Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1964.
Monthly Archives: June 2015
CVE-2015-1986
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938.
CVE-2015-2966
Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2015-4226
The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976.
Big Giveaway: Share Your Internet Security Story!
Everyone who has ever been online most likely had some kind of encounter with online security. Perhaps you’ve lost some (or even worse all) of your data or your device was invaded by an especially persistent virus. There are more than enough dangers out there! But fear no more: Sticky Password partnered with us and other companies to offer anyone who shares one of their true stories about encountering a danger like that the opportunity to win a cool security bundle – which by the way includes Avira Antivirus Pro!
The best thing: participating in the giveaway is rather easy: Send your story to [email protected]. That’s it. Now you only need to hope that you’ll be one of the lucky winners. The best thing about? Even if you don’t win you can help others by anonymously sharing your experiences and learning moments.
Are you not sure whether your story qualifies? Take a look at an example:
One winner of the giveaway shared some tips he has used when helping resolve “hundreds (maybe thousands) of computer problems for friends, family, and a host of clients. What can absolutely help is learning and following a set of behaviors with your PC, and knowing what a scam looks like.” His tips include: “Have a place [or someone who you can trust] to get questions answered: the dumbest question is the one you never ask.” and “Install some sort of ad-blocking software, or learn how to tell whether or not a popup is a legitimate message.”
Good luck everyone!
The post Big Giveaway: Share Your Internet Security Story! appeared first on Avira Blog.
CVE-2014-9734
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.
CVE-2014-9735
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for WordPress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.
CVE-2015-5148
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
CVE-2015-5149
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
CVE-2015-5150
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.