Analysis of the latest firefox 0day attack-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015813114114594.jpg The Mozilla Foundation in the 8 May 6, as Firefox released a security update to fix the Firefox embedded PDF reader pdf. js in the cve-2 0 1 5-4 4 9 5 vulnerability. The vulnerability allows an attacker to bypass the same origin policy,in the local...

Mozilla Patches Bug Used in Active Attacks

UPDATE–Mozilla has released a patch for a vulnerability in Firefox that was discovered when a user found it being actively exploited in the wild. The bug affects Firefox’s PDF viewer and Mozilla officials said that the exploit being used by attackers right now looked for specific files on a...

Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...

Ubiquiti Inc.: JetBrains .idea project directory

Vulnerability description The .idea directory contains a set of configuration files .xml for your project. These configuration files contain information core to the project itself, such as names and locations of its component modules, compiler settings, etc. If you've defined a data source the fi...

China Telecom's Wing Pay App Has Multiple Vulnerabilities

Wing Pay is the business brand of China Telecom that operates payment and internet finance. Wing Pay APP 3.9.6 has multiple security vulnerabilities, including: global file read/write vulnerability; configuration file read/write vulnerability; trust arbitrary security certificate vulnerability;...

check-mk: multiple flaws fixed in versions 1.2.4p4 and 1.2.5i4

CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...

Oracle Endeca Information Discovery Integrator ETL Server MoveFile Remote Code Execution Vulnerability

This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists in the handling of the MoveFile...

UBUNTU-CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

CVE-2015-1150

The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.40-i486-1slack14.1.txz: Upgraded. This update fixes some security issues. Please note that this package build also moves t...

[SECURITY] Fedora 22 Update: cxf-build-utils-2.6.0-1.fc22

The Apache CXF Build Utils contains common utilities and configuration files that are used by multiple versions of the CXF builds...

[SECURITY] Fedora 22 Update: PyYAML-3.11-7.fc22

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)

SEC Consult Vulnerability Lab Security Advisory 20150410-0 ======================================================================= title: Unauthenticated Local File Disclosure product: Multiple TP-LINK products see Vulnerable / tested versions vulnerable version: Multiple see Vulnerable / tested...

Microsoft ASP.NET Information Disclosure Vulnerability

Microsoft .NET Framework is a system distributed by Microsoft to help developers build WEB-based applications. An information disclosure vulnerability exists in Microsoft ASP.NET. On systems with the customErrors configuration disabled, ASP.NET errors when processing requests for certain...

Schneider Electric VAMPSET Buffer Overflow Vulnerability

Schneider Electric VAMPSET is a suite of software from Schneider Electric, France, deployed in the energy industry to configure and maintain multiple relays and arc monitors. A buffer overflow vulnerability exists in Schneider Electric VAMPSET version 2.2.145 and earlier. A local attacker can...

Design/Logic Flaw

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file...

CVE-2014-5400

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file...

CVE-2014-5400 Hospira MedNet Password in Configuration File

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02056)

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...

Missing access control on Websense Explorer web folder

------------------------------------------------------------------------ Missing access control on Websense Explorer web folder ------------------------------------------------------------------------ Han Sahin, September 2014 ----------------------------------------------------------------------...