Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a “cross-frame scripting (XFS)” issue, aka Bug ID CSCux64856.
Monthly Archives: January 2016
CVE-2015-6862
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
CVE-2015-8261
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
CVE-2016-1131
Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Library before 3.16 allows remote attackers to execute arbitrary code via a crafted string.
320k Creds May Have Been Compromised From Time Warner
ProPublica Launches The Darkweb's First Major News Site
Malicious Apps In Google Play Made Unauthorized Downloads, Sought Root
Uber Fined $20k In Data Breach, 'God View' Probe
Ubuntu Security Notice USN-2864-1
Ubuntu Security Notice 2864-1 – Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
AVM FRITZ!OS HTML Injection
AVM FRITZ!OS versions prior to 6.30 suffer from an html injection vulnerability.