Monthly Archives: September 2015
US Tightens Mobile Phone Tracking Rules
Sony Hack Nears End Credits As Firm Reaches Settlement With Ex-Employees
Milw0rm Clone Script 1.0 Cross Site Scripting
Milw0rm Clone Script version 1.0 suffers from a cross site scripting vulnerability.
Virtual Freer Authentication Bypass
Virtual Freer versions prior to 1.57 suffers from an authentication bypass vulnerability.
AnonTwi 1.1b
Anontwi is a tool for OAuth2 applications, such as GNUSocial and Twitter, that provides different layers of encryption, privacy methods and proxy features. It contains a GTk+ interface.
DSA-3352 screen – security update
A vulnerability was found in screen causing a stack overflow which
results in crashing the screen server process, resulting in denial
of service.
CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements.
CVE-2015-1292
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.
CVE-2015-1293
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.