Google AOSP Email App HTML Injection

November 17, 2015 007admin

Posted by Cláudio André on Nov 17

https://labs.integrity.pt/articles/google-aosp-email-app-html-injection-2/
1. Vulnerability Properties

*Title: *Google AOSP Email App HTML Injection

*CVE ID: PendingCVSSv3 Base Score: *6.3
(AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
*Vendor: *Google
*Products:* AOSP Email App
*Advisory Release Date:* 16 November 2015
*Advisory URL:*
https://labs.integrity.pt/advisories/google-aosp-email-app-html-injection/
*Credits: *Discovery by Cláudio André…

Security

Adobe Pushes Hotfix for ColdFusion

November 17, 2015 007admin

Adobe patched vulnerabilities in ColdFusion, LiveCycle Data Services and Premiere Clip for iOS.

Security

Patched Libpng Vulnerabilities Have Limited Scope

November 17, 2015 007admin

Most applications, including Firefox, are not vulnerable to a pair of memory corruption vulnerabilities patched in the libpng PNG reference library.

Security

Open-Xchange Guard 2.0 Cross Site Scripting

November 17, 2015 007admin

Open-Xchange Guard version 2.0 suffers from a cross site scripting vulnerability.

Security

Gentoo Linux Security Advisory 201511-02

November 17, 2015 007admin

Gentoo Linux Security Advisory 201511-2 – Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.548 are affected.

Security