Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Monthly Archives: July 2015
CVE-2015-2726
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-2727
Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.
CVE-2015-2728
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a “type confusion” issue.
GLSA 201507-02: Tor: Denial of Service
DSA-3302 libwmf – security update
Insufficient input sanitising in libwmf, a library to process Windows
metafile data, may result in denial of service or the execution of
arbitrary code if a malformed WMF file is opened.
Open redirect vulnerability in StageShow WordPress plugin v5.0.8
Posted by Nitin Venkatesh on Jul 05
# Title: Open redirect vulnerability in StageShow WordPress plugin v5.0.8
# Submitter: Nitin Venkatesh
# Product: StageShow WordPress Plugin
# Product URL: https://wordpress.org/plugins/stageshow
# Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’)
[CWE-601]
# Affected Versions: v5.0.8 and possibly below
# Tested Version: v5.0.8
# Fixed Version: v5.0.9
# Link to source code diff:…
Re: Google HTTP Live Headers v1.0.6 – Client Side Cross Site Scripting Web Vulnerability
Posted by Gynvael Coldwind on Jul 05
Hi,
Quick question with regards to your disclosure – why are you attributing
the ownership/authorship of HTTP Live Headers to Google? The website you
linked seems to clearly says it’s developed by eSolutions Nordic AB
(“offered by https://www.esolutions.se").
Also, if you found a vulnerability in eSolutions’ HTTP Live Headers, why do
you include information about “Google’s Chrome Web Store” in the…
Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass
Posted by MustLive on Jul 05
Hello list!
Let’s back to vulnerabilities, which I disclosed in April 2011, which can be
used for DDoS attacks on other sites, e.g. with my DAVOSET
(http://seclists.org/fulldisclosure/2015/Jun/111). In addition to hundreds
of themes, which I wrote about in previous years, here is another theme for
WordPress, which still didn’t fix all holes and there are many sites with
old version of theme (+ WAF bypass).
I want to warn you…
Arizona school simplifies and saves with Avast’s free business software
Avast for Business just made life easier and saved money for administrator Dale Kvittem-Barr at Peace Lutheran Church and School.
Avast for Business simplified a private school’s security management – for Free!
Schools house a large quantity of sensitive data and Kvittem-Barr knows that security software is a must. But, managing 50 devices is a challenge.
“When I started here, we had Norton and each computer had its own individual license. It was a nightmare. I switched all of the school’s computers to the free Avast consumer product. When I heard there was a free business solution and that it had a centralized management dashboard I knew we had to have it.”
With Avast for Business, Kvittem-Barr no longer has multiple licenses to manage and he can see his entire network anytime, anywhere.
“The cloud-based system makes sense because the entire network can be updated constantly from the dashboard so I don’t have to run around to every computer anymore.”
For his mixed platform networks, Kvittem-Barr says Avast for Business just works for him.
“We have Macs and PCs so to be able to protect them both with the same console is great!”
And the software keeps him continuously informed about threats to the school.
“The notifications have been really helpful because I can see which computers are being hit harder than others and make sure I focus on those.”
Budget is an issue for all schools and Kvittem-Barr said that his school’s savings with Avast for Business were substantial. As for plans to spend the savings he says,
“Yeah, we were actually able to purchase a lot more computers and a device charging cart.”
Find out how your school can save money with Avast for Business.
