Simple PHP Polling System suffers from cross site scripting, password reset, and remote SQL injection vulnerabilities.
Monthly Archives: January 2016
Is free Wi-Fi Safe?
Public networks are so convenient, they’ve popped up everywhere: cafes, airports, shopping centers. They’re almost everywhere.
But be warned: since your data is traveling through the air—sometimes completely unprotected—hackers could be listening in.
Bad guys could:
- Eavesdrop on what you are doing
- Steal your passwords
- Intercept your communications and alter them, aka a Man-in-the-middle attack
When you’re connecting to an unknown Wi-Fi or network, ask yourself these questions:
- Who owns the network?
- Who else is on the network?
If you don’t know the answers to those questions, don’t do sensitive things like shop or bank online. Wait until you’re home or on a network you trust.
If you absolutely must access your bank accounts or shop for things, use a VPN like AVG Safe Surf to stay protected.
Microsoft Windows 10 is now Installed on over 200 Million Devices
Windows 10 here, Windows 10 there, and it is everywhere.
This is exactly what Microsoft dreamed of, and it seems like the company is actively working to reach its One Billion goal by the end of 2017 or mid-2018.
Proudly announcing its first huge success, Microsoft reported that its newest Windows 10 operating system is now officially installed on more than 200 Million devices worldwide
Bugtraq: [SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability
[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability
Bugtraq: Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
Bugtraq: Confluence Vulnerabilities
Confluence Vulnerabilities
Bugtraq: CVE-2015-7944, CVE-2015-7945 – Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
CVE-2015-7944, CVE-2015-7945 – Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
CVE-2014-5040
HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.
CVE-2015-6432
Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486.
F5 BIG-IP Improper Input Validation
F5 BIG-IP suffers from an input validation vulnerability that can lead to denial of service and possibly code execution.