The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
Monthly Archives: May 2016
CVE-2016-4544
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
CVE-2016-4566
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
CVE-2016-4567
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via the query string.
DSA-3585 wireshark – security update
Multiple vulnerabilities were discovered in the dissectors/parsers for
PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.
Top Websites Using Audio Fingerprinting to Secretly Track Web Users
Despite browsing incognito, blocking advertisements, or hiding your tracks, some websites monitor and track your every move online using a new web-tracking technique called Audio Fingerprinting.
This new fingerprinting technique can be utilized by technology and marketing companies to deliver targeted advertisements as well as by law enforcement to unmask VPN or Anonymous users, without even
Postfix Admin 2.93 Cross Site Request Forgery
Postfix Admin version 2.93 suffers from a cross site request forgery vulnerability.
Bug Hunter Found Ways to Hack Any Instagram Accounts
How to hack an Instagram account?
The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties.
Belgian bug bounty hunter Arne Swinnen discovered two vulnerabilities in image-sharing social network Instagram that allowed him to brute-force Instagram account passwords and take over user accounts with minimal efforts.
<!– adsense –>
Both
Ecuador Bank Hacked — $12 Million Stolen in 3rd Attack on SWIFT System
Bangladesh is not the only bank that had become victim to the cyber heist. In fact, it appears to be just a part of the widespread cyber attack on global banking and financial sector by hackers who target the backbone of the world financial system, SWIFT.
Yes, the global banking messaging system that thousands of banks and companies around the world use to transfer Billions of dollars in
CVE-2016-1401
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.