Hack4 has announced its Call For Papers. It will be held December 28th through the 29th, 2015 in Berlin, Germany.
Monthly Archives: October 2015
Freemake Video Downloader 3.7.1 Code Execution
Freemake Video Downloader version 3.7.1 suffers from a code execution vulnerability.
Kaspersky Internet Security Shows 100% Efficiency in the Latest Dennis Technology Labs Annual Report
Freemake Video Downloader 3.7.1 – Code Execution Vulnerability
Posted by Vulnerability Lab on Oct 15
Document Title:
===============
Freemake Video Downloader 3.7.1 – Code Execution Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1617
Release Date:
=============
2015-10-12
Vulnerability Laboratory ID (VL-ID):
====================================
1617
Common Vulnerability Scoring System:
====================================
8.8
Product & Service Introduction:…
PayPal Inc Bug Bounty #117 – Session Fixation Vulnerability
Posted by Vulnerability Lab on Oct 15
Document Title:
===============
PayPal Inc Bug Bounty #117 – Session Fixation Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1509
EIBBP-31983 (P2)
Video: http://www.vulnerability-lab.com/get_content.php?id=1615
Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2015/10/09/paypal-inc-bug-bounty-117-filter-bypass-remote-session-fixation-vulnerability
Release…
PayPal Session Fixation
A session fixation web vulnerability has been discovered in the official PayPal Inc online service web application.
Brolux trojan targeting Japanese online bankers
A banking trojan, detected by ESET as Win32/Brolux.A, is targeting Japanese internet banking users and spreading through at least two vulnerabilities: a Flash vulnerability leaked in the Hacking Team hack and the so-called unicorn bug, a vulnerability in Internet Explorer.
The post Brolux trojan targeting Japanese online bankers appeared first on We Live Security.
CVE-2015-6755 (chrome)
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
CVE-2015-6756 (chrome)
Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document.
CVE-2015-6757 (chrome)
Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback.