Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors and use-after-frees may lead to the execution of arbitrary code
or denial of service.
All posts by 007admin
FCC Pushed To Tighten Net Neutrality Wireless Rules
Amazon Kindle Vulnerability Lets Hackers Take Over Your Account
Android Bug Allowing SOP Bypass 'A Privacy Disaster'
Archie Exploit Kit Targets Adobe, Silverlight Vulnerabilities
A relatively new exploit kit that exploits old versions of Adobe Flash, Reader and, Silverlight has begun to make the rounds.
Ubuntu Security Notice USN-2348-1
Ubuntu Security Notice 2348-1 – It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn’t met. It was discovered that APT did not invalidate repository data when it switched from an unauthenticated to an authenticated state. It was discovered that the APT Acquire::GzipIndexes option caused APT to skip checksum validation. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS, and was not enabled by default. Various other issues were also addressed.
Delphi And C++ Builder VCL Library Heap Buffer Overflow
Core Security Technologies Advisory – Applications developed with Delphi and C++ Builder that use the specific integrated graphic library detailed in this advisory are prone to a security vulnerability when processing malformed BMP files.
Cart Engine 3.0 XSS / Open Redirect / SQL Injection
Cart Engine version 3.0 suffers from cross site scripting, open redirection, and remote SQL injection vulnerabilities.
Laravel 2.1 Hash::make() bcrypt Truncation
Laravel version 2.1 fails to check length prior to password hash creation allowing for possible hash collisions for secrets over 72 characters.
Phpwiki Ploticus Remote Code Execution
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via command injection.