Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243.
Monthly Archives: February 2016
CVE-2016-0245
The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Linux/ARM Connect Back /bin/sh Shellcode
95 bytes small Linux/ARM connect back to ip:port with /bin/sh shellcode.
RHSA-2016:0309-1: Low: openstack-glance security update
Red Hat Enterprise Linux: Updated openstack-glance packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno)
for RHEL 7.
Red Hat Product Security has rated this update as having a Low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
CVE-2016-0757
RHSA-2016:0308-1: Moderate: rabbitmq-server security and bugfix update
Red Hat Enterprise Linux: Updated rabbitmq-server packages that fix two security issues and a bug
are now available for Red Hat Enterprise Linux OpenStack Platform
6.0 (Juno) for RHEL 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-9649, CVE-2014-9650
WordPress More Fields 2.1 Cross Site Request Forgery
WordPress More Fields plugin versions 2.1 and below suffer from a cross site request forgery vulnerability.
GpicView 0.2.5 Buffer Overflow
GpicView version 0.2.5 buffer overflow crash proof of concept exploit.
The security review: porn clicker trojans at Google Play
Highlights from the past seven days in information security include porn clicker trojans at Google Play, digital childhoods and the security/privacy debate.
The post The security review: porn clicker trojans at Google Play appeared first on We Live Security.
Fing 3.3.0 Persistent Mail Encoding
Fing version 3.3.0 suffers from a persistent mail encoding vulnerability.
UC Berkeley hit with another cyberattack
UC Berkeley has revealed that it was the victim of a major cyberattack, affecting up to 80,000 current and former members of staff and students.
The post UC Berkeley hit with another cyberattack appeared first on We Live Security.
