The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
Monthly Archives: May 2016
CVE-2016-2015
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-2016
Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.
JVC XSS / CSRF / Header Injection / Weak Credentials
Various JVC products suffer from having weak and poorly protected credentials, cross site request forgery, cross site scripting, header injection, and information disclosure vulnerabilities.
eXtplorer 2.1.9 Path Traversal
eXtplorer version 2.1.9 suffers from a traversal vulnerability.
Microsoft Security Bulletin Revision Increment For May, 2016
This bulletin summary lists two bulletins that have undergone a major revision increment.
Malware-Laced Porn Apps Behind Wave of Android Lockscreen Attacks
Dell SonicWALL Threats Research Team says incidents of Android lockscreen malware masquerading as porn apps is a growing concern.
CakePHP Framework 3.2.4 IP Spoofing
CakePHP Framework versions 3.2.4 and below suffer from a vulnerability that allows users to spoof the source IP address logged by the server.
Microsoft removes its controversial Windows 10 Wi-Fi Sense Password Sharing Feature
Microsoft has finally decided to remove one of its controversial features Wi-Fi Sense network sharing feature from Windows 10 that shares your WiFi password with your Facebook, Skype and Outlook friends and enabled by default.
With the launch of Windows 10 last year, Microsoft introduced Wi-Fi Sense network sharing feature aimed at making it easy to share your password-protected WiFi network
runAV mod_security Remote Command Execution
runAV with mod_security suffers from a command injection vulnerability that leads to privilege escalation providing the clamscan binary is setuid.