MESS version 0.154-3.1 suffers from a buffer overflow vulnerability.
Monthly Archives: April 2016
Windows XP: The zombie OS ‘lives’ on
Despite the fact that there haven’t been any security updates or patches rolled out for Windows XP – with some industrial solutions being the exception – the system still runs on almost every tenth computer worldwide.
The post Windows XP: The zombie OS ‘lives’ on appeared first on We Live Security.
WP Multiple Meta Box v1.0 – SQL Injection Vulnerability
Posted by Vulnerability Lab on Apr 08
Document Title:
===============
WP Multiple Meta Box v1.0 – SQL Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1818
Release Date:
=============
2016-04-08
Vulnerability Laboratory ID (VL-ID):
====================================
1818
Common Vulnerability Scoring System:
====================================
5.8
Product & Service Introduction:…
AccelSite Content Manager v1.0 – SQL Injection Vulnerability
Posted by Vulnerability Lab on Apr 08
Document Title:
===============
AccelSite Content Manager v1.0 – SQL Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1817
Release Date:
=============
2016-04-07
Vulnerability Laboratory ID (VL-ID):
====================================
1817
Common Vulnerability Scoring System:
====================================
7.2
Product & Service Introduction:…
Google may adopt Apple's Swift Programming Language for Android
Almost two years back, Apple introduced Swift programming language at its World Wide Developers Conference (WWDC) to the developers who build software applications for Apple devices.
Swift was designed to make it easier for developers to create apps for Apple’s mobile platform. Usually developers write complete app code and then compile it to see output, but Swift helps them see results in
JPEGSnoop 1.7.3 DLL Hijacking
JPEGSnoop versions 1.7.3 and below suffer from a dll hijacking vulnerability.
Adobe Releases Updates for Flash Player
Original release date: April 08, 2016
Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB16-10 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Latest Flash Zero Day Being Used to Push Ransomware
Exploits for an Adobe Flash Player zero day vulnerability have been folded into two exploit kits that are distributing ransomware to infected machines.
CVE-2015-8840
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.
CVE-2016-2512
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://[email protected]. (CVSS:4.3) (Last Update:2016-06-15)