Full Disclosure
Posted by Vulnerability Lab on Mar 31
Document Title:
===============
Hi Technology & Services CMS – SQL Injection Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1785
Release Date:
=============
2016-03-22
Vulnerability Laboratory ID (VL-ID):
====================================
1785
Common Vulnerability Scoring System:
====================================
7.4
Product & Service Introduction:…
Posted by Vulnerability Lab on Mar 31
Document Title:
===============
Patron Info System – SQL Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1784
Release Date:
=============
2016-03-21
Vulnerability Laboratory ID (VL-ID):
====================================
1784
Common Vulnerability Scoring System:
====================================
7.6
Product & Service Introduction:
===============================…
Posted by Vulnerability Lab on Mar 30
Document Title:
===============
PayPal Bug Bounty #121 – (Profile) Filter Bypass & Persistent Web
Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1627
ID: EIBBP-32725
Video: http://www.vulnerability-lab.com/get_content.php?id=1697
Release Date:
=============
2016-03-30
Vulnerability Laboratory ID (VL-ID):
====================================
1627
Common Vulnerability Scoring…
Posted by Apple Product Security on Mar 23
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update
2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available
and addresses the following:
apache_mod_php
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions…
Posted by Apple Product Security on Mar 23
APPLE-SA-2016-03-21-4 Xcode 7.3
Xcode 7.3 is now available and addresses the following:
otool
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes
(@squiffy)
subversion…
Posted by Apple Product Security on Mar 23
APPLE-SA-2016-03-21-3 tvOS 9.2
tvOS 9.2 is now available and addresses the following:
FontParser
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro’s…
Posted by Apple Product Security on Mar 23
APPLE-SA-2016-03-21-7 OS X Server 5.1
OS X Server 5.1 is now available and addresses the following:
Server App
Available for: OS X Yosemite v10.10.5 and later
Impact: An administrator may unknowingly store backups on a volume
without permissions enabled
Description: An issue in Time Machine server did not properly warn
administrators if permissions were ignored when performing a server
backup. This issue was addressed through improved…
Posted by Apple Product Security on Mar 23
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari…
Posted by Apple Product Security on Mar 23
APPLE-SA-2016-03-21-2 watchOS 2.2
watchOS 2.2 is now available and addresses the following:
Disk Images
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1717 : Frank…
Posted by Apple Product Security on Mar 23
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID…