber Boot Camp: a head start for tomorrow’s cyber workforce appeared first on We Live Security.
SAP NetWeaver Dispatcher Buffer Overflow
SAP NetWeaver Dispatcher has the function sapac01_sapgparam() that processes the ABAP kernel call C_SAPGPARAM. This function has a buffer overflow vulnerability. The vulnerability can allow an authenticated remote attacker to execute arbitrary code. It can also lead to denial of service.
Reddit to Move to HTTPS-Only
In the two years since the details of the NSA’s deep penetration of the Internet infrastructure began to emerge, there has been a major movement afoot among Web companies to encrypt more and more of their resources and services. The latest large property to make this move is Reddit, which by the end of the […]
Debian Security Advisory 3290-1
Debian Linux Security Advisory 3290-1 – Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption.
Apple iOS and OS X flaws leave passwords vulnerable
A vulnerability found in Apple’s iOS and OS X devices could allow hackers to upload malware and steal passwords for services including Mail and iCloud
The post Apple iOS and OS X flaws leave passwords vulnerable appeared first on We Live Security.
