Posted by Larry W. Cashdollar on Mar 02
Title: Remote file upload vulnerability in WordPress Plugin Mobile App Native 3.0
Vulnerability Date: 2017-02-27
Download: https://wordpress.org/plugins/zen-mobile-app-native/
Vendor: https://profiles.wordpress.org/zendkmobileapp/
Notified: 2017-02-27
Description: Mobile App WordPress plugin lets you turn your website into a full-featured mobile application in minutes
using Mobile App Builder.
Vulnerability: The code in file…
Posted by Black Arch on Mar 02
Dear list,
We’ve released the new BlackArch Linux ISOs along with many
improvements. They include more than 1700 tools now. The armv6h,
armv7h and aarch64 repositories are filled with about 1600 tools.
A short ChangeLog of the Live-ISOs:
– add more than 50 new tools
– update blackarch installer to version 0.3.3
– fix several tools (dependencies, installs, …)
– include linux kernel 4.9.11
– updated all system packages
-…
WordPress Adminer plugin version 1.4.4 suffers from an interface exposure issue.
Xabber XMPP Client CVE-2017-5606 User Impersonation Vulnerability
QEMU ‘hw/display/cirrus_vga.c’ Remote Code Execution Vulnerability
QEMU CVE-2017-5956 Denial of Service Vulnerability
Linux Kernel ‘drivers/infiniband/sw/rxe/rxe_mr.c’ Local Integer Overflow Vulnerability
The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.
Persistent XSS Vulnerability in WordPress plugin AnyVar v0.1.1.
Remote file upload vulnerability in WordPress Plugin Mobile App Native 3.0.