extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.
Monthly Archives: June 2016
CVE-2016-1701
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.
CVE-2016-1702
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.
CVE-2016-1703
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
WordPress Levo-Slideshow 2.3 Shell Upload
WordPress Levo-Slideshow plugin version 2.3 suffers from a remote shell upload vulnerability.
Saudi Softech 5.0.1 Cross Site Scripting / SQL Injection
Saudi Softech version 5.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
Evilgrade – The Update Exploitation Framework 2.0.7
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.
Comment on Panda Security makes your digital life easier and safer thanks to its new multi-device solutions by mithu golder
i lost my panda internet security. How to solved my internet security. please help me?
CVE-2016-1212
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
CVE-2016-1222
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.