Xen CVE-2015-4105 Local Denial of Service Vulnerability
Monthly Archives: July 2016
DSA-3635 libdbd-mysql-perl – security update
Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl
DBI driver for the MySQL database server. A remote attacker can take
advantage of these flaws to cause a denial-of-service against an
application using DBD::mysql (application crash), or potentially to
execute arbitrary code with the privileges of the user running the
application.
Vuln: libarchive 'archive_write_zip_data()' Function Local Denial of Service Vulnerability
libarchive ‘archive_write_zip_data()’ Function Local Denial of Service Vulnerability
Vuln: libarchive 'archive_read_support_format_zip.c' Heap Buffer Overflow Vulnerability
libarchive ‘archive_read_support_format_zip.c’ Heap Buffer Overflow Vulnerability
Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (3)
This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.008 and Load Balancer Firmware <= v5.4.0.004 by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it’s possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
WordPress Ultimate Product Catalog 3.9.8 SQL Injection
WordPress Ultimate Product Catalog plugin versions 3.9.8 and below suffer from a remote unauthenticated blind SQL injection vulnerability.
Using VPN in the UAE? You'll Be Fined Up To $545,000 If Get Caught!
If you get caught using a VPN (Virtual Private Network) in Abu Dhabi, Dubai and the broader of United Arab Emirates (UAE), you could face temporary imprisonment and fines of up to $545,000 (~Dhs2 Million).
Yes, you heard that right.
Online Privacy is one of the biggest challenges in today’s interconnected world. The governments across the world have been found to be using the Internet to
Linux ARM/ARM64 perf_event_open() Arbitrary Memory Read
Linux ARM/ARM64 architectures suffer from an arbitrary memory read vulnerability in perf_event_open().
QRLJacking — Hacking Technique to Hijack QR Code Based Quick Login System
Do you know that you can access your WeChat, Line and WhatsApp chats on your desktop as well using an entirely different, but fastest authentication system?
It’s SQRL, or Secure Quick Response Login, a QR-code-based authentication system that allows users to quickly sign into a website without having to memorize or type in any username or password.
QR codes are two-dimensional barcodes that
CVE-2016-4469
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action.