Joomla SecurityCheck component version 2.8.9 suffers from cross site scripting and remote SQL injection vulnerabilities.
Monthly Archives: June 2016
CVE-2016-0288 (security_appscan)
IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-4500 (uc-7408_lx-plus, uc-7408_lx-plus_firmware)
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
Liferay CE Stored Cross Site Scripting
Liferay CE versions prior to 6.2 CE GA6 suffer from a persistent cross site scripting vulnerability.
PHPList 3.2.4 Cross Site Request Forgery / Cross Site Scripting
PHPList version 3.2.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
427 Million Myspace Passwords leaked in major Security Breach
MySpace has suffered a major data breach in which hundreds of Millions of users have had their account details compromised.
You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website.
<!– adsense –>
On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace
AjaxExplorer 1.10.3.2 CSRF / XSS / Command Execution
AjaxExplorer version 1.10.3.2 suffers from cross site request forgery, cross site scripting, and remote command execution vulnerabilities.
FreeBSD Security Advisory – FreeBSD-SA-16:20.linux
FreeBSD Security Advisory – The implementation of the TIOCGSERIAL ioctl(2) does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo() system call does not clear the output struct before copying it out to userland. An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or terminal buffers, which an attacker might leverage to obtain elevated privileges.
KeePass 2 Man-In-The-Middle
KeePass 2’s update check suffers from a man-in-the-middle vulnerability.
HP Security Bulletin HPSBGN03609 1
HP Security Bulletin HPSBGN03609 1 – Several potential security vulnerabilities have been identified in HPE LoadRunner and Performance Center. These vulnerabilities could be exploited remotely to allow code execution, and Denial of Service (DoS). Revision 1 of this advisory.