The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
Monthly Archives: January 2016
Microsoft WARNING — 'Use Windows 7 at Your Own Risk'
Someone is threatening Windows 7 users with a misleading warning.
Guess who? Microsoft itself…
Microsoft has just issued a clear warning saying Windows 7 users should remain on the aging operating system “at your own risk, at your own peril.”
But why particularly Windows 7 Users?
Since Windows 7 runs on 55 percent of all the computers on the planet, Microsoft is worried that its
Don't Let Phishers Steal Your Holiday Cheer – Fierce IT Security
Year in Review: 5 PSA Stories MSPs Need to Know About – MSP Mentor
5 Cybersecurity Predictions for 2016 – CIO Today
D-Link DCS-931L Arbitrary File Upload
This Metasploit module exploits a file upload vulnerability in D-Link DCS-931L network cameras. The setFileUpload functionality allows authenticated users to upload files to anywhere on the file system, allowing system files to be overwritten, resulting in execution of arbitrary commands. This Metasploit module has been tested successfully on a D-Link DCS-931L with firmware versions 1.01_B7 (2013-04-19) and 1.04_B1 (2014-04-21). D-Link DCS-930L, DCS-932L, DCS-933L models are also reportedly affected, but untested.
Ubuntu 14.04 LTS / 15.10 overlayfs Local Root
Ubuntu 14.04 LTS and 15.10 overlayfs local root exploit.
OpenMRS Reporting Module 0.9.7 Remote Code Execution
OpenMRS Reporting module version 0.9.7 suffers from a remote code execution vulnerability.
Crony Cronjob Manager 0.4.4 Cross Site Request Forgery / Cross Site Scripting
Crony Cronjob Manager version 0.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
MediaAccess TG788vn Arbitrary File Disclosure
MediaAccess TG788vn with Cisco HTTP firewall suffers from a file disclosure vulnerability.