Oracle Java SE CVE-2014-6513 Remote Security Vulnerability
Monthly Archives: January 2017
Vuln: Oracle Java SE CVE-2014-6456 Remote Security Vulnerability
Oracle Java SE CVE-2014-6456 Remote Security Vulnerability
CVE-2017-5480
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
CVE-2017-5494
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
boomaga-0.8.0-6.git97f52c1.fc24
Update to 0.8.0-6.git97f52c1
Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege
Posted by Stefan Kanthak on Jan 15
Hi @ll,
the executable installers of SoftMaker’s FlexiPDF,
<http://www.softmaker.net/down/flexipdf2017.exe> and
<http://www.softmaker.net/down/flexipdfbasic2017.exe>, built
with the crapware known as “InnoSetup”, are vulnerable to DLL
hijacking: they load Windows DLLs from their “application
directory” instead Windows’ “system directory”: on Windows 7
at least UXTheme.dll and DWMAPI.dll.
This…
boomaga-0.8.0-6.git97f52c1.fc25
Update to 0.8.0-6.git97f52c1
Creating a culture of cybersecurity at work
With the digital threatscape proliferating exponentially – i.e. phishing emails increased almost 800 percent quarter-to-quarter in Q1 2016, to 6.3 million, while ransomware soared 300 percent year-over-year on its way to a billion-dollar-a-year problem – it’s important to remember that effective cybersecurity rests on three pillars – products and services, processes, and people. Simply throwing more money and resources at cybersecurity is not the answer: People are the key, and everybody has a role to play in effective cybersecurity.
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2939)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a file with malformed cross-reference table. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.
Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2951)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file.