Posted by flanker on May 26
The Credit of this vulnerability is to
Qidan He (@flanker_hqd) from KeenLab(http://keenlab.tencent.com), Tencent.
——————
Sincerely
Qidan (a.k.a Flanker)
—————— Original ——————
From: “flanker”<i () flanker017 me>;
Date: Thu, May 26, 2016 03:27 PM
To: “fulldisclosure”<fulldisclosure () seclists org>;
Subject: CVE-2015-3854 Battery permission leakage in Android
Hi:…
Posted by Peter Kok on May 26
Hi Ulisses,
The XSS found is a different one. The one mentioned on
https://github.com/nilsteampassnet/TeamPass/issues/1244 has a screenshot
where the XSS is inserted when creating a new role and by preventing the
javascript filters to execute. A new role can only be created by the
admin user. This XSS is also performed by inserting the <script> tag,
this tag does not work in the new found bug.
The new found
XSS(…
Micro Focus Rumba+ version 9.4 suffers from multiple stack buffer overflow vulnerabilities.
Red Hat Security Advisory 2016-1135-01 – Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems – such as multiple databases, XML files, and even Hadoop systems – appear as a set of tables in a local database. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.
Multi-million dollar thefts with the SWIFT system have five security lessons for ordinary people.
The post SWIFT-ly goes the money appeared first on Avira Blog.
Just when it seemed that the recent raft of WhatsApp scams were coming to a close, we have discovered a new one. This time it involves Burger King.
The post Beware Burger King WhatsApp scam: It’s a trap appeared first on We Live Security.
Real Estate Portal version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.
Real Estate Portal version 4.1 suffers from a remote code execution vulnerability via a remote shell upload.
EduSec version 4.2.5 suffers from multiple remote SQL injection vulnerabilities.
There has been a notable escalation in phishing attacks in 2016, according to a new report from the Anti-Phishing Working Group (APWG).
The post Phishing attacks on the rise appeared first on We Live Security.
